Back to main index

Secure Shell

Install openssh with:

dnf install openssh

Configure ssh client
emacs /etc/ssh/ssh_config 

Host *
HashKnownHosts yes
StrictHostKeyChecking ask
Protocol 2

Configure ssh daemon
emacs /etc/ssh/sshd_config 

Port 22
ListenAddress 0.0.0.0
# HostKey - do not change these lines; Host identity defers a man-in-the-middle attack.
Protocol 2
PermitRootLogin no
MaxAuthTries 6
MaxSessions 10
PubkeyAuthentication yes
PasswordAuthentication no
ChallengeResponseAuthentication no
AllowUsers mihai

Open ssh port 22 in firewall (iptables)

Check /etc/hosts.allow and /hosts.deny

Start the service 

systemctl  enable  sshd.service
systemctl  start   sshd

Login to server with the user account and generate the ssh keys

Generate a RSA (Rivest-Shamir-Adleman) on 4096 bits -can be imported by Putty

ssh-keygen -t rsa -b 4096

The public key id_rsa.pub contains data for the server

The private key id_rsa contains private data for the client (mobile@localdomain) 

cat ~/.ssh/id_rsa.pub
cat ~/.ssh/id_rsa
cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys

Copy the keys from the remote computer to local computer.
You should not be logged into the remote computer.
scp does not require a pre-existing ssh connection.
scp example 1 and scp example 2 

scp mihai@64.227.114.160:/home/mihai/.ssh/id_rsa     /home/mihai
scp mihai@$DIGITALOCEAN:/home/mihai/.ssh/id_rsa.pub  /home/mihai

You can remove the keys from the server.

rm ~/.ssh/id_rsa
rm ~/.ssh/id_rsa.pub

Restart ssh to test the new key.

systemctl restart sshd.service
systemctl status  sshd.service

You have now the private key (id_rsa) on client computer (mobile#localdomain)

mv ~/.ssh/id_rsa ~/.ssh/id_rsa_home_key
chmod 400 ~/.ssh/id_rsa_home_key

I do not set a ssh-agent as I need to remember always the pass-phrase for my keys

Login into sshd on my home server (192.168.0.128, port 22)

ssh -l mihai -i ~/.ssh/id_rsa_home_key 192.168.0.128

ssh login with X11 forwarding

ssh -X -l mihai -i ~/.ssh/id_rsa_home_key  192.168.0.128

ssh login with tunnelling to C7 running in virtualbox

ssh -L 5903:192.168.0.18:5903 -i ~/.ssh/id_rsa_c7 -l mihai 192.168.0.18

Set up a connection alias

emacs ~/.bashrc

alias server='ssh -l mihai -i ~/.ssh/id_rsa_home_key 192.168.0.128'

# copy files into server's home over ssh
scp_copy(){
    scp -i $HOME/.ssh/id_rsa_home_key $1  mihai@vasilian.net:$HOME
}

alias scp2server=scp_copy

Back to main index