Back to main index

Secure Shell

Install openssh with:

yum install openssh

Configure ssh client
emacs /etc/ssh/ssh_config

Host *
HashKnownHosts yes
StrictHostKeyChecking ask
Protocol 2

Configure ssh daemon
emacs /etc/ssh/sshd_config

Port 22
ListenAddress 0.0.0.0
# HostKey - do not change these lines; Host identity defers a man-in-the-middle attack.
Protocol 2
PermitRootLogin no
MaxAuthTries 6
MaxSessions 10
PubkeyAuthentication yes
PasswordAuthentication no
ChallengeResponseAuthentication no
AllowUsers mihai

Open ssh port 22 in firewall (iptables)

Check /etc/hosts.allow and /hosts.deny

Start the service

systemctl  enable  sshd.service
systemctl  start   sshd

Login to server with the user account and generate the ssh keys

Generate an ECDSA (Elliptic Curve Digital Signature Algorithm) on 521 bits - cannot be imported by Putty

ssh-keygen -b 521 -t ecdsa

Generate a RSA (Rivest-Shamir-Adleman) on 4096 bits -can be imported by Putty

ssh-keygen -t rsa -b 4096

Use ecdsa or rsa suffix depending on which key was created

The public key (id_ecdsa.pub / id_rsa.pub) contains data for the server

The private key (id_ecdsa / id_rsa) contains private data for the client (mobile@localdomain)

cat ~/.ssh/id_ecdsa.pub
cat ~/.ssh/id_ecdsa
cat ~/.ssh/id_ecdsa.pub >> ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys

Copy the keys from the remote computer to local computer.
You should not be logged into the remote computer.
scp does not require a pre-existing ssh connection.
scp example 1 and scp example 2

scp mihai@138.68.68.112:/home/mihai/.ssh/id_ecdsa      /home/mihai
scp mihai@$DIGITALOCEAN:/home/mihai/.ssh/id_ecdsa.pub  /home/mihai

You can remove the keys from the server.

rm ~/.ssh/id_ecdsa
rm ~/.ssh/id_ecdsa.pub

Restart ssh to test the new key.

systemctl restart sshd.service
systemctl status sshd.service

You have now the private key (id_ecdsa) on client computer (mobile#localdomain)

mv ~/.ssh/id_ecdsa ~/.ssh/id_ecdsa_home_key
chmod 400 ~/.ssh/id_ecdsa_home_key

I do not set a ssh-agent as I need to remember always the pass-phrase for my keys

Login into sshd on my home server (192.168.0.128, port 22)

ssh -l mihai -i ~/.ssh/id_ecdsa_home_key 192.168.0.128

ssh login with X11 forwarding

ssh -X -l mihai -i ~/.ssh/id_ecdsa_home_key  192.168.0.128

ssh login with tunnelling to C7 running in virtualbox

ssh -L 5903:192.168.0.18:5903 -i ~/.ssh/id_rsa_c7 -l mihai 192.168.0.18

Set up a connection alias

emacs ~/.bashrc

alias server='ssh -l mihai -i ~/.ssh/id_rsa_home_key 192.168.0.128'

# copy files into server's home over ssh
scp_copy(){
    scp -i $HOME/.ssh/id_rsa_home_key $1  mihai@vasilian.net:$HOME
}

alias scp2server=scp_copy

Back to main index