OpenSSH

OpenSSH is a SSH client (ssh(1)) and server (sshd(8)).

Contents

  1. OpenSSH
    1. Installation
    2. Setup
      1. Require Authentication by Key
      2. Login Messages
    3. Usage
    4. See also

Installation

Most Linux and BSD distributions will have ssh(1) and sshd(8) installed. Otherwise, they will be available in an openssl package.

Furthermore, many Linux distributions have sshd(8) running by default.

For systemd(1)-capable systems, start and enable sshd.service.

For OpenRC-based systems, start and add the sshd service.

For BSDs, start the sshd service. To have it automatically start on boot, try editing /etc/rc.conf like: 

sshd_enable="YES"

Windows systems preferring access by RDP.

Setup

Require Authentication by Key

To require that all client logins use keys, use: 

PubkeyAuthentication   yes
AuthorizedKeysFile     .ssh/authorized_keys
PasswordAuthentication no

To make an exception for a user, add at the bottom of the file: 

Match User git
  PasswordAuthentication yes
Match all

To make an exception for the local network, add (also at the bottom of the file): 

Match Address 192.168.*.*
  PasswordAuthentication yes
Match all

Login Messages

Usually any messages printed on login are actually handled by PAM. This can be tricky to configure, so instead disable the default login messages and configure the shell profile to print the desired messages.

To disable all PAM login messages for a user, try: 

touch ~/.hushlogin

Note that default PAM configurations print /etc/motd and the output of /usr/bin/lastlog --user USERNAME on login.

Usage

The primary use of ssh(1) is to access a remote host: 

ssh [email protected]

See here for details on creating and using SSH tunnels.

See also

ssh(1)

sshd(8)

SSHKeyGen

SSH

CategoryRicottone

Encryption/OpenSSH (last edited 2023-04-06 16:23:08 by DominicRicottone)