Differences between revisions 1 and 8 (spanning 7 versions)
Revision 1 as of 2020-01-16 04:45:26
Size: 491
Editor: DominicRicottone
Comment:
Revision 8 as of 2022-09-09 18:14:35
Size: 1613
Editor: DominicRicottone
Comment:
Deletions are marked like this. Additions are marked like this.
Line 2: Line 2:

'''Secure Shell''' ('''SSH''') is a protocol that enables remote access to a server. The most common implementation for Linux and BSD is '''OpenSSH'''.

Note that the server service `sshd(8)` is distinct from client implementations, such as `ssh(1)` or PuTTY.

<<TableOfContents>>
Line 7: Line 13:
== Login Messages == == Client Installation ==

----



== Server Installation ==

Many Linux distributions have `openssh` installed and `sshd(8)` running by default.

For a systemd
On BSDs, you will need to enable it. In `/etc/rc.conf`:

{{{
sshd_enable="YES"
}}}

----



== Server Configuration ==



=== Require Authentication by Key ===

To require that all logins use keys, use:

{{{
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
PasswordAuthentication no
}}}

To make an exception for a user, add '''''at the bottom of the file''''':

{{{
Match User git
  PasswordAuthentication yes
Match all
}}}

To make an exception for the local network, add ('''''also'' at the bottom of the file'''):

{{{
Match Address 192.168.*.*
  PasswordAuthentication yes
Match all
}}}



=== Login Messages ===

SSH

Secure Shell (SSH) is a protocol that enables remote access to a server. The most common implementation for Linux and BSD is OpenSSH.

Note that the server service sshd(8) is distinct from client implementations, such as ssh(1) or PuTTY.

Contents

  1. SSH
    1. Client Installation
    2. Server Installation
    3. Server Configuration
      1. Require Authentication by Key
      2. Login Messages

Client Installation

Server Installation

Many Linux distributions have openssh installed and sshd(8) running by default.

For a systemd On BSDs, you will need to enable it. In /etc/rc.conf: 

sshd_enable="YES"

Server Configuration

Require Authentication by Key

To require that all logins use keys, use: 

PubkeyAuthentication   yes
AuthorizedKeysFile     .ssh/authorized_keys
PasswordAuthentication no

To make an exception for a user, add at the bottom of the file: 

Match User git
  PasswordAuthentication yes
Match all

To make an exception for the local network, add (also at the bottom of the file): 

Match Address 192.168.*.*
  PasswordAuthentication yes
Match all

Login Messages

Usually any messages printed on login are actually handled by PAM. This can be tricky to configure, so instead disable all login messages and recreate any desired messages.

To disable all PAM login messages for a user, just: 

touch ~/.hushlogin

Default PAM configurations print /etc/motd and the output of /usr/bin/lastlog --user USERNAME. These can just as easily be added to ~/.bashrc.

CategoryRicottone

Encryption/OpenSSH (last edited 2023-04-06 16:23:08 by DominicRicottone)