SSH

Secure Shell (SSH) is a protocol that enables remote access to a server. This is primarily a Linux and BSD feature, with Windows systems preferring access by RDP. The most common implementation is the OpenSSH project.

The server-side service is sshd(8), while there are various client-side programs such as ssh(1) or PuTTY.

Installation

Client

If necessary, install openssh. Most Linux and BSD distributions will include it by default.

On Windows, try PuTTY and hope it works.

Server

Many Linux distributions have openssh installed and sshd(8) running by default. This is especially true of ISOs meant for server boxes.

For systemd(1)-capable systems, start and enable sshd.service.

Otherwise try service sshd enable or setting the following in /etc/rc.conf:

sshd_enable="YES"

Configuration

Require Authentication by Key

To require that all client logins use keys, use:

PubkeyAuthentication   yes
AuthorizedKeysFile     .ssh/authorized_keys
PasswordAuthentication no

To make an exception for a user, add at the bottom of the file:

Match User git
  PasswordAuthentication yes
Match all

To make an exception for the local network, add (also at the bottom of the file):

Match Address 192.168.*.*
  PasswordAuthentication yes
Match all

Login Messages

Usually any messages printed on login are actually handled by PAM. This can be tricky to configure, so instead disable the default login messages and configure the shell profile to print the desired messages.

To disable all PAM login messages for a user, try:

touch ~/.hushlogin

Note that default PAM configurations print /etc/motd and the output of /usr/bin/lastlog --user USERNAME on login.

CategoryRicottone