SSH

Secure Shell (SSH) is a protocol that enables remote access to a server. It encompasses both the client-side application (ssh) and the server-side daemon (sshd). The most common implementation for Linux and BSD is OpenSSH.

Setup

On Linux, sshd runs by default. On BSDs, you will need to enable it. In /etc/rc.conf:

sshd_enable="YES"

Require Authentication by Key

To require that all logins use keys, use:

PubkeyAuthentication   yes
AuthorizedKeysFile     .ssh/authorized_keys
PasswordAuthentication no

To make an exception for a user, add at the bottom of the file:

Match User git
  PasswordAuthentication yes
Match all

To make an exception for the local network, add (also at the bottom of the file):

Match Address 192.168.*.*
  PasswordAuthentication yes
Match all

Login Messages

Usually any messages printed on login are actually handled by PAM. This can be tricky to configure, so instead disable all login messages and recreate any desired messages.

To disable all PAM login messages for a user, just:

touch ~/.hushlogin

Default PAM configurations print /etc/motd and the output of /usr/bin/lastlog --user USERNAME. These can just as easily be added to ~/.bashrc.

CategoryRicottone