|
Size: 1613
Comment:
|
Size: 2293
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 1: | Line 1: |
| = SSH = | = OpenSSH = |
| Line 3: | Line 3: |
| '''Secure Shell''' ('''SSH''') is a protocol that enables remote access to a server. The most common implementation for Linux and BSD is '''OpenSSH'''. | '''OpenSSH''' is a [[Encryption/SSH|SSH]] client and server. |
| Line 5: | Line 5: |
| Note that the server service `sshd(8)` is distinct from client implementations, such as `ssh(1)` or PuTTY. | OpenSSH is widely deployed on [[Linux]] and [[BSD]] operating systems, with Windows systems preferring access by [[Protocols/RDP|RDP]]. The service is `sshd(8)` and the utility is `ssh(1)`. |
| Line 13: | Line 15: |
| == Client Installation == | == Installation == |
| Line 15: | Line 17: |
| ---- | Most [[Linux]] and [[BSD]] distributions will have `ssh(1)` and `sshd(8)` installed. Otherwise, they will be available in an `openssl` package. |
| Line 17: | Line 19: |
| Furthermore, many Linux distributions have `sshd(8)` running by default. | |
| Line 18: | Line 21: |
| For `systemd(1)`-capable systems, [[Linux/Systemd|start and enable]] `sshd.service`. | |
| Line 19: | Line 23: |
| == Server Installation == | For OpenRC-based systems, [[Linux/OpenRC|start and add]] the `sshd` service. |
| Line 21: | Line 25: |
| Many Linux distributions have `openssh` installed and `sshd(8)` running by default. For a systemd On BSDs, you will need to enable it. In `/etc/rc.conf`: |
For BSDs, [[BSD/Init|start]] the `sshd` service. To have it automatically start on boot, try editing `/etc/rc.conf` like: |
| Line 34: | Line 35: |
| == Server Configuration == | == Setup == |
| Line 40: | Line 41: |
| To require that all logins use keys, use: | To require that all client logins use keys, use: |
| Line 68: | Line 69: |
| Usually any messages printed on login are actually handled by PAM. This can be tricky to configure, so instead disable all login messages and recreate any desired messages. | Usually any messages printed on login are actually handled by PAM. This can be tricky to configure, so instead disable the default login messages and configure the shell profile to print the desired messages. |
| Line 70: | Line 71: |
| To disable all PAM login messages for a user, just: | To disable all PAM login messages for a user, try: |
| Line 76: | Line 77: |
| Default PAM configurations print `/etc/motd` and the output of `/usr/bin/lastlog --user USERNAME`. These can just as easily be added to `~/.bashrc`. | Note that default PAM configurations print `/etc/motd` and the output of `/usr/bin/lastlog --user USERNAME` on login. ---- == Usage == The primary use of `ssh(1)` is to access a remote host: {{{ ssh [email protected] }}} See [[Encryption/OpenSSH/Tunnels|here]] for details on creating and using SSH tunnels. ---- == See also == [[https://man.archlinux.org/man/core/openssh/ssh.1.en|ssh(1)]] [[https://man.archlinux.org/man/core/openssh/sshd.8.en|sshd(8)]] |
OpenSSH
OpenSSH is a SSH client and server.
OpenSSH is widely deployed on Linux and BSD operating systems, with Windows systems preferring access by RDP.
The service is sshd(8) and the utility is ssh(1).
Installation
Most Linux and BSD distributions will have ssh(1) and sshd(8) installed. Otherwise, they will be available in an openssl package.
Furthermore, many Linux distributions have sshd(8) running by default.
For systemd(1)-capable systems, start and enable sshd.service.
For OpenRC-based systems, start and add the sshd service.
For BSDs, start the sshd service. To have it automatically start on boot, try editing /etc/rc.conf like:
sshd_enable="YES"
Setup
Require Authentication by Key
To require that all client logins use keys, use:
PubkeyAuthentication yes AuthorizedKeysFile .ssh/authorized_keys PasswordAuthentication no
To make an exception for a user, add at the bottom of the file:
Match User git PasswordAuthentication yes Match all
To make an exception for the local network, add (also at the bottom of the file):
Match Address 192.168.*.* PasswordAuthentication yes Match all
Login Messages
Usually any messages printed on login are actually handled by PAM. This can be tricky to configure, so instead disable the default login messages and configure the shell profile to print the desired messages.
To disable all PAM login messages for a user, try:
touch ~/.hushlogin
Note that default PAM configurations print /etc/motd and the output of /usr/bin/lastlog --user USERNAME on login.
Usage
The primary use of ssh(1) is to access a remote host:
ssh [email protected]
See here for details on creating and using SSH tunnels.