|
Size: 1613
Comment:
|
Size: 2036
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 3: | Line 3: |
| '''Secure Shell''' ('''SSH''') is a protocol that enables remote access to a server. The most common implementation for Linux and BSD is '''OpenSSH'''. | '''Secure Shell''' ('''SSH''') is a protocol that enables remote access to a server. This is primarily a Linux and BSD feature, with Windows systems preferring access by [[RemoteDesktopProtocol|RDP]]. The most common implementation is the '''OpenSSH''' project. |
| Line 5: | Line 5: |
| Note that the server service `sshd(8)` is distinct from client implementations, such as `ssh(1)` or PuTTY. | The server-side service is `sshd(8)`, while there are various client-side programs such as `ssh(1)` or PuTTY. |
| Line 13: | Line 13: |
| == Client Installation == ---- |
== Installation == |
| Line 19: | Line 17: |
| == Server Installation == | === Client === |
| Line 21: | Line 19: |
| Many Linux distributions have `openssh` installed and `sshd(8)` running by default. | If necessary, install `openssh`. Most Linux and BSD distributions will include it by default. |
| Line 23: | Line 21: |
| For a systemd On BSDs, you will need to enable it. In `/etc/rc.conf`: |
On Windows, try PuTTY and hope it works. === Server === Many Linux distributions have `openssh` installed and `sshd(8)` running by default. This is especially true of ISOs meant for server boxes. For `systemd(1)`-capable systems, [[Linux/Systemd|start and enable]] `sshd.service`. For `init`-based systems, try `service sshd enable` or setting the following in `/etc/rc.conf`: |
| Line 34: | Line 41: |
| == Server Configuration == | == Configuration == |
| Line 40: | Line 47: |
| To require that all logins use keys, use: | To require that all client logins use keys, use: |
| Line 68: | Line 75: |
| Usually any messages printed on login are actually handled by PAM. This can be tricky to configure, so instead disable all login messages and recreate any desired messages. | Usually any messages printed on login are actually handled by PAM. This can be tricky to configure, so instead disable the default login messages and configure the shell profile to print the desired messages. |
| Line 70: | Line 77: |
| To disable all PAM login messages for a user, just: | To disable all PAM login messages for a user, try: |
| Line 76: | Line 83: |
| Default PAM configurations print `/etc/motd` and the output of `/usr/bin/lastlog --user USERNAME`. These can just as easily be added to `~/.bashrc`. | Note that default PAM configurations print `/etc/motd` and the output of `/usr/bin/lastlog --user USERNAME` on login. |
SSH
Secure Shell (SSH) is a protocol that enables remote access to a server. This is primarily a Linux and BSD feature, with Windows systems preferring access by RDP. The most common implementation is the OpenSSH project.
The server-side service is sshd(8), while there are various client-side programs such as ssh(1) or PuTTY.
Installation
Client
If necessary, install openssh. Most Linux and BSD distributions will include it by default.
On Windows, try PuTTY and hope it works.
Server
Many Linux distributions have openssh installed and sshd(8) running by default. This is especially true of ISOs meant for server boxes.
For systemd(1)-capable systems, start and enable sshd.service.
For init-based systems, try service sshd enable or setting the following in /etc/rc.conf:
sshd_enable="YES"
Configuration
Require Authentication by Key
To require that all client logins use keys, use:
PubkeyAuthentication yes AuthorizedKeysFile .ssh/authorized_keys PasswordAuthentication no
To make an exception for a user, add at the bottom of the file:
Match User git PasswordAuthentication yes Match all
To make an exception for the local network, add (also at the bottom of the file):
Match Address 192.168.*.* PasswordAuthentication yes Match all
Login Messages
Usually any messages printed on login are actually handled by PAM. This can be tricky to configure, so instead disable the default login messages and configure the shell profile to print the desired messages.
To disable all PAM login messages for a user, try:
touch ~/.hushlogin
Note that default PAM configurations print /etc/motd and the output of /usr/bin/lastlog --user USERNAME on login.