= OpenSSH =

'''OpenSSH''' is a [[Encryption/SSH|SSH]] client (`ssh(1)`) and server (`sshd(8)`).

<<TableOfContents>>

----



== Installation ==

Most [[Linux]] and [[BSD]] distributions will have `ssh(1)` and `sshd(8)` installed. Otherwise, they will be available in an `openssl` package.

Furthermore, many Linux distributions have `sshd(8)` running by default.

For `systemd(1)`-capable systems, [[Linux/Systemd|start and enable]] `sshd.service`. 

For OpenRC-based systems, [[Linux/OpenRC|start and add]] the `sshd` service.

For BSDs, [[BSD/Init|start]] the `sshd` service. To have it automatically start on boot, try editing `/etc/rc.conf` like:

{{{
sshd_enable="YES"
}}}

[[Windows]] systems preferring access by [[Protocols/RDP|RDP]].

----



== Setup ==



=== Require Authentication by Key ===

To require that all client logins use keys, use:

{{{
PubkeyAuthentication   yes
AuthorizedKeysFile     .ssh/authorized_keys
PasswordAuthentication no
}}}

To make an exception for a user, add '''''at the bottom of the file''''':

{{{
Match User git
  PasswordAuthentication yes
Match all
}}}

To make an exception for the local network, add ('''''also'' at the bottom of the file'''):

{{{
Match Address 192.168.*.*
  PasswordAuthentication yes
Match all
}}}



=== Login Messages ===

Usually any messages printed on login are actually handled by PAM. This can be tricky to configure, so instead disable the default login messages and configure the shell profile to print the desired messages.

To disable all PAM login messages for a user, try:

{{{
touch ~/.hushlogin
}}}

Note that default PAM configurations print `/etc/motd` and the output of `/usr/bin/lastlog --user USERNAME` on login.

----



== Usage ==

The primary use of `ssh(1)` is to access a remote host:

{{{
ssh username@example.com
}}}

See [[Encryption/OpenSSH/Tunnels|here]] for details on creating and using SSH tunnels.

----



== See also ==

[[https://man.archlinux.org/man/core/openssh/ssh.1.en|ssh(1)]]

[[https://man.archlinux.org/man/core/openssh/sshd.8.en|sshd(8)]]

[[Encryption/SSHKeyGen|SSHKeyGen]]

[[Encryption/SSH|SSH]]



----
CategoryRicottone