SSH
Secure Shell (SSH) is a protocol that enables remote access to a server. The most common implementation for Linux and BSD is OpenSSH.
Note that the server service sshd(8) is distinct from client implementations, such as ssh(1) or PuTTY.
Contents
Client Installation
Server Installation
On Linux, sshd runs by default. On BSDs, you will need to enable it. In /etc/rc.conf:
sshd_enable="YES"
Server Configuration
Require Authentication by Key
To require that all logins use keys, use:
PubkeyAuthentication yes AuthorizedKeysFile .ssh/authorized_keys PasswordAuthentication no
To make an exception for a user, add at the bottom of the file:
Match User git PasswordAuthentication yes Match all
To make an exception for the local network, add (also at the bottom of the file):
Match Address 192.168.*.* PasswordAuthentication yes Match all
Login Messages
Usually any messages printed on login are actually handled by PAM. This can be tricky to configure, so instead disable all login messages and recreate any desired messages.
To disable all PAM login messages for a user, just:
touch ~/.hushlogin
Default PAM configurations print /etc/motd and the output of /usr/bin/lastlog --user USERNAME. These can just as easily be added to ~/.bashrc.