Comments on: Installing and Using a SSH Server

By: aikonbrasil

aikonbrasil — Mon, 08 Mar 2010 23:44:41 +0000

An Excellent Post, Congratulation !!!!!!!!

I will be visiting your blog all the time.

Thanks.

By: Jaun Millalonco

Jaun Millalonco — Wed, 01 Jul 2009 19:03:25 +0000

My first visit here, found the blog accidentally really, and I just wanted to say I’ve enjoyed my visit and had some good reads while here
Juan

By: analog_G

analog_G — Fri, 29 Feb 2008 18:21:59 +0000

Great post. So simple I was able to call my wife from work and she installed openSSH from a command prompt. I am now using PuTTY.exe on my Windows machine at work to connect (SSH) to my Linux Machine at home. I just modified my sshd_config file remotely to only allow me as an openSSH user. Cool stuff.

By: Ram

Ram — Thu, 28 Feb 2008 10:56:46 +0000

Wonderful post bro. Simple n clear explanation.

By: db0

db0 — Sun, 24 Feb 2008 18:16:57 +0000

Excellent post. This is exactly what I needed to administer my girlfriends computer without asking for a rdc connection every time

Cheers!

By: Tom

Tom — Wed, 20 Feb 2008 06:24:45 +0000

Jonas:
Thanks for the tip on changing the port in ssh_config.

Tony:
Public key authentication is tomorrow’s post

By: Jonas

Jonas — Wed, 20 Feb 2008 02:37:17 +0000

Quick-and-dirty, and assuming it is your server so you have root-access to it.

On the server,

Make sure you have the following in /etc/ssh/sshd_config:

PubkeyAuthentication yes
PasswordAuthentication no

On the client, do:

1. ssh-keygen -t rsa (up to you if you want to use a pass-phrase or not. As long as you keep the key-files secured, it is more convenient without one).
2. ssh-copy-id -i ~/.ssh/id_rsa.pub username@server (this copies the pub-key to the server)

Finally, you should be able to do ssh server. The first time you will get a warning, and then you will be asked about your pass-phrase if you created one. Otherwise, you should be let in. This assumes that you have the same username (and the same UID and GID) on both the client and the server though.

Finally, as root on the server /etc/init.d/ssh restart

Note though that I would recommend to NOT turn off password authenciation until you know the pubkey setup works…

Now, if you followed the suggestions to make sure only trusted users are allowed to use ssh and changing the portnumber, a potential hacker would need:

1. To find out the correct portnumber.
2. Find the correct username
3. Get access to your keyfile somehow.

Note too that if you just want to use this on a server that you do not have root access to, it should work too except that you of course have to rely on the server being properly set up in the first place (or pester the administrator to set it up for you…). If it allows ssh-logins, I would hope that it is.

By: Tony

Tony — Tue, 19 Feb 2008 22:56:45 +0000

Wonderfully informative post.
Can you explain how to use public key authentication?

By: Jonas

Jonas — Tue, 19 Feb 2008 18:15:26 +0000

I think you missed one important aspect in securing a ssh-server: don’t allow people (even if it’s just yourself) to connect to it using passwords. Do it using public key authenciation, and brute force password crackers will work in vain.

Of course, using public keys provide an additional bonus apart from better security. It makes using sshfs more convenient in that you can mount a ssh directory without being prompted for a password or passphrase at boot-time, especially convenient if you mount them using fstab.

And speaking of convenient…since you mentioned changing the port of the server you might want to change the corresponding part of the client ssh_config file. Just so you don’t have to remember adding the -p 2222 every time.

By: Fer

Fer — Tue, 19 Feb 2008 17:26:36 +0000

Nice!

Cheers from Barcelona, Spain