Home SSH setup
Post
Cancel

SSH setup

Posted Apr 17, 2023 Updated Jan 16, 2024
By Canaan
3 min read

what’s ssh?

SSH stands for Secure Shell. It is a secure network protocol that allows secure communication and remote access between two devices.

Gen a key

Both win and Unix share the same generation method.

1

ssh-keygen -o -a 100 -t  ed25519 -f ~/.ssh/< NAME > -C < E-MAIL >

deamon status

make sure the deamon is running:

  • linux: sudo systemctl status sshd start it by replacing status w/ start
    • auto-start it: sudo systemctl enable sshd
    • termux: sshd will start the deamon, pkill sshd will kill it.
      • install it with: pkg install openssh
    • win : install it via: Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0
      • if it fails class not registered or smth similar , check this
      • sshd config docs
  • start it via: start-service sshd, get-service sshd will check the status.
    • auto-start it: Set-Service -Name sshd -StartupType 'Automatic'

copy the key to remote machine

windows to linux

1

type $env:USERPROFILE\.ssh\[ KEY ] | ssh -p  [PORT] [ USER]@[ HOST ]  "cat >> .ssh/authorized_keys"

example to termux

1

type $env:USERPROFILE\.ssh\tablet.pub | ssh -p 8022 u0_a380@192.168.1.15 "cat >> .ssh/authorized_keys"

linux to linux

1

ssh-copy-id -i ~/.ssh/< KEY > < USER >@< HOST >

linux to windows

we’re kinda screwed here; u’d need to copy the key manually: you can send the key to urself then delete the message ¯_(ツ)_/¯ or SSH into the host and cat the *.pub key and put it into the authorized file

  • add the contents of the .pub into $env:USERPROFILE\.ssh\authorized_keys
    • if it’s not there, create it.
  • u also can change the default shell form the normal powershell to powershell 7 win docs
1

New-ItemProperty -Path "HKLM:\SOFTWARE\OpenSSH" -Name DefaultShell -Value "C:\Program Files\PowerShell\7\pwsh.exe" -PropertyType String -Force
  • if you’re trying to connect and u still get prompted for a pass, chances are the user you are trying to connect as is an admin, simply add the contents of the authorized_keys into administrators_authorized_keys located in C:\ProgramData\ssh

to Github

1
2
3
4
5

eval "$(ssh-agent -s)"
# add the key to the agent
ssh-add ~/.ssh/NAME
# copy the PUBLIC key
clip < ~/.ssh/NAME.pub # NO CLIP ? nano it !

if you’re using termux and you quit the session, you’d have to re-add the keys, so maybe add them to ~/.bashrc or ~/.zshrc at th end.

then got to https://github.com/settings/keys, create a new key and paste what u’ve copied there.

test the generated key

1

ssh < USER >@< HOST > -i < THE KEY >

ex:

1

ssh canaan@192.168.77.130 -i ~/.ssh/luna

create a Host config

create (~/.ssh/config$env:USERPROFILE/.ssh/config) file if it’s not there.

the syntax is the following:

1
2
3
4
5

Host <A NAME>
    HostName <SERVER ADDRESS>
    User <USER>
    Port <PORT>
    IdentityFile <WHERE THE KEY IS STORED>

1
2
3
4

Host luna
    HostName 192.168.77.130
    User luna
    IdentityFile ~/.ssh/luna

and u’d connect like this assuming the daemon is running:

1
2

ssh < hostname >
ssh luna

Securing the connection

  • files that needs to be edited:
    • Linux: /etc/ssh/sshd_config
    • Win: C:\ProgramData\ssh\sshd_config

disable password auth

after you’ve generated your keys and made sure to test them.

open the file depending on your system and:

ssh-password-auth

uncomment it by removing # and change it to no

restart the service sudo service ssh restart

Change the port to a less common one

in the same file, uncomment the port and change it’s value, then restart the service

connect like this after : ssh -p <port>

Set a time interval for the connection

  • in the system specific file uncomment/add:
    • ClientAliveInterval < Interval>
    • ClientAliveCountMax 0 <- max connections
development
setup ssh environment-setup
This post is licensed under CC BY 4.0 by the author.
Recently Updated
Contents

-

dapper auto apply migrations