50 lines
1.1 KiB
Markdown
50 lines
1.1 KiB
Markdown
# ssh
|
|
|
|
*All commands assume being logged in as root user on the server unless noted otherwise.*
|
|
|
|
```bash
|
|
apt install openssh-server
|
|
```
|
|
|
|
```bash
|
|
systemctl enable ssh
|
|
```
|
|
|
|
Permit root login (will be restricted again later).
|
|
```bash
|
|
vi /etc/ssh/sshd_config
|
|
```
|
|
Find `PermitRootLogin without-password` and change it to `PermitRootLogin yes`. Remove the `#` in front of it if there is one.
|
|
```bash
|
|
systemctl restart ssh
|
|
```
|
|
|
|
## Add ssh-keys
|
|
|
|
*This command has to be run from the computer you want to have ssh access through keys later.*
|
|
```bash
|
|
ssh-copy-id -i <file location> <user>@<ip/domain>
|
|
```
|
|
In <file location> the location of the ssh public keys has to be inserted. The default is ~/.ssh/id_rsa.pub.
|
|
In case you have not yet created an ssh-key, run the following command.
|
|
```bash
|
|
ssh-keygen
|
|
```
|
|
To create ed25519 keys, execute the following command.
|
|
```bash
|
|
ssh-keygen -t ed25519
|
|
```
|
|
|
|
## Disable password access
|
|
|
|
```bash
|
|
vi /etc/ssh/sshd_config
|
|
```
|
|
Find `PasswordAuthentication yes` and change it to `PasswordAuthentication no`. Remove the `#` in front of it if there is one.
|
|
```bash
|
|
systemctl restart ssh
|
|
```
|
|
|
|
|
|
|