diff --git a/pages/04.other/ssh/default.en.md b/pages/04.other/ssh/default.en.md index d394cb5..fe6cb7a 100644 --- a/pages/04.other/ssh/default.en.md +++ b/pages/04.other/ssh/default.en.md @@ -4,40 +4,49 @@ visible: true --- [toc] + ## Linux Server + ### Installation + #### Debian -`# apt install openssh-server` + +`# apt install openssh-server` #### Arch -`# pacman -S openssh` -`# systemctl enable ssh` +`# pacman -S openssh` + +`# systemctl enable ssh` ### Configuration file -`/etc/ssh/sshd_config` -Make sure to restart the sshd service after changes. +`/etc/ssh/sshd_config` + +Make sure to restart the sshd service after changes. ### Change port -Uncomment `Port` and set any port number + +Uncomment `Port` and set any port number ### Root login -`PermitRootLogin` setting + +`PermitRootLogin` setting ``` yes -> Able to log in with password as root ``` ### Password Authentication -`PasswordAuthentication` setting + +`PasswordAuthentication` setting ``` yes -> Allow login with passwords no -> Only allow ssh keys ``` -On OpenBSD also set `KbdInteractiveAuthentication` to `no` +On OpenBSD also set `KbdInteractiveAuthentication` to `no` ## Options @@ -50,58 +59,68 @@ This happens, when a host key is used that has been deprecated in the locally in Use the option `-oHostKeyAlgorithms=+` with ssh to connect regardless. ## Windows Server + Open PowerShell as administrator `Add-WindowsCapability -Online -Name OpenSSH.Server` Start service -`Start-Service sshd` +`Start-Service sshd` Enable service -`Set-Service -Name sshd -StartupType 'Automatic'` +`Set-Service -Name sshd -StartupType 'Automatic'` Check whether firewall rule exists -`Get-NetFirewallRule -Name *ssh*` +`Get-NetFirewallRule -Name *ssh*` Create firewall rule for port 22 -`New-NetFirewallRule -Name sshd -DisplayName 'OpenSSH Server (sshd)' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22` +`New-NetFirewallRule -Name sshd -DisplayName 'OpenSSH Server (sshd)' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22` ## Linux Client + ### Configuration file -`/etc/ssh/ssh_config` + +`/etc/ssh/ssh_config` ### Connect to non-standard port -`$ ssh -p (port) (user)@(ip)` + +`$ ssh -p (port) (user)@(ip)` ### X11 passthrough -`$ ssh -X (user)@(ip)` + +`$ ssh -X (user)@(ip)` ### ssh keys + Create new key: -`$ ssh-keygen` +`$ ssh-keygen` -*Example* for ed25519 key: -`$ ssh-keygen -t ed25519` +_Example_ for ed25519 key: +`$ ssh-keygen -t ed25519` -The "-C" flag can be used to add comments in ssh key files. +The "-C" flag can be used to add comments in ssh key files. Enable the ssh key: -`$ ssh-copy-id -i (public key file) (user)@(ip/domain)` +`$ ssh-copy-id -i (public key file) (user)@(ip/domain)` If you are copying the ssh key from a different client, use the "-f" flag -`$ ssh-copy-id -f -i (public key file) (user)@(ip/domain)` +`$ ssh-copy-id -f -i (public key file) (user)@(ip/domain)` ## Windows Client + Open PowerShell as administrator -`Add-WindowsCapability -Online -Name OpenSSH.Client` +`Add-WindowsCapability -Online -Name OpenSSH.Client` ## SSH Tunnel systemd Service -SSH tunnels can be created as systemd services -*Example tunnel:* -`ssh -NTfL 8080:webserver:80 user@remotehost` +SSH tunnels can be created as systemd services + +_Example tunnel:_ +`ssh -NTfL 8080:webserver:80 user@remotehost` ### Tunnel settings -Save the file under `/etc/systemd/system/(application/tunnel name)` + +Save the file under `/etc/systemd/system/(application/tunnel name)` + ``` PATH_TO_KEY=(ssh key path) LOCAL_PORT=8080 @@ -112,8 +131,10 @@ REMOTE_HOST=remotehost ``` ### Tunnel service + This service can be used with multiple different "tunnel settings" files. Similar to how the wg-quick service works with different wireguard configs. -Save this file under `/etc/systemd/system/local-tunnel@.service` +Save this file under `/etc/systemd/system/local-tunnel@.service` + ``` [Unit] Description=Setup a local tunnel to %I @@ -132,8 +153,9 @@ WantedBy=multi-user.target Finally, the tunnel can be enabled `# systemctl daemon-reload` -`# systemctl enable --now local-tunnel@(application/tunnel name)` +`# systemctl enable --now local-tunnel@(application/tunnel name)` ## References -- [Windows OpenSSH Installation](https://docs.microsoft.com/en-us/windows-server/administration/openssh/openssh_install_firstuse) + +- [Windows OpenSSH Installation](https://docs.microsoft.com/en-us/windows-server/administration/openssh/openssh_install_firstuse) - [SSH Tunnel as systemd service](https://ivanmorenoj.medium.com/ssh-tunnel-as-systemd-service-3c53bd157ac1)