exu/wiki-grav
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Format with prettier

Browse Source
This commit is contained in:
RealStickman 2023-01-05 12:44:27 +01:00
parent a8a3f5de59
commit 5a3d639843
1 changed files with 52 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

82
pages/04.other/ssh/default.en.md
View File

@ -4,40 +4,49 @@ visible: true
--- ---
[toc] [toc]
## Linux Server ## Linux Server
### Installation ### Installation
#### Debian #### Debian
`# apt install openssh-server`
`# apt install openssh-server`
#### Arch #### Arch
`# pacman -S openssh`
`# systemctl enable ssh` `# pacman -S openssh`
`# systemctl enable ssh`
### Configuration file ### Configuration file
`/etc/ssh/sshd_config`
Make sure to restart the sshd service after changes. `/etc/ssh/sshd_config`
Make sure to restart the sshd service after changes.
### Change port ### Change port
Uncomment `Port` and set any port number
Uncomment `Port` and set any port number
### Root login ### Root login
`PermitRootLogin` setting
`PermitRootLogin` setting
``` ```
yes -> Able to log in with password as root yes -> Able to log in with password as root
``` ```
### Password Authentication ### Password Authentication
`PasswordAuthentication` setting
`PasswordAuthentication` setting
``` ```
yes -> Allow login with passwords yes -> Allow login with passwords
no -> Only allow ssh keys no -> Only allow ssh keys
``` ```
On OpenBSD also set `KbdInteractiveAuthentication` to `no` On OpenBSD also set `KbdInteractiveAuthentication` to `no`
## Options ## Options
@ -50,58 +59,68 @@ This happens, when a host key is used that has been deprecated in the locally in
Use the option `-oHostKeyAlgorithms=+<host key type>` with ssh to connect regardless. Use the option `-oHostKeyAlgorithms=+<host key type>` with ssh to connect regardless.
## Windows Server ## Windows Server
Open PowerShell as administrator Open PowerShell as administrator
`Add-WindowsCapability -Online -Name OpenSSH.Server` `Add-WindowsCapability -Online -Name OpenSSH.Server`
Start service Start service
`Start-Service sshd` `Start-Service sshd`
Enable service Enable service
`Set-Service -Name sshd -StartupType 'Automatic'` `Set-Service -Name sshd -StartupType 'Automatic'`
Check whether firewall rule exists Check whether firewall rule exists
`Get-NetFirewallRule -Name *ssh*` `Get-NetFirewallRule -Name *ssh*`
Create firewall rule for port 22 Create firewall rule for port 22
`New-NetFirewallRule -Name sshd -DisplayName 'OpenSSH Server (sshd)' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22` `New-NetFirewallRule -Name sshd -DisplayName 'OpenSSH Server (sshd)' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22`
## Linux Client ## Linux Client
### Configuration file ### Configuration file
`/etc/ssh/ssh_config`
`/etc/ssh/ssh_config`
### Connect to non-standard port ### Connect to non-standard port
`$ ssh -p (port) (user)@(ip)`
`$ ssh -p (port) (user)@(ip)`
### X11 passthrough ### X11 passthrough
`$ ssh -X (user)@(ip)`
`$ ssh -X (user)@(ip)`
### ssh keys ### ssh keys
Create new key: Create new key:
`$ ssh-keygen` `$ ssh-keygen`
*Example* for ed25519 key: _Example_ for ed25519 key:
`$ ssh-keygen -t ed25519` `$ ssh-keygen -t ed25519`
The "-C" flag can be used to add comments in ssh key files. The "-C" flag can be used to add comments in ssh key files.
Enable the ssh key: Enable the ssh key:
`$ ssh-copy-id -i (public key file) (user)@(ip/domain)` `$ ssh-copy-id -i (public key file) (user)@(ip/domain)`
If you are copying the ssh key from a different client, use the "-f" flag If you are copying the ssh key from a different client, use the "-f" flag
`$ ssh-copy-id -f -i (public key file) (user)@(ip/domain)` `$ ssh-copy-id -f -i (public key file) (user)@(ip/domain)`
## Windows Client ## Windows Client
Open PowerShell as administrator Open PowerShell as administrator
`Add-WindowsCapability -Online -Name OpenSSH.Client` `Add-WindowsCapability -Online -Name OpenSSH.Client`
## SSH Tunnel systemd Service ## SSH Tunnel systemd Service
SSH tunnels can be created as systemd services
*Example tunnel:* SSH tunnels can be created as systemd services
`ssh -NTfL 8080:webserver:80 user@remotehost`
_Example tunnel:_
`ssh -NTfL 8080:webserver:80 user@remotehost`
### Tunnel settings ### Tunnel settings
Save the file under `/etc/systemd/system/(application/tunnel name)`
Save the file under `/etc/systemd/system/(application/tunnel name)`
``` ```
PATH_TO_KEY=(ssh key path) PATH_TO_KEY=(ssh key path)
LOCAL_PORT=8080 LOCAL_PORT=8080
@ -112,8 +131,10 @@ REMOTE_HOST=remotehost
``` ```
### Tunnel service ### Tunnel service
This service can be used with multiple different "tunnel settings" files. Similar to how the wg-quick service works with different wireguard configs. This service can be used with multiple different "tunnel settings" files. Similar to how the wg-quick service works with different wireguard configs.
Save this file under `/etc/systemd/system/local-tunnel@.service` Save this file under `/etc/systemd/system/local-tunnel@.service`
``` ```
[Unit] [Unit]
Description=Setup a local tunnel to %I Description=Setup a local tunnel to %I
@ -132,8 +153,9 @@ WantedBy=multi-user.target
Finally, the tunnel can be enabled Finally, the tunnel can be enabled
`# systemctl daemon-reload` `# systemctl daemon-reload`
`# systemctl enable --now local-tunnel@(application/tunnel name)` `# systemctl enable --now local-tunnel@(application/tunnel name)`
## References ## References
- [Windows OpenSSH Installation](https://docs.microsoft.com/en-us/windows-server/administration/openssh/openssh_install_firstuse)
- [Windows OpenSSH Installation](https://docs.microsoft.com/en-us/windows-server/administration/openssh/openssh_install_firstuse)
- [SSH Tunnel as systemd service](https://ivanmorenoj.medium.com/ssh-tunnel-as-systemd-service-3c53bd157ac1) - [SSH Tunnel as systemd service](https://ivanmorenoj.medium.com/ssh-tunnel-as-systemd-service-3c53bd157ac1)