(Grav GitSync) Automatic Commit from RealStickman
This commit is contained in:
parent
8a0204aacd
commit
f6bf3003cd
127
pages/04.other/02.ssh/default.en.md
Normal file
127
pages/04.other/02.ssh/default.en.md
Normal file
@ -0,0 +1,127 @@
|
||||
---
|
||||
title: SSH
|
||||
---
|
||||
|
||||
## Linux Server
|
||||
### Installation
|
||||
#### Debian
|
||||
`# apt install openssh-server`
|
||||
|
||||
#### Arch
|
||||
`# pacman -S openssh`
|
||||
|
||||
`# systemctl enable ssh`
|
||||
|
||||
### Configuration file
|
||||
`/etc/ssh/sshd_config`
|
||||
|
||||
Make sure to restart the sshd service after changes.
|
||||
|
||||
### Change port
|
||||
Uncomment `Port` and set any port number
|
||||
|
||||
### Root login
|
||||
`PermitRootLogin` setting
|
||||
|
||||
```
|
||||
yes -> Able to log in with password as root
|
||||
```
|
||||
|
||||
### Password Authentication
|
||||
`PasswordAuthentication` setting
|
||||
|
||||
```
|
||||
yes -> Allow login with passwords
|
||||
no -> Only allow ssh keys
|
||||
```
|
||||
|
||||
On OpenBSD also set `KbdInteractiveAuthentication` to `no`
|
||||
|
||||
## Windows Server
|
||||
Open PowerShell as administrator
|
||||
`Add-WindowsCapability -Online -Name OpenSSH.Server`
|
||||
|
||||
Start service
|
||||
`Start-Service sshd`
|
||||
|
||||
Enable service
|
||||
`Set-Service -Name sshd -StartupType 'Automatic'`
|
||||
|
||||
Check whether firewall rule exists
|
||||
`Get-NetFirewallRule -Name *ssh*`
|
||||
|
||||
Create firewall rule for port 22
|
||||
`New-NetFirewallRule -Name sshd -DisplayName 'OpenSSH Server (sshd)' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22`
|
||||
|
||||
## Linux Client
|
||||
### Configuration file
|
||||
`/etc/ssh/ssh_config`
|
||||
|
||||
### Connect to non-standard port
|
||||
`$ ssh -p (port) (user)@(ip)`
|
||||
|
||||
### X11 passthrough
|
||||
`$ ssh -X (user)@(ip)`
|
||||
|
||||
### ssh keys
|
||||
Create new key:
|
||||
`$ ssh-keygen`
|
||||
|
||||
*Example* for ed25519 key:
|
||||
`$ ssh-keygen -t ed25519`
|
||||
|
||||
The "-C" flag can be used to add comments in ssh key files.
|
||||
|
||||
Enable the ssh key:
|
||||
`$ ssh-copy-id -i (public key file) (user)@(ip/domain)`
|
||||
|
||||
If you are copying the ssh key from a different client, use the "-f" flag
|
||||
`$ ssh-copy-id -f -i (public key file) (user)@(ip/domain)`
|
||||
|
||||
## Windows Client
|
||||
Open PowerShell as administrator
|
||||
`Add-WindowsCapability -Online -Name OpenSSH.Client`
|
||||
|
||||
## SSH Tunnel systemd Service
|
||||
SSH tunnels can be created as systemd services
|
||||
|
||||
*Example tunnel:*
|
||||
`ssh -NTfL 8080:webserver:80 user@remotehost`
|
||||
|
||||
### Tunnel settings
|
||||
Save the file under `/etc/systemd/system/(application/tunnel name)`
|
||||
```
|
||||
PATH_TO_KEY=(ssh key path)
|
||||
LOCAL_PORT=8080
|
||||
REMOTE_ADDR=webserver
|
||||
REMOTE_PORT=80
|
||||
REMOTE_USER=user
|
||||
REMOTE_HOST=remotehost
|
||||
```
|
||||
|
||||
### Tunnel service
|
||||
This service can be used with multiple different "tunnel settings" files. Similar to how the wg-quick service works with different wireguard configs.
|
||||
Save this file under `/etc/systemd/system/local-tunnel@.service`
|
||||
```
|
||||
[Unit]
|
||||
Description=Setup a local tunnel to %I
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
EnvironmentFile=/etc/default/local-tunnel@%i
|
||||
ExecStart=/usr/bin/ssh -i ${PATH_TO_KEY} -o ServerAliveInterval=60 -o ExitOnForwardFailure=yes -nNT -L ${LOCAL_PORT}:${REMOTE_ADDR}:${REMOTE_PORT} ${REMOTE_USER}@${REMOTE_HOST}
|
||||
RestartSec=15
|
||||
Restart=always
|
||||
KillMode=mixed
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
```
|
||||
|
||||
Finally, the tunnel can be enabled
|
||||
`# systemctl daemon-reload`
|
||||
`# systemctl enable --now local-tunnel@(application/tunnel name)`
|
||||
|
||||
## References
|
||||
- [Windows OpenSSH Installation](https://docs.microsoft.com/en-us/windows-server/administration/openssh/openssh_install_firstuse)
|
||||
- [SSH Tunnel as systemd service](https://ivanmorenoj.medium.com/ssh-tunnel-as-systemd-service-3c53bd157ac1)
|
Loading…
Reference in New Issue
Block a user