User Tools

Site Tools


start:ssh

Access your server using SSH

SSH or Secure Shell is a cryptographic network protocol for operating network services securely over an unsecured network. Typical applications include remote command-line, login, and remote command execution, but any network service can be secured with SSH.

Using SSH, you can access your server (or a friend's desktop) without needing physical access. In this manual, we are going to set up OpenSSH on the client and the server. You will authenticate with your public key, which is more secure than plain password authentication.

Prerequisites

  • A running Debian (or Debian-based) server.
  • A Debian(-based) desktop or laptop (which we call the client).

Generate a keypair on your client

Install openssh-client on the client:

sudo apt install openssh-client

Generate a keypair:

ssh-keygen -t ed25519 -C "<comment>"

You will be asked to enter a self-chosen private key passphrase.

Get your generated public key,

cat ~/.ssh/id_ed25519.pub

and copy the output (select it, right-click, copy).

Initialize the public key authentication

(a) if you have physical access to your server

On the server, install OpenSSH server:

sudo apt install openssh-server

Continue to follow the instructions at (b) to secure SSH using public key authentication.

(b) if you have SSH access to your server

On the client, access your server using password-authentication:

ssh <username>@example.com

You are now on the server. Create the authorized_keys file:

cd ~
mkdir .ssh
chmod 700 .ssh
cd .ssh
nano authorized_keys

Paste your public key in this file (~/.ssh/authorized_keys). Save the file and exit GNU Nano.

Change permissions to this file:

chmod 600 authorized_keys

Open the SSH configuration file:

sudo nano /etc/ssh/sshd_config

In that configuration file, turn off root login and password authentication:

/etc/ssh/sshd_config
PermitRootLogin no
# Change to no to disable tunnelled clear text passwords
PasswordAuthentication no

Restart the SSH daemon (process):

sudo systemctl restart ssh.service

Leave your current SSH session:

exit

Re-login into your server using SSH (on your client):

ssh <username>@example.com

SSH will not ask for your password anymore. Instead it will (probably) ask for your private key passphrase.

Leave your current SSH session:

exit

Congratulations, you can now safely login to your server using SSH public key authentication!

More information

For more advanced use cases, see Connecting to a server's web interface with SSH on the Quietlife wiki.

start/ssh.txt ยท Last modified: 2021/01/09 18:59 by justin