LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 06-03-2014, 09:37 PM   #1
l33y
Member
 
Registered: Jan 2014
Location: Gulf Coast, USA
Distribution: Xubuntu
Posts: 50
Blog Entries: 1

Rep: Reputation: Disabled
My first ssh configuration, can you critique my steps?


I have tried to perform a simple implementation of ssh on Lubuntu 14.04, and it appears to be working. Basically I am ssh-ing from my laptop (client) to my desktop (server) behind my home combination router-modem. Both computers have Lubuntu 14.04. I have summarized the steps below and was wondering if you folks would be kind enough to critique it. My primary source of information was Ubuntu online help files. I summarized the steps because I find that the steps in the online help can be confusing, i.e. what to do on which computer.

On the client computer of your Ubuntu system, install the OpenSSH client applications
Quote:
sudo apt-get install openssh-client
On the server computer of your Ubuntu system, install the OpenSSH server application,
Quote:
sudo apt-get install openssh-server
On the server computer, make a backup of your sshd_config file by copying it to your home directory, or by making a read-only copy in /etc/ssh by doing
Quote:
sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.factory-defaults
Quote:
sudo chmod a-w /etc/ssh/sshd_config.factory-defaults
On the server computer, edit the /etc/ssh/sshd_config file as follows
Uncomment the line “#PasswordAuthentication yes” and make it “PasswordAuthenitication No”

On the server computer, do the following:
Check that your SSH daemon is running
Quote:
ps -A | grep sshd
Check that your server is listening for incoming connections
Quote:
sudo ss -lnp | grep sshd
Next, on the server, try logging in to the server
Quote:
ssh -v localhost
Exit the SSH command line by typing
Quote:
exit
Key Generation, interestingly, this should be done on the CLIENT computer
Quote:
mkdir ~/.ssh
Quote:
chmod 700 ~/.ssh && chmod 600 ~/.ssh/*
Quote:
ssh-keygen -t rsa -b 4096
(Enter pass phrase when instructed)
Your public key is now available as .ssh/id_rsa.pub in your home folder

Transfer CLIENT key to host (SERVER)
Copy id_rsa.pub onto a memory stick.
On the SERVER computer, install the memory stick, and perform the following command
Quote:
cat /mnt/id_rsa.pub >> /home/matty/.ssh/authorized_keys
On the Server computer
Quote:
chmod 600 ~/.ssh/authorized_keys && chmod 700 ~/.ssh/
Test your work
from the client computer
Quote:
ssh matty@192.168.0.19
You should be logged into the command line of the server computer!

Last edited by l33y; 06-03-2014 at 09:39 PM. Reason: formatting & clarity
 
Old 06-03-2014, 10:51 PM   #2
evo2
LQ Guru
 
Registered: Jan 2009
Location: Japan
Distribution: Mostly Debian and Scientific Linux
Posts: 5,753

Rep: Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288
Hi,

a few things occurred to me.

- Instead of manually putting your public key in the authorized_keys file is can be convenient to use the copy-copy-id script, then disable password authentication.
- It is usually a good idea to disable root login. Eg "PermitRootLogin no" in /etc/ssh/sshd_config. It you want to be even more secure you can have an explict list of permitted users. Eg "AllowUsers bill ben".
- Don't forget to restart sshd after configuring it so that the changes actually take place
- A very minor point: authorized_keys needs to be readable by sshd which is not necessarily always going to be run as root

Evo2.
 
1 members found this post helpful.
Old 06-03-2014, 11:30 PM   #3
maples
Member
 
Registered: Oct 2013
Location: IN, USA
Distribution: Arch, Debian Jessie
Posts: 810

Rep: Reputation: 264Reputation: 264Reputation: 264
You might also want to run it on a non-standard port if you ever decide to foward a port and be able to SSH into your desktop from anywhere with an Internet connection. To do that, find the line
Code:
#Port 22
Uncomment it (remove the #) and change the 22 to something, usually over 1000. This is usually a good idea because most malicious scripts to find an IP with SSH scan for the default port, 22. After you change this, restart the SSH dameon (can't remember how to do it, check the tutorial you used). Now, to connect to your desktop, you need to run
Code:
ssh user@12.34.56.78 -p $port
where $port is the port you specified above.

Hope this helps!
 
1 members found this post helpful.
Old 06-04-2014, 09:46 PM   #4
l33y
Member
 
Registered: Jan 2014
Location: Gulf Coast, USA
Distribution: Xubuntu
Posts: 50
Blog Entries: 1

Original Poster
Rep: Reputation: Disabled
Many thanks, evo2 and maples! Your reponses helped me tremendously.
 
Old 06-04-2014, 10:46 PM   #5
lleb
Senior Member
 
Registered: Dec 2005
Location: Florida
Distribution: CentOS/Fedora
Posts: 2,630

Rep: Reputation: 495Reputation: 495Reputation: 495Reputation: 495Reputation: 495
also check out the links in my signature. that will give you some more info. good start and keep it up.
 
1 members found this post helpful.
Old 06-06-2014, 06:51 PM   #6
l33y
Member
 
Registered: Jan 2014
Location: Gulf Coast, USA
Distribution: Xubuntu
Posts: 50
Blog Entries: 1

Original Poster
Rep: Reputation: Disabled
Thank you for the response, lleb! I am going to try some new things this weekend.
 
Old 06-18-2014, 10:12 PM   #7
l33y
Member
 
Registered: Jan 2014
Location: Gulf Coast, USA
Distribution: Xubuntu
Posts: 50
Blog Entries: 1

Original Poster
Rep: Reputation: Disabled
I found some cool rsync commands today that allow me to do backups of my home directories over ssh. I had previously posted my steps for setting up ssh between two computers behind a home wireless route/modem. I execute these commands on lubuntu1. The ssh client is lubuntu1. The ssh server is matty.

Quote:
rsync -avh -e ssh matty@192.168.0.10:/home/matty/ /home/lubuntu1
Quote:
rsync -avh /home/lubuntu1/ -e ssh matty@192.168.0.10:/home/matty
VERY cool stuff! My question is, why do I have to type in my key phrase each time I execute these commands? Is there a way to set it up where I don't have to key in those commands each time?

The reference for these commands is thegeekstuff website.
 
Old 06-18-2014, 10:18 PM   #8
evo2
LQ Guru
 
Registered: Jan 2009
Location: Japan
Distribution: Mostly Debian and Scientific Linux
Posts: 5,753

Rep: Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288
Hi,

you need to add your key to the ssh-agent. The agent is likely running already, so try running the following when you first log in.
Code:
ssh-add
If this fails please post the error it reports.

After doing that you should be able to ssh to hosts that have that public key without entering your passphrase for the rest of you login session.

Evo2.
 
Old 06-18-2014, 10:42 PM   #9
l33y
Member
 
Registered: Jan 2014
Location: Gulf Coast, USA
Distribution: Xubuntu
Posts: 50
Blog Entries: 1

Original Poster
Rep: Reputation: Disabled
Thank you for the response, evo2. I logged into the server from the client, typed in

Quote:
ssh-add
and got the following error

Quote:
Could not open a connection to your authentication agent.
I tried it with sudo and got the same error. I tried to do it on the server itself and received the same error.
 
Old 06-18-2014, 10:59 PM   #10
evo2
LQ Guru
 
Registered: Jan 2009
Location: Japan
Distribution: Mostly Debian and Scientific Linux
Posts: 5,753

Rep: Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288
Hi,

you need to run it on the client, not the server.

Evo2.
 
Old 06-19-2014, 12:40 AM   #11
l33y
Member
 
Registered: Jan 2014
Location: Gulf Coast, USA
Distribution: Xubuntu
Posts: 50
Blog Entries: 1

Original Poster
Rep: Reputation: Disabled
It gives the same error message when run on the client.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
mailx Configuration steps needed, please . redhat70 Linux - Server 6 08-05-2016 12:14 PM
HMC Configuration Steps suresh123 AIX 2 04-21-2012 11:04 AM
Sendmail configuration steps on Centos anamikasoni83 Linux - Newbie 2 02-05-2010 06:15 AM
New iptables configuration critique gizza23 Linux - Networking 11 08-06-2005 11:05 PM
Configuration Steps Mandrake Netgear WG511 jeffxor Linux - Wireless Networking 2 11-07-2004 01:36 PM


All times are GMT -5. The time now is 02:31 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration