Ubuntu/openssh
(→fixing quick time-out) |
|||
| (2 intermediate revisions by one user not shown) | |||
| Line 53: | Line 53: | ||
'''ClientAliveInterval''': number of seconds that the server will wait before sending a null packet to the client (to keep the connection alive).<br> | '''ClientAliveInterval''': number of seconds that the server will wait before sending a null packet to the client (to keep the connection alive).<br> | ||
'''ClientAliveCountMax''': This is the limit of how long a client are allowed to stay unresponsive before being disconnected. The default value is 3 | '''ClientAliveCountMax''': This is the limit of how long a client are allowed to stay unresponsive before being disconnected. The default value is 3 | ||
| + | |||
| + | ==Create ed25519 ssh key== | ||
| + | <nowiki>~$ ssh-keygen -t ed25519</nowiki> | ||
| + | |||
| + | ==Connecting through a ssh tunnel== | ||
| + | This assumes the public and private keys are on the originating machine and the public key is added to the authorized key files on both the tunnel and destination servers. | ||
| + | <nowiki>~$ ssh -i ~/.ssh/id_ed25519 -J username@tunnel username@detination</nowiki> | ||
| + | scp through ssh proxy | ||
| + | <nowiki>~$ scp -i ~/.ssh/id_ed25519 -o ProxyJump=user@proxyserver ./sourcefile user@destinationserver:/destinationfile</nowiki> | ||
Latest revision as of 21:33, 8 March 2023
Most versions of linux come with sshd installed, however it is not configured as a server. The easiest way is to use apt-get to install openssh-server
sudo apt-get install openssh-server
backup the default sshd_config to your home directory
sudo cp /etc/ssh/sshd_config ~
edit the sshd_config to increase security
- disable root login
PermitRootLogin no
- only allow specific users
AllowUsers john
restart sshd
sudo restart ssh
check to see if the service is running and listening on port 22
sudo egrep -i sshd /var/log/*log|more
or
sudo netstat -lp
Contents |
[edit] sftp
after sshd is installed: edit sshd_config:
Subsystem sftp /usr/lib/openssh/sftp-server #Subsystem sftp internal-sftp -f AUTH -1 VERBOSE #Uncomment this line if already commented UsePAM yes
AllowGroups john sftpusers Match Group sftpusers ChrootDirectory %h AllowTCPForwarding no X11Forwarding no ForceCommand internal-sftp Match
In the case above, I already had a group that the user was part of. Below you'll find instructions on what to do if that does not exist already
>sudo groupadd sftpusers >sudo adduser sftpuser >sudo usermod -a -G sftpusers sftpuser >sudo passwd sftpuser >sudo chown root:sftpuser /home/sftpuser >sudo chmod 750 /home/sftpuser >sudo mkdir /home/sftpuser/public >sudo chown sftpuser:sftpuser /home/sftpuser/public >sudo chmod 777 /home/sftpuser/public
[edit] fixing quick time-out
~$ sudo vi /etc/sshd/sshd_config uncomment or add: ClientAliveInterval 30 ClientAliveCountMax 5 ~$ sudo service sshd restart
ClientAliveInterval: number of seconds that the server will wait before sending a null packet to the client (to keep the connection alive).
ClientAliveCountMax: This is the limit of how long a client are allowed to stay unresponsive before being disconnected. The default value is 3
[edit] Create ed25519 ssh key
~$ ssh-keygen -t ed25519
[edit] Connecting through a ssh tunnel
This assumes the public and private keys are on the originating machine and the public key is added to the authorized key files on both the tunnel and destination servers.
~$ ssh -i ~/.ssh/id_ed25519 -J username@tunnel username@detination
scp through ssh proxy
~$ scp -i ~/.ssh/id_ed25519 -o ProxyJump=user@proxyserver ./sourcefile user@destinationserver:/destinationfile
