Service Unix Linux Windows

Secure Shell (SSH)

SSH-2.0-OpenSSH_9.6p1

FreeBSD 13 

# ee /etc/rc.conf
sshd_enable="YES"

# ee /etc/ssh/sshd_config
Port 22
PermitRootLogin no
PubkeyAuthentication yes
AuthenticationMethods publickey
PasswordAuthentication no
PermitEmptyPasswords no
ClientAliveInterval 30
ClientAliveCountMax 6

# /etc/rc.d/sshd restart

Ubuntu 24.04 LTS 

$ sudo apt update && sudo apt upgrade
$ sudo apt install openssh-server

$ sudo systemctl enable/disable ssh
$ sudo systemctl start/stop/restart/status ssh

$ sudo vim /lib/systemd/system/ssh.socket
ListenStream=2222

$ sudo systemctl daemon-reload
$ sudo systemctl restart ssh.socket

$ sudo vim /etc/ssh/sshd_config
AuthorizedKeysFile      .ssh/authorized_keys .ssh/authorized_keys2
PasswordAuthentication no

$ sudo vim /etc/ssh/sshd_config
AuthorizedKeysFile      .ssh/authorized_keys .ssh/authorized_keys2
PasswordAuthentication no

$ sudo systemctl restart ssh

Ubuntu 22.04 LTS 

$ sudo apt update && sudo apt upgrade -y
$ sudo apt install openssh-server -y

$ sudo systemctl enable --now ssh
$ sudo systemctl disable --now ssh
$ sudo apt autoremove openssh-server -y

$ sudo systemctl status ssh
$ sudo ss -lt

$ sudo vim /etc/ssh/sshd_config
$ sudo systemctl restart sshd

Port 22
PasswordAuthentication no
PubkeyAcceptedKeyTypes=+ssh-rsa   #publickey auth fails in ssh2

CentOS 7 & 8 

$ sudo dnf install openssh-server
$ sudo dnf install openssh
$ sudo ssh -V

$ sudo vim /etc/ssh/sshd_config
$ sudo systemctl restart sshd
$ sudo sshd -t

Port 22
PermitRootLogin no		#Whether to log in with a root.
PermitEmptyPasswords no
PasswordAuthentication no	#Whether to use password authentication.
AuthorizedKeysFile      .ssh/authorized_keys
ChallengeResponseAuthentication no
UsePAM yes

AllowUsers aaron		#Allow specified users to log in.
AllowGroups
DenyUsers
DenyGroups

$ sudo vim ${HOME}/.ssh/config

$ sudo systemctl start/status/stop/enable/disenanble sshd
$ cat /var/log/secure

SSH Key-based Authentication 

$ ssh-keygen -t rsa -b 4096 -P 'hello' -C aaron

-t rsa dsa, ecdsa, ed25519, rsa, default rsa.

-b 4096 bits, minimum 768 bits, default 2048 bits.

-f ~/.ssh/id_rsa output keyfile.

-C aaron comment.

-P 'abc' passphrase

$ cp ~/.ssh/id_rsa.pub ~/.ssh/authorized_keys
$ chmod 700 ~/.ssh			#Check permissions.
$ chmod 600 ~/.ssh/authorized_keys	#Check permissions.
$ cat ~/.ssh/id_rsa.pub

The private key passphrase that needs to be modified.

$ ssh-keygen -p -f ~/.ssh/id_rsa

Send public key to local server.

$ cat ./.ssh/id_rsa.pub >> ~/.ssh/authorized_keys

Send public key to remote server.

$ ssh-copy-id remote_username@server_ip_address

$ cat ~/.ssh/id_rsa.pub | ssh remote_username@server_ip_address "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"
$ ssh -i path/to/your/key developer@192.168.1.237 -p 23
$ scp -i path/to/your/key filename developer@192.168.1.237:/diskpath
$ ssh -p 2222 user@host

Firewall

Firewalld 

$ sudo firewall-cmd --permanent --zone=public --add-rich-rule=' rule family="ipv4"   source address="1.2.3.4/32"   port protocol="tcp" port="22" accept'
$ sudo firewall-cmd --permanent --zone=public --add-rich-rule=' rule family="ipv4"   source address="1.2.3.0/24"   port protocol="tcp" port="22" accept'

UFW 

$ sudo ufw allow from 1.2.3.4/32 to any port 22
$ sudo ufw allow from 1.2.3.0/24 to any port 22

SSH.COM

OpenSSH

SSH
Licensed under CC BY-NC-SA 4.0
comments powered by Disqus