Difference between revisions of "SSH"
From wiki
(Created page with "{{Debian}} == Server == === Install === <syntaxhighlight lang="console"> # apt install openssh-server </syntaxhighlight> === Configure === {{TODO}} === Fail2ban === Fail2b...") |
(Start client section) |
||
| Line 1: | Line 1: | ||
| − | {{Debian}} | + | {{Debian}}{{WIP}} |
== Server == | == Server == | ||
| Line 17: | Line 17: | ||
port = 2200 ; <= Set the port here | port = 2200 ; <= Set the port here | ||
</syntaxhighlight> | </syntaxhighlight> | ||
| − | [[Category:Install]] | + | |
| + | == Client == | ||
| + | |||
| + | === Install === | ||
| + | <syntaxhighlight lang="console"> | ||
| + | # apt install openssh-client | ||
| + | </syntaxhighlight> | ||
| + | |||
| + | === '''Configure''' === | ||
| + | For more information check [https://stribika.github.io/2015/01/04/secure-secure-shell.html secure secure shell] from strikiba. | ||
| + | |||
| + | ==== Generate user keys ==== | ||
| + | This needs to be run by all users. It is strongly recommended to set a password to your keys. A passwordless keyfile is as secure as a post-it on the wall with your password. If a script need unattended access to another machine, create dedicated accounts and key for that usage.<syntaxhighlight lang="console"> | ||
| + | $ ssh-keygen -t ed25519 -o -a 100 | ||
| + | $ ssh-keygen -t rsa -b 4096 -o -a 100 | ||
| + | </syntaxhighlight>[[Category:Install]] | ||
[[Category:Fail2Ban]] | [[Category:Fail2Ban]] | ||
Revision as of 01:52, 4 January 2016
 Warning: | These instructions were only tested on Debian. It will probably work for other Linux distributions, but you might need to adapt the provided instructions. |
| Warning: | This page is a work in progress and is not completed. Important informations might be missing or wrong. |
Server
Install
# apt install openssh-server
Configure
TODO
Fail2ban
Fail2ban configuration for ssh is active by default in debian. However, if you changed the listening port of your server, you must reflect that in fail2ban. To do so, create file /etc/fail2ban/jail.d/sshd.conf with the following content
[sshd]
enabled = true
port = 2200 ; <= Set the port here
Client
Install
# apt install openssh-client
Configure
For more information check secure secure shell from strikiba.
Generate user keys
This needs to be run by all users. It is strongly recommended to set a password to your keys. A passwordless keyfile is as secure as a post-it on the wall with your password. If a script need unattended access to another machine, create dedicated accounts and key for that usage.
$ ssh-keygen -t ed25519 -o -a 100
$ ssh-keygen -t rsa -b 4096 -o -a 100
