Secure Shell Protocol
Secure Shell Protocol
A encrypted network protocol for operating network services securely over an unsecured network.
Usage
| Action | Command | Notes |
|---|---|---|
| Connect | ssh <user@host> |
|
| Custom Port | ssh -p <port> <user@host> |
default port is 22 |
| Identity File | ssh -i ~/.ssh/<key> <user@host> |
will check all keys otherwise |
| Copy Key | ssh-copy-id -i ~/.ssh/<key>.pub <user>@<host> |
SSH Key
SSH keys provide a secure, passwordless way to authenticate. Ed25519 algorithm is the current standard for security and performance.
- Generate key pair.
ssh-keygen -t ed25519 -C "user@machine"
- Comment
-C "...": optional but user and machine name is helpful. - File name: optional, default is
id_ed25519. - Password: optional but highly recommended.
- Public Key (share this):
~/.ssh/id_ed25519.pub. - Private Key (keep secret):
~/.ssh/id_ed25519.
- Distribute to server.
ssh-copy-id -i ~/.ssh/<key>.pub <user>@<server-ip>
# ex. ssh-copy-id -i ~/.ssh/id_ed25519.pub <user>@<server-ip>
SSH Hardening
Edit /etc/ssh/sshd_config, uncomment and set following lines:
PermitRootLoginto no.PasswordAuthenticationto no.UsePAMto no.
X11 Forwarding
sudo pacman -S xauth xhost
Edit /etc/ssh/sshd_config, uncomment and set following lines:
X11Forwardingto yes.X11DisplayOffsetto 10.X11UseLocalhostto yes.
sudo systemctl restart sshd
xhost +local: