… I had this big drawn out post almost ready to go up and I deleted it. I’m not even sure that I want to write about Linux and techie type things on this blog, but what the hell right. I’m just going to give it straight to you. If you have question or trouble digesting what I’m telling you, then you will have to leave a comment (which I will write back), or you can search elsewhere in the Internet. Also most, if not all of anything PC related will be about Linux.
Onward!
You will need one of 2 thing or both of the 2 things. What 2 things? These 2 things: ssh server/client. Yes you can just install the server with out the need of the client and you don’t have to have a server if you are just going to be a client. It is best to not install what you do not need installed.
If you are on the server then you will need to install the server.
aptitude install openssh-server
If you are on the client then you will need to install the client.
aptitude install openssh-client
If you need both
aptitude install ssh
you might need to use the sudo command if you are using sudo.
Once you have your client installed you should have a program called ssh-keygen. Use it now! It will prompt you for some information.
- enter where you would like the file(s) saved at.
- passphrase is a password (you do not have to have one)
- do it again
You could have just taken the defaults until you know what is happening and then make changes later on.
With defaults in tow we will now be working out of the ~/.ssh folder.
You have 2 files now: id_rsa & id_rsa.pub. id_rsa you will keep with you or on the computer that you wish to use it with. The id_rsa.pub you will need the guts for on the server.
Because I know that you have already installed the server we will just use ssh to move the .pub key file over to that server. I’m also going to assume that because you have installed the server that you are root. Here we go.
move the .pub file
rsync ~/.ssh/id_rsa.pub root@server.com:/root/.ssh/
you will need to enter root’s password this time.
Now you need what is in the .pub file in the authorized_keys file. You will need to log into the server to do this, and I assume that you already are. Here we go.
Now that we have the .pub file here on the server then it is really simple. Copy the .pub file to the authorized_keys file.
cp ~/.ssh/id_rsa.pub ~/.ssh/authorized_keys
Done.
Now the next time you login to that server you should be using RSA key authentication. If you didn’t put in a pasephrase then you will not need to put in one here. Now there is only one last step that you need to do. This is where you can loose access to the server if you do not know what you are doing.
On the server you will need to edit the ssd_config file.
vi /etc/ssh/sshd_config
You will want to make sure that:
PasswordAuthentication no
Now you have a server that you can only get access to unless you have the RSA key that you generated or you have physical access to the server.
Yes, you sure can set up the ssh server on your Debian, Ubuntu, RedHat, Fedora, SuSE, Mint, or any other Linux distribution.
Notes:
- In the authorized_keys file, you only can have one .pub per line in that file. The best way to go about adding more than one public key to the file is to cat what_ever.pub >> authorized_keys. This will add a new line to the file and add your .pub file to that line.
- Keep your RSA keys on a thumb drive? then you can use ssh -i /media/USB_DEVICE/key_file root@server.com to get access with your keys no matter what computer your own.
- ssh is to client as sshd is to server