Saturday, July 17, 2021

ubuntu-to-ubuntu ssh connection

ubuntu has pre-installed ssh client but not server.


ref:  https://ubuntu.com/server/docs/service-openssh


###############

# ENABLE SSH #

###############


To have the REMOTE ubuntu accepting ssh connection, install ssh server:


    $ sudo apt update

    $ sudo apt upgrade 

    $ sudo apt install openssh-server


The SSH service is automatically started.


In case ssh config changes are needed, for example, using port 5000 instead of default port 22, modify the config file:


    $ sudo nano /etc/ssh/ssh_config


then restart the server


    $ systemctl restart ssh.service

or

    $ systemctl restart sshd

or 

    $ sudo service sshd restart


LOCAL ubuntu for the first time ssh'ing to a new server, command prompts to confirm fingerprint.  

For comparison, show the fingerprint on the SSH server side (REMOTE ubuntu):


    $ ssh-keygen -l -f /etc/ssh/ssh_host_ecdsa_key.pub



###################

# SKIP PASSWORD #

###################


If frequently SSH to a server, one could set up SSH key to avoid typing password for connection.

1. LOCAL, generate a key pair - private key and public key


    $ ssh-keygen -f /path/to/myserver.ppk


2. copy public key from LOCAL to REMOTE


    $ scp -i /path/to/myserver.ppk.pub  user@REMOTE


    # above command create or append to REMOTE   /home/user/.ssh/authorized_keys


3. connect with no password


    $ ssh -i /path/to/myserver.ppk  user@REMOTE


4. (optionally) disable password login

    With the ssh key set up properly, now we can disable regular password login.

    a. change in /etc/ssh/sshd_config, from 


        #PasswordAuthentication yes

        to

        PasswordAuthentication no


    b. restart service


        service ssh restart


#############################

# OTHER settings in sshd_config #

#############################

https://askubuntu.com/questions/869945/how-to-disable-password-and-root-ssh

  • Deny all root login
  • Deny all password logins for all users
  • Allow other users with other authentication methods (publickey)

This is achieved using below configuration options:


    PermitRootLogin no
    PasswordAuthentication no
    ChallengeResponseAuthentication no


Then restart service

        service ssh restart


#################

# X11 Forwarding  #

#################

    1. REMOTE side to enable X11 Forwarding in ssh_config

    2. LOCAL side


            ssh -X -i /path/to/private_key  user@IP  "gvim ~/dummy.txt"


    or to remotely run local script with parameters:


        ssh user@REMOTE 'bash -s' < test.sh true true true



Labels: , ,

posted by Ken Seto at 8:40 PM

0 Comments:

Post a Comment

Subscribe to Post Comments [Atom]

<< Home