SSH AND SERVERS

SSH provides a secure means of remote login from one computer to another computer. When setting up linux servers, the OS usually provides ssh by default. To login:

ssh user@ipaddress

This prompts for a password, after which you have access to a remote terminal. Sometimes, no password is requested, and you are required to set one up after your first login.

The password login method is not really secure. This is because someone can try to guess it. A more secure method is to disable the password login and set up ssh-keys on the server. Therefore, someone will need to have the private ssh-key to be able to access your server.

To generate a key:

ssh-keygen -t rsa -b 4096 -C 'comment'

There will be some prompts that guide you through the process. If you choose to save the key in the default location, this key will be used wheneve a custom key is not provided. You should take care however, since you can easily overwrite a key that was in use. The command generates two files, the private key and a public key ( has a .pub suffix).

To set up the key, copy the public key to the server by:

ssh-copy-id -i file.pub user@ipaddress

If you are copying the keys found in the default location i.e. ~/.ssh/id_rsa.pub, the -i option can be ignored.

Having set the key up on the server, you can log in using:

ssh -i /path/to/privatekey user@ipaddress

If using the default file location, the -i option can be ignored.

To disable the password login option, log into the server and edit the /etc/ssh/sshd_config file (to disable password access for the server) or ~/.ssh/config file (to disable password access for a specific user). The following line should be added to the file:

PasswordAuthentication no

After this, restart ssh using:

reload ssh

Host example.com
    ForwardAgent yes

eval $(ssh-agent)
ssh-add ~/.ssh/key

ssh-add -L

Enter
~
.