Free Hosting Online for WorkStations

< Previous | Contents | Next >

5.3.2. Configuring SSH for Remote Logins‌


SSH allows you to remotely log into a machine, transfer files, or execute commands. It is an indus- try standard tool (ssh) and service (sshd) for connecting to machines remotely.

While the openssh-server package is installed by default, the SSH service is disabled by default and thus is not started at boot time. You can manually start the SSH service with systemctl start ssh or configure it to start at boot time with systemctl enable ssh.

The SSH service has a relatively sane default configuration, but given its powerful capabilities and sensitive nature, it is good to know what you can do with its configuration file, /etc/ssh/sshd_ config. All the options are documented in sshd_config(5).

The default configuration disables password-based logins for the root user, which means you must first set up SSH keys with ssh-keygen. You can extend this to all users by setting PasswordAuthentication to no, or you can lift this restriction by changing PermitRootLogin to yes (instead of the default prohibit-password). The SSH service listens by default on port 22 but you can change this with the Port directive.

To apply the new settings, you should run systemctl reload ssh.


Generating New SSH Host Each SSH server has its own cryptographic keys; they are named “SSH host keys”

Keys and are stored in /etc/ssh/ssh_host_*. They must be kept private if you want confidentiality and they should not be shared by multiple machines.

When you install your system by copying a full disk image (instead of using debian- installer), the image might contain pre-generated SSH host keys that you should thus replace with newly-generated keys. The image probably also comes with a default root password that you want to reset at the same time. You can do all this with the following commands:

# passwd

[...]

# rm /etc/ssh/ssh_host_*

# dpkg-reconfigure openssh-server

# service ssh restart


Top OS Cloud Computing at OnWorks: