Comprehensive SSH Configuration
Introduction
The Secure Shell (SSH) protocol is a cryptographic network protocol designed for secure communication over an unsecured network. It is widely used for remote login and command-line execution, replacing older, insecure protocols like Telnet and rsh. This guide will explain how to configure SSH and manage keys.
How To Use SSH Keys
SSH key-based authentication is more secure and convenient than passwords. The client creates a private key and sends a public key to the server.
- Create a Key Pair on the Client
Run the following command to generate a new SSH key pair:
$ ssh-keygen -t ed25519 -a 100 -f ~/.ssh/id_ed25519 -C "your_email@example.com"
This will create two files:
id_ed25519
: The private key (keep this secure!)id_ed25519.pub
: The public key
- Copy Public Key to the Server
Use the ssh-copy-id tool to copy your public key to the server:
$ ssh-copy-id -i ~/.ssh/id_ed25519.pub user@127.0.2.1
Alternatively, manually append the public key to the server’s ~/.ssh/authorized_keys
file:
$ cat ~/.ssh/id_ed25519.pub >> ~/.ssh/authorized_keys
$ chmod 600 ~/.ssh/authorized_keys
- Start the SSH Authentication Agent
Start the agent to manage your keys:
$ eval $(ssh-agent -s)
- Add Your Private Key to the Agent
Load your private key into the SSH agent:
$ ssh-add ~/.ssh/id_ed25519
Verify that the key has been added:
$ ssh-add -l
SSH Daemon (sshd) Configuration File
The SSH daemon settings can be fully configured through its file located at /etc/ssh/sshd_config. Open it with a text editor:
# vi /etc/ssh/sshd_config
Recommended settings:
PermitRootLogin no
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
PasswordAuthentication no
After modifying the configuration, restart the SSH daemon to apply changes:
# systemctl restart sshd
Verify SSH Connection
After setting up your keys and configuration, test your connection to the server:
$ ssh user@server_ip
Troubleshooting Common Issues
- Permissions Errors
Ensure the following permissions on your SSH-related files:
$ chmod 700 ~/.ssh
$ chmod 600 ~/.ssh/id_rsa
$ chmod 644 ~/.ssh/id_rsa.pub
- Debugging Connection Issues
Use verbose mode to diagnose issues:
$ ssh -vvv user@server_ip