Comprehensive SSH Configuration

Posted on Dec 29, 2024

Introduction

The Secure Shell (SSH) protocol is a cryptographic network protocol designed for secure communication over an unsecured network. It is widely used for remote login and command-line execution, replacing older, insecure protocols like Telnet and rsh. This guide will explain how to configure SSH and manage keys.

How To Use SSH Keys

SSH key-based authentication is more secure and convenient than passwords. The client creates a private key and sends a public key to the server.

  1. Create a Key Pair on the Client

Run the following command to generate a new SSH key pair:

$ ssh-keygen -t ed25519 -a 100 -f ~/.ssh/id_ed25519 -C "your_email@example.com"

This will create two files:

  • id_ed25519: The private key (keep this secure!)
  • id_ed25519.pub: The public key
  1. Copy Public Key to the Server

Use the ssh-copy-id tool to copy your public key to the server:

$ ssh-copy-id -i ~/.ssh/id_ed25519.pub user@127.0.2.1

Alternatively, manually append the public key to the server’s ~/.ssh/authorized_keys file:

$ cat ~/.ssh/id_ed25519.pub >> ~/.ssh/authorized_keys
$ chmod 600 ~/.ssh/authorized_keys
  1. Start the SSH Authentication Agent

Start the agent to manage your keys:

$ eval $(ssh-agent -s)
  1. Add Your Private Key to the Agent

Load your private key into the SSH agent:

$ ssh-add ~/.ssh/id_ed25519

Verify that the key has been added:

$ ssh-add -l

SSH Daemon (sshd) Configuration File

The SSH daemon settings can be fully configured through its file located at /etc/ssh/sshd_config. Open it with a text editor:

# vi /etc/ssh/sshd_config

Recommended settings:

PermitRootLogin no
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
PasswordAuthentication no

After modifying the configuration, restart the SSH daemon to apply changes:

# systemctl restart sshd

Verify SSH Connection

After setting up your keys and configuration, test your connection to the server:

$ ssh user@server_ip

Troubleshooting Common Issues

  1. Permissions Errors

Ensure the following permissions on your SSH-related files:

$ chmod 700 ~/.ssh
$ chmod 600 ~/.ssh/id_rsa
$ chmod 644 ~/.ssh/id_rsa.pub
  1. Debugging Connection Issues

Use verbose mode to diagnose issues:

$ ssh -vvv user@server_ip