jpnt website

Comprehensive SSH Configuration

Posted on Dec 29, 2024

Introduction

The Secure Shell (SSH) protocol is a cryptographic network protocol designed for secure communication over an unsecured network. It is widely used for remote login and command-line execution, replacing older, insecure protocols like Telnet and rsh. This guide will explain how to configure SSH, manage keys, and integrate SSH with GitHub Actions.

How To Use SSH Keys

SSH key-based authentication is more secure and convenient than passwords. The client creates a private key and sends a public key to the server.

  1. Create a Key Pair on the Client

Run the following command to generate a new SSH key pair:

$ ssh-keygen -t ed25519 -a 100 -f ~/.ssh/id_ed25519 -C "your_email@example.com"

This will create two files:

  • id_ed25519: The private key (keep this secure!)
  • id_ed25519.pub: The public key
  1. Copy Public Key to the Server

Use the ssh-copy-id tool to copy your public key to the server:

$ ssh-copy-id -i ~/.ssh/id_ed25519.pub user@127.0.2.1

Alternatively, manually append the public key to the server’s ~/.ssh/authorized_keys file:

$ cat ~/.ssh/id_ed25519.pub >> ~/.ssh/authorized_keys
$ chmod 600 ~/.ssh/authorized_keys
  1. Start the SSH Authentication Agent

Start the agent to manage your keys:

$ eval $(ssh-agent -s)
  1. Add Your Private Key to the Agent

Load your private key into the SSH agent:

$ ssh-add ~/.ssh/id_ed25519

Verify that the key has been added:

$ ssh-add -l

SSH Daemon (sshd) Configuration File

The SSH daemon settings can be fully configured through its file located at /etc/ssh/sshd_config. Open it with a text editor:

# vi /etc/ssh/sshd_config

Recommended settings:

PermitRootLogin no
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
PasswordAuthentication no

After modifying the configuration, restart the SSH daemon to apply changes:

# systemctl restart sshd

Verify SSH Connection

After setting up your keys and configuration, test your connection to the server:

$ ssh user@server_ip

Troubleshooting Common Issues

  1. Permissions Errors

Ensure the following permissions on your SSH-related files:

$ chmod 700 ~/.ssh
$ chmod 600 ~/.ssh/id_rsa
$ chmod 644 ~/.ssh/id_rsa.pub
  1. Debugging Connection Issues

Use verbose mode to diagnose issues:

$ ssh -vvv user@server_ip