With reference to the discussion with @Keith on hardware keys, a very basic setup for ssh involves installing (on Ubuntu as a point of reference) openssh-client and openssh-server packages. Once installed (especially on the server) immediately edit;
/etc/ssh/sshd_config
Search for “assword” and make sure you have;
PasswordAuthentication no
If you changed anything, do service ssh restart. This will prevent anyone from logging into that system just using a username and password. Next, go to your client machine and do;
ssh-keygen
To get going, accepting the defaults should work for you. Next, on the server system, go to the user account you will be logging in to and;
sudo su - user
mkdir .ssh
cd .ssh
touch authorized_keys2
chmod 600 authorized_keys2
edit authorized_keys2
Then paste in the contents of the public key from your client machine, i.e. the contents of;
~/.ssh/id_rsa.pub
At this point, save authorized_keys2 and you should (!) be good to go, on your client machine;
ssh user@ip_address
Where user is the name of the user you set up on the server, and ip_address is the name or IP address of the server. The client machine should now have a working shell session on the server machine. If you don’t want to use the ip_address, all you need do is add an entry in /etc/hosts;
1.2.3.4 server_name
(where 1.2.3.4 is your real IP address, and server_name is the name you want to reference the server as)
If you get stuck add -v to your ssh command and it should give some pretty verbose feedback about what it’s doing. On the server, you can look in /var/log/auth.log and it should also give some indication of why it’s failing.
I may have skipped something or something isn’t clear, if you try this and it breaks, let me know and I’ll attempt to improve it.
2 posts - 2 participants
