------------------------------------------------------------------------------------- / _ \ \_\(_)/_/ _//"\\_ JOHLEM.net / \ https://johlem.net/V1/topics/cheatsheet.php ------------------------------------------------------------------------------------- --- CHEATSHEET SSH scr: https://www.prado.it/2018/12/22/how-to-harden-ssh-access-to-a-freebsd-11-2-box/ src: https://serverfault.com/questions/789396/ssh-copy-id-specifying-which-key-and-without-password src: https://serverfault.com/questions/617081/how-to-use-both-allowgroups-and-allowusers-in-sshd-config src: https://www.quennec.fr/trucs-astuces/systèmes/gnulinux/commandes/ssh/copier-la-clé-dun-host-dans-le-fichier-authorizedkeys-dun-host-distant src: https://www.digitalocean.com/community/tutorials/how-to-set-up-ssh-keys-2 src: https://www.digitalocean.com/community/tutorials/how-to-configure-ssh-key-based-authentication-on-a-linux-server src: https://linuxhint.com/configure-run-sudo-freebsd/ #Use ssh-copy-id on a different port $ ssh-copy-id "user@host -p 6842" OR $ cat /home/bob/.ssh/id_rsa.pub | ssh bob@myserver 'cat >> .ssh/authorized_keys' #Creating SSH keys on Debian ssh-keygen -t rsa -b 4096 -C "your_email@domain.com" #To check the SSH key pair was generated ls ~/.ssh/id_* #Copy the Public Key to the Server ssh-copy-id remote_username@server_ip_address note: Once the user is authenticated, the content of the public key file (~/.ssh/id_rsa.pub) will be appended to the remote user ~/.ssh/authorized_keys file, and connection will be closed. ---- If the ssh-copy-id utility is not available on your local machine, use the following command to copy the public key: cat ~/.ssh/id_rsa.pub | ssh remote_username@server_ip_address "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys" ----- #Login to the Server using SSH Keys ssh remote_username@server_ip_address note: if you haven’t set a passphrase, you will be logged in immediately. Otherwise, you will be prompted to enter the passphrase. #Disabling SSH Password Authentication sudo vim /etc/ssh/sshd_config PasswordAuthentication no ChallengeResponseAuthentication no UsePAM no #restart the SSH service: sudo systemctl restart ssh #PURPOSE OF EMAIL AT THE END OF SSH PUBLIC KEY $ cat .ssh/id_rsa.pub ssh-rsa AAAA[...lots of characters...]bpL johndoe@gmail.com 1-Most likely to identify who created the key. 2- It is just a comment. But as said at 1: probably so you know you created it. Useful when more than 1 administrator is administrating the system. 3- Yes, you can add anything in place of your e-mail. And since it is the last part of it you do not have to use anything special for spaces etc. Extra: ssh-keygen -c to change it for RSA1 keys (only works for RSA1). #Adding or changing a passphrase You can change the passphrase for an existing private key without regenerating the keypair by typing the following command: $ ssh-keygen -p -f ~/.ssh/id_ed25519 > Enter old passphrase: [Type old passphrase] > Key has comment 'your_email@example.com' > Enter new passphrase (empty for no passphrase): [Type new passphrase] > Enter same passphrase again: [Repeat the new passphrase] > Your identification has been saved with the new passphrase. If your key already has a passphrase, you will be prompted to enter it before you can change to a new passphrase. #SSH ALIAS ssh john@dev.example.com -p 22 o connect to the server using the same options as provided in the command above, simply by typing ssh dev, put the following lines to your "~/.ssh/config file: ~/.ssh/config Host dev HostName dev.example.com User john Port 22 Now when you type ssh dev, the ssh client will read the configuration file and use the connection details that are specified for the dev host: