User Tools

Site Tools


Enable SSH Access with a key

1. Create public/private key pair

  $ ssh-keygen -t rsa -b 4096 -C "your_email@example.com"

2. Copy the contents of the id_rsa.pub file to the clipboard

  $ pbcopy < ~/.ssh/id_rsa.pub

3. Create config file

  $ cd ~/.ssh
  $ cat >> config
  Host turris
Hostname 192.168.1.1
Port 22
User root
IdentityFile ~/.ssh/id_rsa

If remote-editing (using Sublime Text, TextMate, or VS Code) is desired, modify config to resemble:

  Host 192.168.1.1
    IdentityFile ~/.ssh/id_rsa
    RemoteForward 52698 localhost:52698

4. Press ⌃+D to end editing

Turris configuration

1. Connect to Turris

  $ ssh root@192.168.1.1

2. Create authorize_keys file

  On router:
  # mkdir ~/.ssh
  # chmod 0700 ~/.ssh
  On your PC:
  $ ssh root@192.168.1.1 "tee -a ~/.ssh/authorized_keys" < ~/.ssh/id_rsa.pub
  On router:
  # chmod 0600 ~/.ssh/authorized_keys
  

Hardening ssh

If you want to be sure that nobody can log in with the password without having the key, edit the configuration file of the sshd service and restart it:

  # vi /etc/ssh/sshd_config
  
  change the following strings:
  '#PasswordAuthentication yes' in 'PasswordAuthentication no'
  '#ChallengeResponseAuthentication yes' in 'ChallengeResponseAuthentication no'
  
  (save the file and exit from vi)
  
  # service sshd restart