User Tools

Site Tools


Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
en:public:enable_ssh_access [2018/12/01 03:04]
phil
en:public:enable_ssh_access [2020/01/16 00:48] (current)
lucenera [Hardening ssh]
Line 13: Line 13:
     $ cd ~/.ssh     $ cd ~/.ssh
     $ cat >> config     $ cat >> config
-    Host 192.168.1.1 +    Host turris 
-      IdentityFile ~/​.ssh/​id_rsa+ Hostname ​192.168.1.1 
 + Port 22 
 + User root 
 + IdentityFile ~/​.ssh/​id_rsa
  
 If remote-editing (using Sublime Text, TextMate, or VS Code) is desired, modify //config// to resemble: If remote-editing (using Sublime Text, TextMate, or VS Code) is desired, modify //config// to resemble:
Line 32: Line 35:
 2. Create //​authorize_keys//​ file 2. Create //​authorize_keys//​ file
  
 +    On router:
     # mkdir ~/.ssh     # mkdir ~/.ssh
     # chmod 0700 ~/.ssh     # chmod 0700 ~/.ssh
-    # cat >> ​~/​.ssh/​authorized_keys+    ​On your PC: 
 +    $ ssh root@192.168.1.1 "tee -a ~/​.ssh/​authorized_keys"​ < ~/​.ssh/​id_rsa.pub 
 +    On router: 
 +    ​chmod 0600 ~/​.ssh/​authorized_keys 
 +     
 +===== Hardening ssh =====
  
-3. Press ⌘+V to paste the contents of clipboard into //​authorized_keys//​ +If you want to be sure that nobody can log in with the password without having the key, edit the configuration ​file of the sshd service and restart it:
- +
-4. Press ⌃+D to end editing +
- +
-5. Set file permissions +
- +
-    # chmod 0600 ~/​.ssh/​authorized_keys+
  
 +    # vi /​etc/​ssh/​sshd_config
 +    ​
 +    change the following strings:
 +    '#​PasswordAuthentication yes' in '​PasswordAuthentication no'
 +    '#​ChallengeResponseAuthentication yes' in '​ChallengeResponseAuthentication no'
 +    ​
 +    (save the file and exit from vi)
 +    ​
 +    # service sshd restart