iw/servercode
1
0
Fork 0
mirror of https://github.com/IntenseWebs/servercode.git synced 2025-02-25 18:55:26 -06:00
Code Issues Packages Projects Releases Wiki Activity
8c8264c069
servercode/02-ssh-help.txt

104 lines
3.2 KiB
Plaintext
Raw Blame History

# Generate OpenSSH Private Key id_rsa and Public Key id_rsa.pub
ssh-keygen -t rsa -b 4096 -C "user@website.com"
# ENABLE root access during OS install with password but don't enable SSH remote login for 'root'.
# DEBIAN--LOGIN AS ROOT - Adding SUDO
su - root
sudo apt update && sudo apt upgrade
apt install sudo
# ADD username to /etc/sudoers right under root user
vi /etc/sudoers
# username ALL=(ALL) ALL
sudo apt install openssh-server
systemctl enable sshd
systemctl start sshd
firewall-cmd --add-service=ssh --permanent
firewall-cmd --reload
# Switchback to normal user and add public key to authorized_keys
cd ~
mkdir .ssh
cd .ssh
touch authorized_keys
cd ~
chmod go-w ~/
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
# Restart machine, Switchback to existing working machine with SSH authorized_keys installed
ssh-copy-id -f iw@192.168.1.127
# IMPORTANT -DISABLE SSH PASSWORDS - Only uses Public w/Private Keys for SSH. Local Console logins with passwords is still allowed.
su - root
cd /etc/ssh
vi /etc/ssh/sshd_config
PasswordAuthentication no
PermitRootLogin no
systemctl restart ssh
# TO REMOVE OLD KEYS FROM known_hosts file
ssh-keygen -f "/home/privacy/.ssh/known_hosts" -R "192.168.1.200"
----------------------------------------------------------
#AGENT for Private Keys on Linux - MANUAL run ssh-agent and add ssh private key.
eval "$(ssh-agent -s)"
chmod 600 /c/Users/username/Documents/SETTINGS/id_rsa
ssh-add /c/Users/username/Documents/SETTINGS/id_rsa
# To create a systemd ssh-agent service, you need to create a file in ~/.config/systemd/user/ssh-agent.service because ssh-agent is user isolated.
vi ~/.config/systemd/user/ssh-agent.service
[Unit]
Description=SSH key agent
[Service]
Type=simple
Environment=SSH_AUTH_SOCK=%t/ssh-agent.socket
ExecStart=/usr/bin/ssh-agent -D -a $SSH_AUTH_SOCK
[Install]
WantedBy=default.target
vi ~/.config/environment.d/ssh_auth_socket.conf
SSH_AUTH_SOCK="${XDG_RUNTIME_DIR}/ssh-agent.socket"
systemctl --user enable --now ssh-agent
#And, if you are using ssh version higher than 7.2.
echo 'AddKeysToAgent yes' >> ~/.ssh/config
# This will instruct the ssh client to always add the key to a running agent, so there's no need to ssh-add it beforehand. Note that when you create the ~/.ssh/config file you may need to run:
chmod 600 ~/.ssh/config
---------------------------------------------------------
# FOR WINDOWS - Add the ssh-agent as a auto-starting Service. KeyPassXC will add the private keys to the agent when it starts.
https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.1.0.0p1-Beta
https://learn.microsoft.com/en-us/windows-server/administration/openssh/openssh_keymanagement#user-key-generation
# Powershell install
dism /online /Get-Capabilities /Format:Table | findstr -i ssh
Get-WindowsCapability -Online | Where-Object Name -like 'OpenSSH*'
Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0
dism /online /Remove-Capability /CapabilityName:OpenSSH.Client~~~~0.0.1.0
Get-Service ssh-agent | Set-Service -StartupType Automatic
Start-Service ssh-agent
Get-Service ssh-agent
Status Name DisplayName
------ ---- -----------
Running ssh-agent OpenSSH Authentication Agent
# List Keys in ssh-agent
ssh-add -l
ssh-add -L
Reference in New Issue View Git Blame Copy Permalink