iw/servercode
1
0
Fork 0
mirror of https://github.com/IntenseWebs/servercode.git synced 2025-02-25 18:55:26 -06:00
Code Issues Packages Projects Releases Wiki Activity
aacd55a2b2
servercode/02-ssh-help.txt
IntenseWebs aacd55a2b2 Add Semaphore
2024-03-29 19:47:41 -05:00

111 lines
4.0 KiB
Plaintext
Raw Blame History

# ssh-keygen -t ed25519 -C "user@website.com"
# ssh-keygen -o -a 100 -t ed25519 -f ~/.ssh/id_ed25519 -C "john@example.com"
# Generate OpenSSH Private Key id_rsa and Public Key id_rsa.pub (4096, 7680, 15360)
ssh-keygen -t rsa -b 4096 -C "user@website.com"
# ENABLE root access during OS install with password but don't enable SSH remote login for 'root'.
# DEBIAN--LOGIN AS ROOT - Adding SUDO
su - root
sudo apt update && sudo apt upgrade
apt install sudo
# ADD username to /etc/sudoers right under root user
vi /etc/sudoers
# username ALL=(ALL) ALL
# vi /etc/sudoers.d/mynewuser
# mynewuser ALL=(ALL) NOPASSWD: ALL
chmod 440 /etc/sudoers.d/mynewuser
sudo apt install openssh-server
systemctl enable sshd
systemctl start sshd
# sudo firewall-cmd --add-service=ssh --permanent && firewall-cmd --reload
# Switchback to normal user and add public key to authorized_keys
cd ~
mkdir .ssh
cd .ssh
touch authorized_keys
cd ~
chmod go-w ~/
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
# Restart machine, Switchback to existing working machine with SSH authorized_keys installed
ssh-copy-id -f user@hostname.domain.com
# IMPORTANT -DISABLE SSH PASSWORDS - Only uses Public w/Private Keys for SSH. Local Console logins with passwords is still allowed.
su - root
cd /etc/ssh
vi /etc/ssh/sshd_config
PasswordAuthentication no
PermitRootLogin no
systemctl restart sshd
# TO REMOVE OLD KEYS FROM known_hosts file
ssh-keygen -f "/home/privacy/.ssh/known_hosts" -R "192.168.1.124"
----------------------------------------------------------
#AGENT for Private Keys on Linux - MANUAL run ssh-agent and add ssh private key.
eval "$(ssh-agent -s)"
chmod 600 /c/Users/username/Documents/SETTINGS/id_rsa
ssh-add /c/Users/username/Documents/SETTINGS/id_rsa
ssh-add /directory/my_id_rsa
# To create a systemd ssh-agent service, you need to create a file in ~/.config/systemd/user/ssh-agent.service because ssh-agent is user isolated.
vi ~/.config/systemd/user/ssh-agent.service
[Unit]
Description=SSH key agent
[Service]
Type=simple
Environment=SSH_AUTH_SOCK=%t/ssh-agent.socket
ExecStart=/usr/bin/ssh-agent -D -a $SSH_AUTH_SOCK
[Install]
WantedBy=default.target
vi ~/.config/environment.d/ssh_auth_socket.conf
SSH_AUTH_SOCK="${XDG_RUNTIME_DIR}/ssh-agent.socket"
systemctl --user enable --now ssh-agent
#And, if you are using ssh version higher than 7.2.
echo 'AddKeysToAgent yes' >> ~/.ssh/config
# This will instruct the ssh client to always add the key to a running agent, so there's no need to ssh-add it beforehand. Note that when you create the ~/.ssh/config file you may need to run:
chmod 600 ~/.ssh/config
---------------------------------------------------------
# FOR WINDOWS - Add the ssh-agent as a auto-starting Service. KeyPassXC will add the private keys to the agent when it starts.
https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.1.0.0p1-Beta
https://learn.microsoft.com/en-us/windows-server/administration/openssh/openssh_keymanagement#user-key-generation
# Powershell install
dism /online /Get-Capabilities /Format:Table | findstr -i ssh
Get-WindowsCapability -Online | Where-Object Name -like 'OpenSSH*'
Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0
dism /online /Remove-Capability /CapabilityName:OpenSSH.Client~~~~0.0.1.0
Get-Service ssh-agent | Set-Service -StartupType Automatic
Start-Service ssh-agent
Get-Service ssh-agent
Status Name DisplayName
------ ---- -----------
Running ssh-agent OpenSSH Authentication Agent
# List Keys in ssh-agent
ssh-add -l
ssh-add -L
Could be multiple things; here are just a couple. 1. If you were using authorized_keys, were they copied to new user on Rocky? 2. Is sshd enabled on Rocky? systemctl status sshd 3. Firewall opened on Rocky? firewall-cmd --add-service=ssh --permanent 4. Permissions need reset on .ssh & authorized_keys; happens a lot more than you may realize. 5. Hopefully not root ssh login? Check /etc/ssh/sshd_config PasswordAuthentication PermitRootLogin Values 6. Is SSH Private Key added to SSH Agent?
Reference in New Issue View Git Blame Copy Permalink