Skip to content

Instantly share code, notes, and snippets.

@smac89 smac89/SSHServerSetup.md
Last active May 10, 2020

Embed
What would you like to do?
Set up an ssh server with public key encryption. #ssh

Server

Create the user group and add the users you want to be part of this group:

sudo groupadd sshusers
sudo usermod -a -G sshusers <username>

Client

# Generate key and create password
ssh-keygen -t rsa -b 4096 -f ~/.ssh/id_rsa_server_name

eval $(ssh-agent)
ssh-agent add ~/.ssh/id_rsa_server_name

Next edit your ~/.ssh/config with the following:

Host server_name
    User username
    HostName 192.168.0.225 #The address the server is listening on (doesn't have to be the same as server)
    Port 1337
    IdentitiesOnly yes
    IdentityFile ~/.ssh/id_rsa_server_name

Now copy the public key to your server:

ssh-copy-id -i ~/.ssh/id_rsa_server_name.pub server_name

Server

Setting up the ssh-server

edit /etc/ssh/sshd with the following configurations (backup first)

Port 1337
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
ListenAddress 192.168.0.225

# Authentication:
LoginGraceTime 120
PermitRootLogin no
StrictModes yes

RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile      %h/.ssh/authorized_keys

# Change to no to disable tunnelled clear text passwords
PasswordAuthentication no

# Kerberos options
KerberosAuthentication no
#KerberosGetAFSToken no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes

# GSSAPI options
GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

UsePAM yes
AllowGroups sshusers
MaxStartups 2

Restart sshd

sudo service sshd restart

Client

Now you can do the following to login to the server:

ssh server_name

If everything has been done well, you should not be prompted for a password and simply find yourself logged in

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.