BACK

SSHd Server

HowTO setup SSH server on Ubuntu 20.04

INTRO - OBJ

Install sshd server, (remote login)
Setup passwordless login

BOOKs

SSH, The Secure Shell: The Definitive Guide (2nd Edition)
SSH Mastery: OpenSSH, PuTTY, Tunnels and Keys (IT Mastery) (2nd Edition)

DOCs

UBUNTU Official OpenSSH Server
LINUX Jornal - Mastering OpenSSH
Set up passwordless login in PuTTY

VIDs


CONFIGs

/etc/ssh/sshd_config

-- Prerequisites

Functioning Ubuntu 20.04 server

00 Update

update

01 Install SSH server

install openssh-server

02 Check install successful

systemctl status sshd

03 Backup config file

sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.orig

04-CLIENT- Generate SSH Keys (default location ~/.ssh/id_rsa.pub)

ssh-keygen -t rsa

05 Copy the id_rsa.pub file to the remote host (from CLIENT BOX)

ssh-copy-id username@remotehostIP

06-SERVER BOX- Change permissions on the authorized_keys file and .ssh DIR

chmod 600 .ssh/authorized_keys (TRY FIRST)
chmod 700 ~/.ssh

00 Check if keys appended to authorized_keys file

cat .ssh/authorized_keys

07 Configure the ssh server

sudo vim /etc/ssh/sshd_config

# Disable root login for better security:
PermitRootLogin no

# Enable PKI
PubkeyAuthentication yes

# Optional (CAREFULL not to Lock yoursell out)
# PasswordAuthentication no

# Optional, not sure if needed
# RSAAuthentication yes

# Optional, Change the default port (22) to something less common
# Port 2222

Disable SSH Banner (/etc/ssh/sshd_config) (/etc/ssh/sshd_config.d/10-my-sshd-settings.conf) DebianBanner no Ignore rhosts (legacy rsh protocol) IgnoreRhosts yes Install fail2ban and configure it to protect SSH

08 Restart SSH serivce

sudo systemctl restart sshd.service

DONE!! you should now be able to ssh in passwordless



01 Install fail2ban

sudo apt install fail2ban

02 Configure fail2ban

*************************
***** Windows PuTTY *****
*************************

1

-Setup Passwordless login w/ PuTTY -Open the puttygen.exe -Select Parameters -> RSA -Select Actions -> Generate -Select Actions -> Save Public Key (no extension) -Select Actions -> Save Private Key (no extension) -Click Yes to save without a passphrase -Upload the public key via FTP client such as Filezilla. (/home/user) -Login Linux Ubuntu server -IF NOT create an /.ssh directory # mkdir .ssh -Check directory permissions # chmod 700 .ssh -Append the public key to '~/.ssh/authorized_keys' # ssh-keygen -i -f publickey >> ~/.ssh/authorized_keys -Check authorized_keys permissions # chmod 600 ~/.ssh/authorized_keys -Remove uploaded publickey file # rm publickey *** PuTTY Login ***** -Configuration box, click Connection > SSH > Auth > Credentials > Browse > publickey -Saved Session Host Name: yourserver.dreamhost.com (This is your DreamHost servername) Port: 22 Connection Type: SSH Saved Session: Enter a new name -Click the Save button -ALL SET, next time you open PuTTY and hit load it should login with out a password.

2

3

4

5