Kiel instali kaj agordi SSH-servilo en Debian Linukso?

Instalado kaj provi la SSH Servilo

You will need to be root to do the following

su

  1. Instali SSH Servilo

    apt install openssh-server
     

  2. Kontroli se la servilo procezo ekzistas. Tiu indikas la instaladon iris bone.

    ps -A | grep sshd

    eligo (aŭ simila): 1753 ? 00:00:00 sshd

     

  3. Instali SSH Kliento por kontroli la SSH Servilo ligo

    apt install openssh-client

    Konekti al localhost testi ligo

    ssh localhost

    Ankaŭ ensaluti kun la interfaco IP

    Akiri IP adreso

    ip addr

    SSH al la IP-adreso

    ssh {ipaddress here}
     

Securing the SSH Server

It is a good idea to secure the SSH server by disallowing root to login and configuring login only by public key i.e. login using passwords is not allowed

Ensure to execute the following commands as your user and not as root

  1. Navigate to the user home directory

    cd
     

  2. Kontrolu se .ssh ekzistas

    ls -a
     

  3. Se .ssh ne ekzistas, krei ĝin

    mkdir .ssh
     

  4. Agordu la dosierujo permeson 700

    chmod 700 .ssh
     

  5. Create the authorized_keys file

    touch ./.ssh/authorized_keys
     

  6. Change permission on the authorized_keys file to 600

    chmod 600 ./.ssh/authorized_keys
     

  7. Open the authorized_keys file

    nano ./.ssh/authorized_keys
     

  8. Paste your public key into the file

    You can get your public key from the SSH client. If the client is Fenestroj 10 then it will be in the %USERPROFILE%/.ssh/id_rsa.pub file. If the client is Debiano then the public key is ~/.ssh/id_rsa.pub.

    If your public key does not exist, generate it on the client machine

    ssh-keygen -t rsa -C "email@domain.com"
     

  9. Change to root user

    su

  10. Configure your SSH server to accept only public key logins and prevent login for root

    nano /etc/ssh/sshd_config

    Uncomment and/or edit the following lines

    PermitRootLogin no
    StrictModes yes
    PubkeyAuthentication yes
    AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2
    PasswordAuthentication no
     

  11. Restart the sshd service

    service sshd restart
     

  12. Try logging in as root from your SSH client using password

    ssh root@{ssh server ip address}

    eligo: Permission denied (publickey).

     

  13. Try logging in as username from your SSH client using password

    ssh username@{ssh server ip address}

    eligo: Permission denied (publickey).

     

  14. Try logging in as root from your SSH client using the public key

    ssh root@{ssh server ip address} -i .ssh/id_rsa

    eligo: Permission denied (publickey).

     

  15. Log in as username from your SSH client using the public key

    ssh username@{ssh server ip address} -i .ssh/id_rsa
     

If your SSH client has a static IP address then you may want to consider only your IP address can login to the SSH server.

Lasi Respondon