Comment installer et configurer le serveur SSH sur Debian Linux?

Installation et test du serveur SSH

You will need to be root to do the following

su

  1. Installez serveur SSH

    apt install openssh-server
     

  2. Vérifiez si le processus serveur existe. Cela indique l'installation a été bien.

    ps -A | grep sshd

    Sortie (ou similaire): 1753 ? 00:00:00 sshd

     

  3. Installer le client SSH pour vérifier la connexion SSH Server

    apt install openssh-client

    Connectez-vous à localhost pour tester la connexion

    ssh localhost

    Identifiez-vous aussi avec l'adresse IP de l'interface

    Obtenir l'adresse IP

    ip addr

    SSH à l'adresse IP

    ssh {ipaddress here}
     

Securing the SSH Server

It is a good idea to secure the SSH server by disallowing root to login and configuring login only by public key i.e. login using passwords is not allowed

Ensure to execute the following commands as your user and not as root

  1. Navigate to the user home directory

    cd
     

  2. Vérifiez si existe .ssh

    ls -a
     

  3. Si .ssh n'existe pas, créer

    mkdir .ssh
     

  4. Définissez l'autorisation de dossier 700

    chmod 700 .ssh
     

  5. Create the authorized_keys file

    touch ./.ssh/authorized_keys
     

  6. Change permission on the authorized_keys file to 600

    chmod 600 ./.ssh/authorized_keys
     

  7. Open the authorized_keys file

    nano ./.ssh/authorized_keys
     

  8. Paste your public key into the file

    You can get your public key from the SSH client. If the client is Fenêtres 10 then it will be in the %USERPROFILE%/.ssh/id_rsa.pub fichier. If the client is Debian then the public key is ~/.ssh/id_rsa.pub.

    If your public key does not exist, generate it on the client machine

    ssh-keygen -t rsa -C "email@domain.com"
     

  9. Change to root user

    su

  10. Configure your SSH server to accept only public key logins and prevent login for root

    nano /etc/ssh/sshd_config

    Uncomment and/or edit the following lines

    PermitRootLogin no
    StrictModes yes
    PubkeyAuthentication yes
    AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2
    PasswordAuthentication no
     

  11. Restart the sshd service

    service sshd restart
     

  12. Try logging in as root from your SSH client using password

    ssh root@{ssh server ip address}

    Sortie: Permission denied (publickey).

     

  13. Try logging in as username from your SSH client using password

    ssh username@{ssh server ip address}

    Sortie: Permission denied (publickey).

     

  14. Try logging in as root from your SSH client using the public key

    ssh root@{ssh server ip address} -i .ssh/id_rsa

    Sortie: Permission denied (publickey).

     

  15. Log in as username from your SSH client using the public key

    ssh username@{ssh server ip address} -i .ssh/id_rsa
     

If your SSH client has a static IP address then you may want to consider only your IP address can login to the SSH server.

Laisser un commentaire