Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

SSH Setup

On remote, SSH must be installed and running

sudo apt install openssh-server # also maybe openssh-client

check if its running or not

sudo systemctl status ssh

enable if not running

sudo systemctl enable --now ssh # enable and start it now

Firewalls? Allow for ssh connections on the computer, (also check for network based firewalls)

sudo systemctl status ufw # check if enabled and running
sudo ufw allow ssh # allow ssh on the machine firewall

SSH into the remote machine

ssh user@ip
ssh user@hostname

# eg.
# ssh dg@192.168.1.106

Accept the fingerprint

IMPORTANT NOTE: If you ever see the message for fingerprint again on the same machine that you've connected from before, but you have not done anything on the server such that it could change, DONT CONNECT VIA SSH. YOU ARE IN A MAN IN THE MIDDLE ATTACK. THATS NOT THE MACHINE YOU THINK YOU ARE CONNECTING TO, SOMEONE MALICIOUS MIGHT BE IN THE MIDDLE.

You should be logged in to the remote machine as the user

Updates / Upgrade the system

apt update -y && apt upgrade -y

Change the root users password

passwd root

Add local user and give them sudo permissions

adduser username

usermod -aG sudo dg
usermod -aG wheel dg

Logout and login as a normal user

ssh dg@ipaddress

Setup ssh keys

Generate on the LOCAL machine

https://docs.github.com/en/authentication/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent

Add it to authorized_keys on the remote machine

scp it or copy it

mkdir ~/.ssh
cd ~/.ssh
touch authorized_keys
echo <copiedcontent> >> authorized_keys

Now exit and we can log back in without providing any password, it uses our keys to check if we are there or not

Disable password login via ssh entirely

Untitled

PasswordAuthentication no
PubKeyAuthentication yes

Now henceforth, we cannot login with a password. Here the public key was for a user dg not root and we were not allowed for password prompts. We can only login with the ssh keys.

Untitled

Disable ssh logins for root user

# /etc/ssh/sshd_config
PermitRootLogin no

sudo service restart ssh

Firewall

Lock things down to not expose any more than whats needed

Change default ssh port? 22 as default but can be changed

# /etc/ssh/sshd_config
Port 4242

Unattended upgrades package for servers

Go ahead and work with your machine from this point!