SSH is a service used to connect remotely from one machine to another. It is used on pretty much all operating systems except Windows.
In this example, I use two machines. The workstation is the machine we are connecting from and the server is the machine we are connecting to.
First off, make sure SSH (ssh, ssh-keygen) is installed. Since I use Arch Linux it’s already there by default. A quick search yields this site with instructions for Ubuntu.
On the workstation
Generate a long enough keypair. Keypair - a pair of keys. A public key and a private key. The two keys are actually two long numbers working nicely together for encryption and decryption.
I use a key length of 4096 bits (at the time of writing this) and a key type of RSA (meaning we use the RSA algorithm for encryption and decryption). By default, ssh-keygen asks to save the keys as ~/.ssh/id_rsa for the private key, and ~/.ssh/id_rsa.pub for the public key.
ssh-keygen -t rsa -b 4096
Create a new file in ~/.ssh/config with the following content:
Host <HOST-NICKNAME> Hostname <IP-OR-HOSTNAME> Port <PORT> User <USERNAME> IdentityFile <PATH-TO-GENERATED-PRIVATE-KEY>
To transfer your public key on to the server,
use $ ssh-copy-id
On the server
Edit the file /etc/ssh/sshd_config so it contains these two lines.
RSAAuthentication yes PubkeyAuthentication yes
For various reasons I have also changed the following settings for the ssh daemon:
PermitRootLogin no PasswordAuthentication no X11Forwarding yes PrintMotd no
Why on earth did I set these?
Makes sure no one can access the server via the root account. It is highly unlikely (impossible) that anyone would brute-force this since the root user on my machine has a really long randomly generated password. Also this line is made redundant by the following line, since my root user don’t have any keys generated. I have no idea why I set this in the first place.
Make sure you have already copied your public key from a workstation here if you decide to use my additional settings, since you no longer will be able to ssh with a password.
Allows me to run graphical programs from the server on my
workstation. Pretty darn cool feature. Use ssh
Motd - message of the day. I feel like I can live without it, but it can be really useful. Like listing if any upgrades are available or if any errors on some services need my immediate attention.
Also, do not forget to reload the sshd config to put the new settings in effect. Since I have a Raspberry Pi running some version of Raspbian, I use service ssh reload to do just that.