Skip to content

ssh Guide

Jump to bottom
Marcel Schmalzl edited this page May 7, 2020 · 24 revisions

SSH Guide

Following scenario:

You have one PC (let's call it host or server) and another mobile PC (called guest), you want to access your PC from your guest via ssh.

Short version

Server (to be accessed)

  1. Install ssh-server: sudo apt-get install openssh-server or sudo pacman -S openssh
  2. Check ssh-deamon status: systemctl status sshd

Client (accesser)

  1. DEBIAN-base Systems only: Install ssh-client sudo apt-get install openssh-client

Initital Setup

First you need ssh-server installed on server via:

# For Debian-based systems
sudo apt-get install openssh-server
# For Arch-based systems
sudo pacman -S openssh

Check status of ssh-daemon with:

sudo service sshd status
# should print something with 'Active: active (running)'

# If you use systemd
systemctl status sshd

# Start service via systemd
systemctrl start sshd

On your guest you should have at least installed a ssh-client using:

sudo apt-get install openssh-client

Preparation guest

On guest you can now connet to server via ssh:

ssh user@earthUrl

, where user is a valid username on server and earthUrl is the public url for your earth PC.

While testing this command you need to type your password and you will get a ssh-terminal to the server PC.

If you follow the guide you should exit this ssh session using CTRL+d or typing exit as command.

Passwordless login

In order to not enter your password all the time, ssh has a public key authentification process. All following steps have to be done on the guest system. First you need to generate a public and private key:

ssh-keygen

Your keys are stored in ~/.ssh/, you were ask to enter a password for your key, it is only needed (for security reasons) if you, e.g. are on a shared PC, but on guest (your own personal PC) no password should be ok.

After you created the key-pairs, you need to add your public key to server:

ssh-copy-id user@earthUrl

If everything was succesfully you are now able to ssh without a password to server, just test it:

ssh user@earthUrl

The file ~/.ssh/authorized_keys should appear on the host system (server) which contains one line per key followed by username@computerName.

Other nice things

  • ssh x-forwarding (but it is slow)

    • edit /etc/ssh/sshd_config and uncomment X11Forwarding yes (possibly you have to change no to yes)
    • restart the ssh service: systemctl restart sshd.service`
    • Now try to start your application: ssh -X <user>@<hostnameOrIP> thunar

  • sshfs (install it via: sudo apt-get install sshfs):

    you can mount folders (via fullPath) from server as localFolder (must exist) on guest using:

    sshfs user@earthUrl:/fullPath localFolder

2fa ssh

Assumes that you have google authenticator installed on a mobile device

  1. Installation:
    1. yay -S libpam-google-authenticator
    2. Optional (to display the QR code) sudo apt-get install libqrencode (or qrencode)
  2. Edit sudo nano /etc/pam.d/sshd
    • Add here auth required pam_google_authenticator.so at the top
  3. Edit /etc/ssh/sshd_confg
    • Set ChallengeResponseAuthentication yes
  4. Reload sshd service (systemctl reload sshd.service)
  5. Generate a key: google-authenticator and follow the instructions

Optional: Generate a qrcode (or just type in your secret) manually:

  1. Install qrencode
  2. qrencode -o- -d 300 -s 10 "otpauth://totp/YOUR_IDENTIFICATION?secret=YOUR_SECRET" | display

Additonal Resources

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License *.

Code (snippets) are licensed under a MIT License *.

* Unless stated otherwise

Home

Python 3

(un)fold
Snippets
General
Libs

Linux/bash

(un)fold
Guides
Scripts

Git

(un)fold

C/C++

(un)fold

Video

(un)fold

Databases

(un)fold

Misc

(un)fold

Windows

(un)fold

Mac

(un)fold

SW recommendations

(un)fold

(Angular) Dart

(un)fold

Becoming a Software Eng

Clone this wiki locally