LPIC-2 [202-450] 212.3 SSH

OpenSSH

Installation

Ubuntu

sh# apt install openssh-server

Configuration

# ****************************************************

# * File    : /etc/ssh/sshd_config

# * Host    : openssh-server

# * Created : 2019-12-15-01-WS

# * Version : 2019-12-15-01-WS

# ****************************************************



Port                       22

Protocol                   2

AddressFamily              inet

ListenAddress              192.168.45.23


# HostKeys for protocol version 2

HostKey                    /etc/ssh/ssh_host_ecdsa_key

HostKey                    /etc/ssh/ssh_host_ed25519_key

HostKey                    /etc/ssh/ssh_host_rsa_key


# Logging

SyslogFacility             AUTH

LogLevel                   INFO


# Authentication

PubkeyAuthentication       yes

AuthorizedKeysFile         %h/.ssh/authorized_keys

PasswordAuthentication     no

PermitEmptyPasswords       no

LoginGraceTime             1m

PermitRootLogin            no

StrictModes                yes

MaxAuthTries               6

MaxStartups                3:75:10

AllowUsers                 user


# Crypto

Ciphers                    aes128-ctr,aes192-ctr,aes256-ctr

HostKeyAlgorithms          ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa,ssh-dss,ssh-rsa,ssh-ed25519,rsa-sha2-256,rsa-sha2-512

KexAlgorithms              diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,curve25519-sha256@libssh.org,diffie-hellman-group16-sha512

MACs                       hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-128-etm@openssh.com



TCPKeepAlive               yes

ClientAliveInterval        60

ClientAliveCountMax        5


# Forwarding

AllowTcpForwarding         no

AllowStreamLocalForwarding no

GatewayPorts               no

PermitTunnel               no

X11Forwarding              no


PrintMotd                  no

PrintLastLog               yes

PermitUserRC               no

PermitUserEnvironment      no

Compression                delayed

UseDNS                     no

PidFile                    /var/run/sshd.pid


# override default of no subsystems

Subsystem              sftp /usr/lib/ssh/sftp-server

Generating Keypairs

The following command we creates a keypair. The private key is stored in the file my.host.com and the public key in the file my.host.com.pub.

sh# ssh-keygen -t ed25519 -C my.host.com -f my.host.com

Generating public/private ed25519 key pair.

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in my.host.com.

Your public key has been saved in my.host.com.pub.

The key fingerprint is:

SHA256:/EtMpd/IR50K6x8zSRWcePsK469ka72udlSyPDJ5fD0 my.host.com

The key's randomart image is:

+--[ED25519 256]--+

|              o..|

|             . +.|

|            . ...|

|       .   o  ooo|

|        S o. =.=+|

|         + oX+XE+|

|          +o*#o+.|

|         ..++oB  |

|          .+=B+. |

+----[SHA256]-----+


sh# ls

my.host.com  my.host.com.pub