SSH Basics

SSH questions are common in Linux forums. Some important points to remember:

There are two ends of the SSH connection: the local client and the remote server. The words server and client are used with respect to the process and not the computers.
The default SSH server configuration usually is stored in /etc/ssh/sshd_config.
The default SSH client configuration usually is stored in /etc/ssh/ssh_config.
Some client defaults may be overridden in the user’s $HOME/.ssh/config file.
To shorten the full commands needed, aliases can be created in $HOME/.ssh/config.
The remote account name is important when connecting. Often people need to connect from one user account into a different user account.

When practical disable logging in as root. This is not always possible, such as with many embedded devices.
When practical use key pairs rather than passwords. This is not always possible, such as with many embedded devices.
The public key is always the key to copy elsewhere. The private key is never copied anywhere.
The intended user should generate the key pair rather than another person. If another person generates the key pair then that person has access to the private key.
Computers can be stolen or compromised. A common way to ensure a private key cannot be compromised is with a pass phrase.
Usually public keys are stored in the remote account $USER/.ssh/authorized_keys.
Multiple key pairs may be used with multiple remote systems.
The ssh-copy-id can be used to copy public keys to a remote account, but if the remote SSH server is configured to only use key pairs the command no longer will function when there is no public key already uploaded.
When practical avoid deprecated ciphers.
Changing the default port of 22 is playing whack-a-mole. A better defense against bots and script kiddies is key pairs and firewall rules that drop rogue password attempts.

Posted: August 08, 2022 Category: Tutorial Tagged: General