[[https://pctresearch.com/|{{:wiki_banner.jpg?nolink&800|}}]]

===== SSH/OpenSSH/Keys =====
To install the OpenSSH client applications on your Ubuntu system, use this command at a terminal prompt:
<code Bash>
$ sudo apt install openssh-client
</code>
To install the OpenSSH server application, and related support files, use this command at a terminal prompt:
<code Bash>
$ sudo apt install openssh-server
</code>
==== Public and Private Keys ====
| ^file name^client/Server^location^
^**private key**|id_rsa|Client side|/home/pctr/.ssh|
^**public key**|id_rsa.pub|Server side|contents of /home/pctr/.ssh/authorized_keys|

==== Work As SSH Server ====
<code Bash>
$ sudo ssh-keygen -A
</code>
^-A|Generate host keys of all default key types (rsa, ecdsa, and ed25519) if they do  not  already  exist.|
<code Bash>
$ sudo /etc/init.d/ssh start
Starting ssh (via systemctl): ssh.service.
  or
$ sudo systemctl start ssh.service
</code>

user(ex. pctr)'s home directory
<code Bash>
$ ssh-keygen -t rsa -b 4096
</code>
<code Bash>
$ touch /home/<user name>/authorized_keys
</code>
=== Recommended Setting of sshd_config ===
<code Bash>
$ sudo vim /etc/ssh/sshd_config
--
PasswordAuthentication no
UsePAM yes
X11Forwarding yes
AllowUsers <user_name>
AllowGroups <group_name>
--
</code>
<code Bash>
$ sudo systemctl restart ssh
</code>
=== ufw setting ===
<code Bash>
$ sudo ufw allow from <client_ip_address> to any port <port_no> comment 'Allow ssh from client'

 ex)
$ sudo ufw allow from 192.168.1.0/24 to any port 22 comment 'Allow ssh from local'
</code>

==== Work as SSH Client - Generating RSA Keys ====
To create your public and private SSH keys on the command-line:
user(ex. pctr)'s homedirectory
<code Bash>
$ mkdir ~/.ssh
$ chmod 700 ~/.ssh
$ ssh-keygen -t rsa -b 4096
</code>
You will be prompted for a location to save the keys, and a passphrase for the keys. This passphrase will protect your private key while it's stored on the hard drive:
<code Bash>
Generating public/private rsa key pair.
Enter file in which to save the key (/home/b/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/b/.ssh/id_rsa.
Your public key has been saved in /home/b/.ssh/id_rsa.pub.
</code>

==== About Key Encryption Level ====
Note: The default is a 2048 bit key. You can increase this to 4096 bits with the -b flag (Increasing the bits makes it harder to crack the key by brute force methods).
<code Bash>
 ex)
$ ssh-keygen -t rsa -b 4096
</code>

==== Transfer Client Key to Host ====
The key you need to transfer to the host is the public one. If you can log in to a computer over SSH using a password, you can transfer your RSA key by doing the following from your own computer:
<code Dos>
$ ssh-copy-id <username>@<host>
</code>
If you can't log in to a SSH server using SSH with a password, you need to add a public key to /home/<user name>/.ssh/authorized_keys on the SSH server side.

In practice, copy and paste the entire contents of id_rsa.pub to the bottom of authorized_keys on the SSH server side.
==== to show the key's bit-size and fingerprint ====
<code Dos>
$ ssh-keygen -l -f <key file name>
</code>
==== change a ssh passphrase for private key ====
<code Bash>
$ ssh-keygen -p
</code>
==== SSH login ====
<code Dos>
$ ssh <username>@<host>
</code>
==== Enter SSH passphrase once ====
<code Dos>
$ ssh-agent bash
$ ssh-add ~/.ssh/id_rsa
</code>
==== SSH client on Windows ====
=== Generating SSH keys ===
First, create the SSH directory and then generate the SSH key pair.\\

One assumption is that the Windows profile you are using is set up with administrative privileges. Given this, you will be creating the SSH directory at the root of your profile, for example:\\

C:\Users\<user name>\\
To create the keys, type:
<code Bash>
C:\Users\<user name> > ssh-keygen.exe
  or
C:\Users\<user name> > ssh-keygen -t rsa -C "me@email.com"
</code>
You need to copy and paste the entire contents of id_rsa.pub to ~/.ssh/authorized_keys on server's user home directory.

==== Example of config on client ====
=== WSL or ubuntu ===
/home/pctr/.ssh/config
<code Bash>
host ubuntu
    ForwardAgent yes
    ForwardX11 yes
    ForwardX11Trusted yes
    Hostname host_name_of_server
    Port xxxxx
    User pctr
</code>
Usage of ssh connection
<code Bash>
$ ssh ubuntu
</code>
=== Windows ===
C:\Users\kan\.ssh\config
<code Dos>
Host pctresearch
  HostName host_name_of_server
  ForwardX11 yes
  ForwardX11Trusted yes
  IdentityFile "C:\Users\ptsr\.ssh\file_name_of_private_key"
  IdentitiesOnly yes
  AddressFamily inet
  User pctresearch

Host *
    ServerAliveInterval 60
    ServerAliveCountMax 10000
</code>
:!: AddressFamily - Specifies which address family to use when connecting. Valid arguments are any (the default), inet (use IPv4 only), or inet6 (use IPv6 only). 

Usage of ssh connection
<code Dos>
> ssh pctresearch
</code>