PCTResearch Wiki

To install the OpenSSH client applications on your Ubuntu system, use this command at a terminal prompt:

$ sudo apt install openssh-client

To install the OpenSSH server application, and related support files, use this command at a terminal prompt:

$ sudo apt install openssh-server

$ sudo ssh-keygen -A

$ sudo /etc/init.d/ssh start
Starting ssh (via systemctl): ssh.service.
  or
$ sudo systemctl start ssh.service

user(ex. pctr)'s home directory

$ ssh-keygen -t rsa -b 4096

$ touch /home/<user name>/authorized_keys

$ sudo vim /etc/ssh/sshd_config
--
PasswordAuthentication no
UsePAM yes
X11Forwarding yes
AllowUsers <user_name>
AllowGroups <group_name>
--

$ sudo systemctl restart ssh

$ sudo ufw allow from <client_ip_address> to any port <port_no> comment 'Allow ssh from client'
 
 ex)
$ sudo ufw allow from 192.168.1.0/24 to any port 22 comment 'Allow ssh from local'

To create your public and private SSH keys on the command-line: user(ex. pctr)'s homedirectory

$ mkdir ~/.ssh
$ chmod 700 ~/.ssh
$ ssh-keygen -t rsa -b 4096

You will be prompted for a location to save the keys, and a passphrase for the keys. This passphrase will protect your private key while it's stored on the hard drive:

Generating public/private rsa key pair.
Enter file in which to save the key (/home/b/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/b/.ssh/id_rsa.
Your public key has been saved in /home/b/.ssh/id_rsa.pub.

Note: The default is a 2048 bit key. You can increase this to 4096 bits with the -b flag (Increasing the bits makes it harder to crack the key by brute force methods).

 ex)
$ ssh-keygen -t rsa -b 4096

The key you need to transfer to the host is the public one. If you can log in to a computer over SSH using a password, you can transfer your RSA key by doing the following from your own computer:

$ ssh-copy-id <username>@<host>

If you can't log in to a SSH server using SSH with a password, you need to add a public key to /home/<user name>/.ssh/authorized_keys on the SSH server side.

In practice, copy and paste the entire contents of id_rsa.pub to the bottom of authorized_keys on the SSH server side.

$ ssh-keygen -l -f <key file name>

$ ssh-keygen -p

$ ssh <username>@<host>

$ ssh-agent bash
$ ssh-add ~/.ssh/id_rsa

First, create the SSH directory and then generate the SSH key pair.

One assumption is that the Windows profile you are using is set up with administrative privileges. Given this, you will be creating the SSH directory at the root of your profile, for example:

C:\Users\<user name>
To create the keys, type:

C:\Users\<user name> > ssh-keygen.exe
  or
C:\Users\<user name> > ssh-keygen -t rsa -C "me@email.com"

You need to copy and paste the entire contents of id_rsa.pub to ~/.ssh/authorized_keys on server's user home directory.

/home/pctr/.ssh/config

host ubuntu
    ForwardAgent yes
    ForwardX11 yes
    ForwardX11Trusted yes
    Hostname host_name_of_server
    Port xxxxx
    User pctr

Usage of ssh connection

$ ssh ubuntu

C:\Users\kan\.ssh\config

Host pctresearch
  HostName host_name_of_server
  ForwardX11 yes
  ForwardX11Trusted yes
  IdentityFile "C:\Users\ptsr\.ssh\file_name_of_private_key"
  IdentitiesOnly yes
  AddressFamily inet
  User pctresearch
 
Host *
    ServerAliveInterval 60
    ServerAliveCountMax 10000

AddressFamily - Specifies which address family to use when connecting. Valid arguments are any (the default), inet (use IPv4 only), or inet6 (use IPv6 only).

Usage of ssh connection

> ssh pctresearch