Difference between revisions of "SSH"
From Organic Design wiki
m (→Disable password-based logins) |
(→Troubleshooting) |
||
Line 28: | Line 28: | ||
<source lang="bash"> | <source lang="bash"> | ||
openssl rsa -des3 -in your.key -out your.encrypted.key | openssl rsa -des3 -in your.key -out your.encrypted.key | ||
+ | </source> | ||
+ | |||
+ | == Troubleshooting == | ||
+ | === expecting SSH2_MSG_KEX_ECDH_REPLY === | ||
+ | Try changing the MTU of the client to 1400 as follows (change ''eth0'' to the appropriate interface): | ||
+ | <source lang="bash"> | ||
+ | sudo ip li set mtu 1400 dev eth0 | ||
</source> | </source> | ||
Revision as of 22:54, 17 February 2018
Contents
Disable password-based logins
If you want to restrict server logins to keys only, you can disable passwords for SSH access in /etc/ssh/sshd_config:
AllowUsers fred bob sam
PermitRootLogin no
RSAAuthentication yes
PubkeyAuthentication yes
PasswordAuthentication no
And don't forget to add your public RSA key to '~/.ssh/authorized_keys. Note that you'll probably need to create the directory since the account has just been created, and the owner and mode is important.
mkdir /home/USER/.ssh
echo "RSA_KEY" > /home/USER/.ssh/authorized_keys
chown USER:USER -R /home/USER/.ssh
chmod 644 /home/USER/.ssh/authorized_keys
Restart the SSH server and test that you can login from another terminal window before exiting the current session. You now login as your own user, not the root user, and then use sudo bash to gain a root shell.
service ssh restart
Password-protect an existing private key
To add a password to an existing private key, use the following openssl command:
openssl rsa -des3 -in your.key -out your.encrypted.key
Troubleshooting
expecting SSH2_MSG_KEX_ECDH_REPLY
Try changing the MTU of the client to 1400 as follows (change eth0 to the appropriate interface):
sudo ip li set mtu 1400 dev eth0