ssh [email protected] // Basic ssh connection
ssh [email protected] -p 33 // Using port 33
ssh [email protected] -v // log more info on connectionWhen connecting to a remote device, authentication is needed by default (this can be bypassed through config files). The remote needs to know the client device trying to connect.
Generate RSA public/private keys pair, which will be located in ~/.ssh/
ssh-keygen -t rsa
Copy RSA public key (the private key needs to stay private) of your client device
cat ~/.ssh/id_rsa.pub
Paste client RSA public key into
~/.ssh/authorized_keys
The home folder used for authorized_keys needs to be the home folder of the user you want to be connected as on the server
/etc/ssh/ssh_config
There is a SSH daemon that listens to incoming connection request via SSH. You can configure the daemon with this file.
/etc/ssh/sshd_config
For authentication to work, Protocol 2needs to be set, simply with
Protocol 2
, enabling the host keys type you will be using. You can choose to have only one type of key.
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
On ArchLinux
journalctl -u sshd | tail -100
You can set up different connection configurations to remote hosts.
On your local machine (the client),
- Go to
~/.ssh/ - Create a config file
vim config, and fill in:
Host name-of-the-remote // only for you, not server-related
User myUser // user you want to log in as onto the remote server
Hostname 111.222.333.444 // address of the remote server
Port 9999 // Optional. SSH port of the remote server. Default is 22, but can be changed on the server for security reasons
SSH reverse connections are used in different situations, to bypass a firewall on a remote machine for instance.
In this particular case, the remote device (or server) you want to access to is the Ant device, and the client device from which you access is the Ants server, named Kerrigan.
ssh -N -R 2222:localhost:22 kerrigan
With this command, you're digging a tunnel from the Ant to queen Kerrigan. Startpoint (port 22 of the Ant) is opened, but the endpoint (port 2222 of Kerrigan) is not yet opened.
In reality, you're telling Kerrigan to forward any SSH connection that she will receive on port 2222 to the port 22 of the Ant.
Be careful, port 2222 of Kerrigan should be available, and port 22 is the default SSH port of the Ant, but can be different.
ssh -l userOnAnt -p 2222 localhost
Here, you're just opening the endpoint of the tunnel that was dug before, allowing SSH connection from queen Kerrigan to the Ant.
In reality, you're opening an SSH connection from Kerrigan to Kerrigan on port 2222, which is forwarded automatically to port 22 of the Ant.
You are now connected to the Ant device from Kerrigan.
https://wiki.archlinux.org/index.php/Secure_Shell
http://www.snailbook.com/faq/ssh-1-vs-2.auto.html
http://unix.stackexchange.com/questions/46235/how-does-reverse-ssh-tunneling-work
http://www.tunnelsup.com/raspberry-pi-phoning-home-using-a-reverse-remote-ssh-tunnel