wbe

Search

SearchSearch

Setup SSH on new machine

May 09, 2022, 2 min read

REMOTE DEVICE

commands for ubuntu

prerequisites:

openssh-server, ufw ubuntu ship with ufw

NOTE: if on vps without dedicated ipV4, enable IPV6 for ufw set IPV6=yes in /etc/default/ufw

sudo apt install openssh-server

enable services

check service status and ensure both are enabled

systemctl status sshd.service ufw.service

allow ssh on remote device:

this means ssh port must be opened

# using OpenSSh application profile
sudo ufw allow OpenSSH
 
# OR using rules in /etc/services
sudo ufw allow ssh
 
# Finally enable ufw
sudo ufw enable

HOST DEVICE

ssh into remote machine from host without password

# Generate key-pair on host 
ssh-keygen -t ed25519 -f remoteDevice_ed25519 -C "Add a comment here"
 
# if not in $HOME/.ssh when generating these keys then move them there
mv ./remoteDevice_ed25519 ./remoteDevice_ed25519.pub ~/.ssh/
 
# set permissions to rw for user only on private key, and rw by user and read by all on public key
chmod u=rw,g=,o= ~/.ssh/remoteDevice_ed25519
chmod u=rw,g=r,o=r ~/.ssh/remoteDevice_ed25519.pub
 
# Copy public key to remote device
ssh-copy-id -i ~/.ssh/remoteDevice_ed25519.pub remoteUser@remoteDevice-ipAddr

Danger zone

share private key for remoteDevice_ed25519 with other devices NOTE: this also be done with copy pasting when sshed into Host from trsuted device or using flash drive.

# prefreably one on local network
ssh-copy-id -i remoteDevice_ed25519 trustedDevice@ipAddr

Configs

when there are multiple devices it is easier to keep track of them in configs config file: ~/.ssh/config

ex:

Host github.com
  HostName github.com
  PreferredAuthentications publickey
  IdentityFile ~/.ssh/github_id_rsa
  IdentitiesOnly yes

# Gitlab account
Host gitlab.com
  HostName gitlab.com
  PreferredAuthentications publickey
  IdentityFile ~/.ssh/gitlab_ed25519
  IdentitiesOnly yes

# gaming laptop
Host lenovo
  HostName 192.168.86.52
  User wbe
  IdentityFile ~/.ssh/lenovo_ed25519
  IdentitiesOnly yes

# thinkpad
Host tp
  HostName 192.168.86.36
  User wbe
  IdentityFile ~/.ssh/tp_ed25519
  IdentitiesOnly yes

tips: in case host was added by mistake, remove with ssh-keygen -f $HOME/.ssh/known_hosts -R “[ip]:port”

Graph View

Backlinks