This post is part of ‘Linux-servers‘ -course ran by Tero Karvinen.
This week, the topic was SSH. The assignment consisted of 9 tasks, of which 5 were mandatory. I have been working all week on Reaktor’s pre-apply assignment, so I did just the minimum effort, as I’m really short on time for anything else. I started working on the tasks on Sunday 10:30pm, and was finished by 11:45pm.
The task titles are freely translated from the course page.
Task A) Install an SSH-daemon
This task wasn’t much more than just installing openssh-client and openssh-server with:
sudo apt-get install openssh-client openssh-server
Task B) Protect your PC with a firewall, but first, make a hole for SSH
Making the hole before enabling the firewall is important, cause otherwise you’re going to have a bad time as you’re not able to connect to the remote host cause the ssh connection is blocked. I’ve covered this in my earlier posts, but here it is again. The commands to open a firewall and port for 22 (which is default for ssh).
sudo ufw allow 22/tcp sudo ufw enable
Task C) Transfer files with SSH
To do this, I used my DigitalOcean server. I used scp for this. I created an empty file with nano and did:
And the file appeared at my remote machine.
Task D) Make logging in automatic by using a public key.
The first command to run was ssh-keygen. This generates an RSA key, which one must then copy to the remote server. It’s as simple as that. Or almost.
First, I browsed to the location of my newly-generated ssh key, which was /home/xubuntu/.ssh/. Then, I made sure that only the owner can read, write and execute the file. This I did with:
chmod 700 ./id_rsa.*
7 means those who are in the first group (owners) can read, write and execute, 0 means those who are in the second and third group can’t do anything.
I then copied the key in that folder to my remote machine’s user/home directory with scp and logged back in to my remote machine. Now, I had to make a new folder called .ssh, and inside it, a file named authorized_key. and then insert the data of the key inside this file.
mkdir .ssh cat id_rsa.pub >>.ssh/authorized_keys
After this, I used chmod 700 again to give the folder the same things as I did few paragraphs above
Testing if it works
Now I obviously just had to test if it worked. I tried logging and this time it didn’t ask for a password, which means I had succeeded:
Tero Karvinen, schedule and tasks for Linux Servers course
John Carl Villanueva, Setting Up SFTP Public Key Authentication On The Command Line, jscape.com