Week 5 – SSH

This post is part of ‘Linux-servers‘ -course ran by Tero Karvinen.

This week, the topic was SSH. The assignment consisted of 9 tasks, of which 5 were mandatory. I have been working all week on Reaktor’s pre-apply assignment, so I did just the minimum effort, as I’m really short on time for anything else. I started working on the tasks on Sunday 10:30pm, and was finished by 11:45pm.

The task titles are freely translated from the course page.

Task A) Install an SSH-daemon

This task wasn’t much more than just installing openssh-client and openssh-server with:

sudo apt-get install openssh-client openssh-server

Task B) Protect your PC with a firewall, but first, make a hole for SSH

Making the hole before enabling the firewall is important, cause otherwise you’re going to have a bad time as you’re not able to connect to the remote host cause the ssh connection is blocked. I’ve covered this in my earlier posts, but here it is again. The commands to open a firewall and port for 22 (which is default for ssh).

sudo ufw allow 22/tcp 
sudo ufw enable  

Task C) Transfer files with SSH

To do this, I used my DigitalOcean server. I used scp for this. I created an empty file with nano and did:

And the file appeared at my remote machine.

Task D) Make logging in automatic by using a public key.

The first command to run was ssh-keygen. This generates an RSA key, which one must then copy to the remote server. It’s as simple as that. Or almost.

First, I browsed to the location of my newly-generated ssh key, which was /home/xubuntu/.ssh/. Then, I made sure that only the owner can read, write and execute the file. This I did with:

chmod 700 ./id_rsa.*

7 means those who are in the first group (owners) can read, write and execute, 0 means those who are in the second and third group can’t do anything.

I then copied the key in that folder to my remote machine’s user/home directory with scp and logged back in to my remote machine. Now, I had to make a new folder called .ssh, and inside it, a file named authorized_key. and then insert the data of the key inside this file.

mkdir .ssh
cat id_rsa.pub >>.ssh/authorized_keys

After this, I used chmod 700 again to give the folder the same things as I did few paragraphs above

Testing if it works

Now I obviously just had to test if it worked. I tried logging and this time it didn’t ask for a password, which means I had succeeded:

References

Tero Karvinen, schedule and tasks for Linux Servers course
http://terokarvinen.com/2018/aikataulu-linux-palvelimet-ict4tn021-3004-ti-alkukevat-2019-5-op

John Carl Villanueva, Setting Up SFTP Public Key Authentication On The Command Line, jscape.com
https://www.jscape.com/blog/setting-up-sftp-public-key-authentication-command-line

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this:
search previous next tag category expand menu location phone mail time cart zoom edit close