SSH
Setup SSH keys (no password login)
- Generate keys on client for remote-host
ssh-keygen -t ed25519 -f ~/.ssh/remote-host -C "Key for Remote Host"If you enter a passphrase, make sure to add key to ssh-agent for convenience
- Copy public key to remote server
ssh-copy-id -i ~/.ssh/remote-host.pub <user>@<host>This is just one of many ways to do it
- That’s all! Now
ssh user@remote-hostto login
Tips
Secure your server
Inside /etc/ssh/sshd_config, following changes are recommended:
PasswordAuthentication no
PubkeyAuthentication yes
PermitRootLogin noFor extra security, change to a non-standard port for ssh (22 is the standard). If you have a public IPv6 address, use that instead of IPv4. If you can, change the username.
If you have an Ubuntu Server on Oracle Cloud, check out how to add ipv6
All this so scripted attacks (that scour wellknown usernames on standard ip/ports) can be mitigated.
Then reload ssh daemon via systemctl: sudo systemctl daemon-reload && sudo systemctl restart sshd
May also have something like fail2ban running; Ensure your firewall is up and working.
Disable login banner/info
sed -i 's/PrintLastLog yes/PrintLastLog no/' /etc/ssh/sshd_config
touch /home/<user>/.hushloginQuicker connection from client
Add a known host to ssh config for easier connection (also used by scp & rsync), using ssh config
touch ~/.ssh/config && chmod 600 ~/.ssh/configHost remote-host
HostName <hostname/ip>
User <username>
Port <port>
PreferredAuthentications publickey
IdentityFile ~/.ssh/remote-hostssh server-nameIt is recommended to generate a new ssh key pair for every remote host.
Running local scripts on remote host
ssh user@server 'bash -s' < local_script.shssh user@server 'bash -s' <<'EOF'
# ...commands
whoami
EOF