Created lørdag 03 december 2016
# Install the openssh package. This will have to be installed on both a client or a server machine.
$ pacman -S openssh
Client Usage
# Client side usage
# The default SSH port is 22
Usage
# Connecting to a server
$ ssh -p <portnumber> <user>@<server-address> # Note the @ between user and address.
Tips and Tricks
# Run process on the server display output - ex. running mplayer on your media-server^
$ DISPLAY=:0 mplayer /path/to/movie -fs
Configuration
# Add/edit ~/.ssh/config This will be referred to as the ssh configuration
# Add a global username for all the hosts you visit
User <USER_NAME>
# Improved performance, add the following to the ssh configuration
ControlMaster auto ControlPersist yes
# Host Aliasses
# To provide an alias for a commonly used host, add the following to the ssh config
Host <SERVER_NAME> # Give it a optional name HostName <SERVER_ADDRESS> Port <PORT_NUMBER>
# You are now able to use alias shortcuts, instead of the full ssh user@host string
$ ssh <SERVER_NAME>
Server Usage
# Server side usage
URxvt
# While using URxvt on your local (client) machine, it'll act up connecting to the server.
# Binds all messed and what not - To fix this, install rxvt-unicode-terminfo on the server machine
$ pacman -S rxvt-unicode-terminfo
Configuration
# The configuration file can be found in /etc/ssh/sshd_config
# Note the "d" sshd_config (daemon) - This will be referred to as the configuration file
# Disable root login, edit the following in the configuration file
PermitRootLogin no
# Change port number (optional) - default is port 22
Port <PORT_NUMBER>
# To disable the SSH login (password login) - f.ex. to only use SSH key authentication (See below).
# Uncomment and change to no in the following
PasswordAuthentication no ChallengeResponseAuthentication no
SSH key authentication
# The public key, from the client, will have to be located on the server machine.
# Say our clients public SSH key is located on our servers home folder ~/<somekey>.pub
# Create, if it doesn't already exists, a folder at ~/.ssh
$ mkdir ~/.ssh
$ chmod 700 ~/.ssh
# Import the public key, from the client, to the authorized_keys file
$ cat ~/<somekey>.pub >> ~/.ssh/authorized_keysl
# Remove the public key and change the folder permission back to only user-usable
$ rm ~/<somekey>.pub
$ chmod 600 ~/.ssh/authorized_keys
Starting the daemon
# Starting the server side daemon
The easy way
# just starting the daemon to constantly be running (preferred option below)
# This method might come in handy if you have several (maybe unknown) IPs connecting
$ systemctl enable sshd.service # Note the preferred option below!
The preferred way
# To only start the daemon process when a allowed connection is incomming, enable the following
$ systemctl enable sshd.socket
$ systemctl enable sshd@.service
# Edit your socket file to ONLY allow certain IP-adresses
$ systemctl edit sshd.socket
# Add the following - portnumber is the port that the SERVER/HOST is listening for (default 22)
[socket] FreeBind=true ListenStream= # Add ip and portnumber, ex 192.168.0.1:22 ListenStream=<IP_ADDRESS>:<PORT_NUMBER>
Tips and Tricks
# Some random Tips and Tricks
Keep Alive
# To make sure that the SSH server wont log you out,
# uncomment and change the following in the configuration file
ClientAliveInterval 120