SSH
How to setup Secure Shell Protocol public key authentication
Generate key pairs on client
Ed25519 elliptic curve
ssh-keygen -t ed25519 -C "$(whoami)@$(uname -n)-$(date -I)"
chmod 400 ~/.ssh/id_ed25519*
Default configuration
mv /etc/ssh/sshd_config.pacnew /etc/ssh/sshd_config
Allow root login to copy public key to the remote server
/etc/ssh/sshd_config
PermitRootLogin yes
systemctl restart sshd
Unlock Server authorized_keys file on remote server before copy
chmod 666 ~/.ssh/authorized_keys
ll ~/.ssh/authorized_keys
Copying public key to remote server as non privileged user
ssh-copy-id root@localhost
Lock authorized_keys file on remote server
chmod 400 ~/.ssh/authorized_keys
ll ~/.ssh/authorized_keys
Enable public key authentication on remote server
/etc/ssh/sshd_config.d/20-force_publickey_auth.conf
# localhost configuration
# Edit SSH Configuration
AddressFamily inet
PermitRootLogin no
MaxAuthTries 3
PubkeyAuthentication no
PasswordAuthentication no
PermitEmptyPasswords no
AllowTcpForwarding no
X11Forwarding no
KbdInteractiveAuthentication no
UsePAM no
PrintMotd no
KerberosAuthentication no
GSSAPIAuthentication no
# Overriding settings on a per-user basis
Match User root Address 127.0.0.1
PermitRootLogin prohibit-password
PubkeyAuthentication yes
AuthenticationMethods publickey
AllowTcpForwarding yes
Banner /etc/issue.net
Create local ssh config as non privileged user
~/.ssh/config
Host *
AddKeysToAgent yes
IdentityFile ~/.ssh/id_ed25519
Host localhost
HostName localhost
Port 22
User root
Login to remote server
┌──(wildw1ng🤓arch-r9-5900x)-[~]
└─$ ssh localhost
Saving ssh passphrase for current session on client
.zshrc
# Saving ssh passphrase for current session
if [ ! -S ~/.ssh/ssh_auth_sock ]; then
eval `ssh-agent`
ln -sf "$SSH_AUTH_SOCK" ~/.ssh/ssh_auth_sock
fi
export SSH_AUTH_SOCK=~/.ssh/ssh_auth_sock
ssh-add -l > /dev/null || ssh-add