SSH Client and Server
Posted on November 5, 2024 • 2 min read • 305 wordsSet up SSH client and server.
This page describes how to set up a Ubuntu machine as SSH server to allow clients to remote in.
First install openssh-server.
sudo apt-get install openssh-serverAfterwards check if the sshd service is active.
sudo systemctl status sshdFirst generate an SSH key pair.
ssh-keygen -t ed25519 -C <label>Add the public key to the SSH server, this time using password authentication of the user.
ssh-copy-id -i $PUBLIC_KEY_PATH ${USER}@${HOST}Put the following section in ~/.ssh/config. Replace <***> with the values of the same-named
environment variables above:
Host <HOST>
User <USER>
IdentityFile <PUBLIC_KEY_PATH>Remote into the SSH server with the following command.
ssh ${USER}@${HOST}After setting up SSH Key authentication for one user, we can optionally disable SSH password authentication on the server altogether.
Open the file /etc/ssh/sshd_config.
Find the line with:
#PasswordAuthentication yesChange it to:
PasswordAuthentication noThen restart the sshd service.
sudo systemctl restart sshdgit clone on Server
When cloning a private GitHub repository over SSH on the server, the server needs access to the SSH private key. It is not secure to place the SSH private key file directly on the server. The better option is to enable SSH agent forwarding on the client and forward the private key from client to server when they are connected.
For example, to set up agent forwarding for github.com put the following contents in ~/.ssh/config:
Host <server_ip_v4>
ForwardAgent yes
Host github.com
User git
AddKeysToAgent yes
IdentityFile <path_to_private_key_file>The ForwardAgent yes option shares the client’s private keys with the server whenever there is a connection,
so should be used with caution. In particular, it is best to use specific IP addresses or host names
in the first rule, instead of using wildcard.