+7 vote
676 views
asked in Linux by (12.5k points)

How to Set up a SSH server on linux  Ubuntu to access your computer remotely

1 Answer

+7 votes
answered by (140k points)

This guide will talk about and how to configure SSH to remotely access our computer with GNU / Linux, we can also access our routers if they have Linux-based firmwares like Tomato RAF. 
 
What is SSH? 
 
The abbreviation stands for Secure SHell. Useful for accessing remote machines, as does telnet, but in a safe manner and that the connection is encrypted. The transport is done by TCP, therefore guarantees that orders will reach their destination (connective, reliable, connection-oriented). 
 
security 
 
SSH encryption provides authenticity and integrity of data transmitted over an insecure network such as the Internet. 
 
Public keys used for authentication on the remote machine. 
 
SSH is not only to use commands on remote machines, but for file transfer safely either SCP or sFTP and Remote Desktop Services. 
 
Look 25 ways to take advantage of the SSH
 
installation 
 
We will use OpenSSH so let's install it: 
 
sudo apt-get install openssh-server 
 
We now proceed to its configuration. 
 
Commands we must consider 
 
To edit the configuration of the SSH server should do in console: 
 
sudo gedit / etc / ssh / sshd_config 
 
To start the server: 
 
sudo start /etc/init.d/ssh 
 
* Starting OpenBSD Secure Shell server sshd 
 
To stop the server: 
 
sudo stop /etc/init.d/ssh 
 
* Stopping OpenBSD Secure Shell server sshd 
 
To restart the server: 
 
sudo restart /etc/init.d/ssh 
 
* Restarting OpenBSD Secure Shell server sshd
 
Server Configuration 
 
Once installed, we will configure the server console do: 
 
sudo gedit / etc / ssh / sshd_config 
 
And you can edit your choices, I put my config file and an explanation of what you can change. 
 
# Package generated configuration file 
# See the sshd_config (5) manpage for details 
 
# Put the port to listen for SSH, the default is 22 We will open a port on your router to redirect to the internal IP of the machine where you have it. 
Port 1234 
# We use SSH protocol 2, much safer, therefore always force them to connect by Protocol 2. 
Protocol 2 
# HostKeys for protocol version 2 The place where the keys are stored. 
HostKey / etc / ssh / ssh_host_rsa_key 
HostKey / etc / ssh / ssh_host_dsa_key 
#Privilege Separation is turned on for security 
UsePrivilegeSeparation yes 
 
# Lifetime and size of ephemeral version 1 server key 
KeyRegenerationInterval 3600 
ServerKeyBits 2048 
 
# Logging 
SyslogFacility AUTH 
LogLevel INFO 
 
# Authentication, PermitRootLogin important part is your decision ... 
LoginGraceTime 120 
PermitRootLogin no 
StrictModes yes 
 
RSAAuthentication yes 
PubkeyAuthentication yes 
#AuthorizedKeysFile% H / .ssh / authorized_keys 
 
# Do not read the user's ~ / rhosts and ~ / .shosts files 
IgnoreRhosts yes 
# For esto a work Also you will need host keys in / etc / ssh_known_hosts 
RhostsRSAAuthentication not 
# Similar for protocol version 2 
HostbasedAuthentication not 
# Uncomment if you do not trust ~ / .ssh / known_hosts for RhostsRSAAuthentication 
#IgnoreUserKnownHosts yes 
 
# To enable empty passwords, change to yes (NOT RECOMMENDED) 
PermitEmptyPasswords not 
 
# Change to yes to enable challenge-response passwords (beware issues with 
# Some PAM modules and threads) 
ChallengeResponseAuthentication not 
 
# Change to no to disable tunnelled clear text passwords 
#PasswordAuthentication yes 
 
# Kerberos options 
#KerberosAuthentication not 
#KerberosGetAFSToken not 
#KerberosOrLocalPasswd yes 
#KerberosTicketCleanup yes 
 
# GSSAPI options 
#GSSAPIAuthentication not 
#GSSAPICleanupCredentials yes 
 
X11Forwarding yes 
X11DisplayOffset 10 
PrintMotd not 
PrintLastLog yes 
TCPKeepAlive yes 
#UseLogin not 
 
#MaxStartups 10:30:60 
#banner /etc/issue.net 
 
# Allow client to pass locale environment variables 
AcceptEnv LANG LC_ * 
 
Subsystem sftp / usr / lib / openssh / sftp-server 
 
UsePAM yes 
MaxAuthTries 2 
 
If we use SFTP caged and comment must put this line (Subsystem sftp / usr / lib / openssh / sftp-server): 
 
Subsystem sftp internal-sftp 
Match server user 
ChrootDirectory / home / jail / home 
AllowTcpForwarding not 
ForceCommand internal-sftp 
 
As you can see, using openssh-server you also have built a sFTP server. 
 
Caging a user with OpenSSH on Ubuntu 
 
Suppose we want to create a user Sanobis our friend, but we do not want so you can see all files on the system, ie, let enjaularle in your / home / directory only. 
 
We got this file: 
 
 
And we put it in the root directory for convenience. 
 
We assign permissions 700 
 
sudo chmod 700 make_chroot_jail.sh 

Ask a Question
Welcome to WikiTechSolutions where you can ask questions and receive answers from other members of the community.

You can ask a question without registration.

Categories

...