openssh Install the package.
# pacman -Syu openssh
By executing the following command, the SSH server will start automatically when the computer starts.
# systemctl enable sshd
Create a ~ / .ssh directory and generate a private / public key pair.
# mkdir .ssh
# chmod 700 .ssh
# cd .ssh
# ssh-keygen -t rsa -b 4096 -C "{email}"
Transfer the public key to the server in some way.
scp ~/.ssh/id_rsa.pub {user}@{host}:/home/{user}/id_rsa.pub
To omit specifying the user name, port number, and private key when connecting to the server, create a ~ / .ssh / config file with the following contents.
~/.ssh/config
Host {host}
HostName {host}
IdentitiesOnly yes
IdentityFile ~/.ssh/id_rsa
Port {port}
User {user}
Add the client-created public key to ~ / .ssh / authorized_keys and set the permissions.
% mkdir ~/.ssh
% cat ~/id_rsa.pub >> ~/.ssh/authorized_keys
% rm -f ~/id_rsa.pub
% chmod 700 ~/.ssh
% chmod 600 ~/.ssh/authorized_keys
Make the following settings to enhance security.
/etc/ssh/sshd_config
#Change the port number from the default of 22 to prevent unauthorized access.
#Avoid using Well Known Ports and Ephemeral Ports, which are prone to collisions.
#Specifically 1024-It is recommended to select in the range of 32767.
Port {port}
#Login as the root user is completely prohibited.
#If you need administrator privileges, log in as a general user and use sudo.
PermitRootLogin no
#Authenticate with insecure passwords and always use the private key.
PasswordAuthentication no
Restart sshd for the settings to take effect.
# systemctl restart sshd
Log in to the server with the ssh command.
% ssh {host}
Use the scp command to transfer files.
% scp {localPath} {host}:{remotePath}
Recommended Posts