Professional Documents
Culture Documents
Debian SSH
Debian SSH
Debian SSH
Contents
1. Introduction
2. Installation
1. Installation of the client
2. Installation of the server
3. Configuration files
1. Regenerating host keys
4. Remote login
1. With password
2. Using shared keys
5. Keys management
1. Using GUI
6. Securing
1. SSH Server
1. Good practices with SSH Server
2. Configuration Options
3. External Utilities
2. SSH Client
1. Good practices with SSH Client
7. Additional Functions
1. View files in GUI
8. Additional Commands
1. scp
2. sftp
1. text mode
2. graphical mode
3. clusterssh
4. ssh-agent and ssh-add
5. keychain
6. ssh-askpass
7. libpam-usb
9. Remote commands
10. SSH into Debian from another OS
11. Good practices of SSH usage
12. Troubleshooting
1. OpenSSL version mismatch. Built against 1000105f, you have 10001060
2. SSH hangs
1. Resolution with IPQoS 0x00
ToDo: merge (and translate) this page and the french one (more
complete)
Introduction
SSH stands for Secure Shell and is a protocol for secure remote login
and other secure network services over an insecure network1. See
WikiPedia: Wikipedia - Secure Shell for more general information and
DebPkg: ssh, DebPkg: lsh-client or DebPkg: dropbear for the SSH
software implementations out of which OpenSSH is the most
2
popular and most widely used . SSH replaces the unencrypted
WikiPedia: telnet, WikiPedia: rlogin and WikiPedia: rsh and adds
many features.
So, if you want to use the recipes below, first set these variables to
the remote computer name and the user name on that remote
computer. Then cut and paste of the commands below should work.
remote_host may also be an IP-address.
Installation
Installation of the client
Configuration files
Starting with Bullseye, configuration files will also be read from the
following subfolders :
• ssh_host_ecdsa_key
• ssh_host_ecdsa_key.pub
• ssh_host_ed25519_key
• ssh_host_ed25519_key.pub
rm /etc/ssh/ssh_host_*
dpkg-reconfigure openssh-server
Remote login
With password
ssh $remote_user@$remote_host
If the usernames on the local and the remote computer are identical,
you can drop the $remote_user@-part and simply write
ssh $remote_host
If this is the first time you login to the remote computer, ssh will ask
you whether you are sure you want to connect to the remote
computer. Answer 'yes' after you verified the remote computer's
fingerprint, type in your password, and ssh will connect you to the
remote host.
ssh-keygen -t rsa
Your private key is id_rsa (don't give it to someone else), your public
key is id_rsa.pub.
You copy your public key to a remote host with the command ssh-
copy-id
ssh-copy-id -i ~/.ssh/id_rsa.pub $remote_user@$remote_host
Now you can connect simply to the remote host and the passphase is
asked for. Once done, you get connected to the remote host. In case
of a new connection the passphrase does not get asked for again
during your entire session.
Keys management
Using GUI
Securing
SSH Server
Configuration Options
You can list your current sshd settings with the following command:
sshd -T | sort
External Utilities
Additional Functions
fish://username@server_name_or_ip
Additional Commands
scp
• Sending a file:
sftp
text mode
graphical mode
clusterssh
You will still need to tell the agent to manage your keys.
ssh-add -l
# Add your ssh key
ssh-add ~/.ssh/your_private_key
When a private key is first needed, you are prompted for its
passphrase. ssh-agent will then remember the key so that your
passphrase doesn't get asked anymore.
keychain
ssh-askpass
libpam-usb
If you just want to run one command on the remote computer, you
don't need to login. You can tell ssh to run the command without login,
for instance,
lists all files with extension .txt on the remote computer. This works
with single tick quotes '...' as shown here, with double tick quotes "...",
and without quotes. There may be differences between these three
cases, though, not yet documented here.
This document sums up many good practices that regular SSH users
should follow in order to avoid compromising the security of their
accounts (and of the whole machine at the same time).
Host master.debian.org
User account
IdentityFile ~/.ssh/id_rsa
IdentitiesOnly yes
Troubleshooting
If you get an error message like this when starting the ssh daemon,
you need to run:
SSH hangs
Issue
You are trying to SSH into a remote computer. But during SSH log-in
the session hangs/freezes indefinitely. Thus you are not presented
with the command prompt. And you are not able to use any SSH
commands When using SSH debug mode the session hangs at
this line
debug2: channel 0: open confirm rwindow 0 rmax 32768
Possible cause
With some routers behind NAT and when using OpenSSH. During
session setup, after the password has been given, OpenSSH sets the
TOS (type of service) field in the IP datagram. The router choke on
this. The effect is that your SSH session hangs indefinitely. In other
words, SSH commands or connections are seldom working or not
working at all.
~/.ssh/config
or
/etc/ssh/ssh_config
Note: config file is per user and ssh_config file is for all users
and system wide. If unsure edit the appropriate user config file.
File content before
Host *
Host *
IPQoS 0x00
ProxyCommand nc %h %p
# Keep client SSH connection alive by sending every 300 seconds a small keep-alive
ClientAliveInterval 300
ClientAliveCountMax 3333
See also
• DebianPkg: screen - terminal multiplexer with VT100/ANSI
terminal emulation
• DebianPkg: tmux - alternative terminal multiplexer
CategoryNetwork CategorySoftware
1. https://tools.ietf.org/html/rfc4252 (1)
2. https://www.openssh.com/users.html (2)
3. https://www.openssh.com/txt/release-5.7 (3)
4. https://www.openssh.com/txt/release-6.5 (4)