Configuring SSH from Scratch

This document provides a detailed guide on how to configure SSH from scratch, including installing SSH, generating key pairs, configuring the SSH service, allowing root login, and setting up key-based authentication.

Installing SSH

Install the SSH Server

On the server, you need to install the SSH server. For Debian/Ubuntu:

sudo apt update
sudo apt install openssh-server

On CentOS/RHEL:

sudo yum install openssh-server

After installation, you can start the SSH service with the following command:

sudo systemctl start sshd
sudo systemctl enable sshd

Generate an SSH Key Pair

Generate an SSH key pair on the client machine:

ssh-keygen

Generate a standard key:

ssh-keygen -t rsa -b 4096 -C "your_email@example.com"

This command generates a 4096-bit RSA key pair. Follow the prompts; by default the key will be saved to ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub.

Configure the SSH Service

Set the Listening Port and Address

Edit the SSH configuration file /etc/ssh/sshd_config on the server to set the listening port and address, and allow password authentication:

Port 22
ListenAddress 0.0.0.0
PasswordAuthentication yes

You can change Port to any port you prefer for enhanced security, typically 22.

Allow Public Key Authentication

Ensure public key authentication is allowed:

PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys

If you need to allow root user login, ensure the following configuration:

PermitRootLogin yes

Restart the SSH Service

After making changes, restart the SSH service to apply the configuration:

sudo systemctl restart sshd

For WSL, use this:

service ssh restart

Complete Configuration Example

The relevant sections of your /etc/ssh/sshd_config file may look like this:

# Set listening port and address
Port 22
ListenAddress 0.0.0.0

# Allow public key authentication
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys

# Allow root user login (optional)
PermitRootLogin yes

# Disable password authentication (optional)
PasswordAuthentication no

My SSH Public Keys

Windows Laptop

# DingZhiyu_magicbook_pro
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDZe/qz3NoyO5FT2O8bjRGP0ToB08ZOUuxSdpySYKwb9SpZvS9Q5M5kNpw/iS+WAzNYztp2rRWFUem512/w5nDoQWzUw8zEsGNIalhJOSpbDFCuBcaBPmdOsft8p+k2G8bwOJNpyyJsim9Rb0LRtfxvH7W8h5es/rA0KBx0VFLLnFRsJJ5WpkoczmR2SMuG+Y4VzSJEOU2KpiVOrB2Qq5TxO+ZEX8VSjt1jxyxlNtfe2TWkiTvpqBXbBPqBsmxkI2vGpUjTStiBgYWG4PsVoUlCFQYj4qQrSW2bE7dnYDXPE9V4QrhfM7PF53ret0IYOAAFmsUTSgnH7BtBwOAq+99oJnkgL8IlUSKCvyao1NpaaKCdtm8xRykwQFNPwPb714NZ7g5iXA9imlUavn2QLj8ieKh5GIt53C3cEvqcG27jWwsIYhw23eeG9TBEL7QWWkFJoCYhy7UagWFPVyIPlXIEwtI5x/+KPGUOfmi5/VrJyOS3+f45/steJUBA6BztIiU= 97521@丁致宇的magicbook14pro

Mac Mini

# Dingzhiyu_mac_mini

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCt2i1bjqt03rJOzKIDzqlBsLJ8zQECyCV1sPB/OhVZ2HfZ+mFmEyuuofAEk1Mz+mou+WIxXirL2+MZDyuaLL7lHc7WjLZ0sYoe+P6T02T2xIahfb3STBuUcM4VcaHcJrgpoJlQjj9wZ/PCDYIiw/T87nvgBYOSAIp5I4eHu9eWTwBN5QoVW7QUqw4P9cRfab+ORoCaVP4DpPKl5ZMlTLxP6hiSDmEtC0U+vmTUPdvPL2gnJkOt442uIjD8qxhzs9a920ANeEiLtbLKs6RHx3LZFYRlu5vX/O2X+GzjXoAmT576wnCNGWvIB7CUdCVaCwwgA3y8k+xtWZeVQ4dc/8CqQmJlEwn1Ei6kUgIVCgteRWyTV1jCaPqkJGu6l0wCao44/mGEWunRSQJQf3BmsltXYyqwTjMy6qJWsxd0Efzkj4h4UDwe+bF+wsCkf+VEkwiLVnsre3T3OKKDWOiJxBtM26tFFBAbRo/ysvHfzaqKTE1hzOVxJi/Pyd1oiNfjMTc= nevergpdzy@DzyMacMini.local

Installing SSH​

Install the SSH Server​

Generate an SSH Key Pair​

Configure the SSH Service​

Set the Listening Port and Address​

Allow Public Key Authentication​

Allow Root User Login (Optional)​

Restart the SSH Service​

Complete Configuration Example​

My SSH Public Keys​

Windows Laptop​

Mac Mini​