Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
de:server:services:openssh [2022/09/03 00:16] – removed - external edit (Unknown date) 127.0.0.1 | de:server:services:openssh [2022/10/24 08:24] (current) – external edit 127.0.0.1 | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== OpenSSH ====== | ||
+ | |||
+ | OpenSSH (auch bekannt als OpenBSD Secure Shell) ist eine Sammlung von sicheren Netzwerkprogrammen, | ||
+ | |||
+ | OpenSSH begann als ein Fork des freien SSH-Programms, | ||
+ | |||
+ | Bei OpenSSH handelt es sich nicht um ein einzelnes Computerprogramm, | ||
+ | |||
+ | |||
+ | ===== Paket===== | ||
+ | |||
+ | < | ||
+ | pacman -S openssh | ||
+ | </ | ||
+ | |||
+ | |||
+ | ===== Start/ | ||
+ | |||
+ | |||
+ | < | ||
+ | systemctl enable --now sshd.service | ||
+ | </ | ||
+ | |||
+ | <alert type=" | ||
+ | < | ||
+ | systemctl restart sshd.service | ||
+ | </ | ||
+ | |||
+ | |||
+ | ===== Root- und Passwort-Authentifizierung zulassen ===== | ||
+ | |||
+ | Wenn man einen schnellen Zugang benötigt, zum Beispiel um den Server einzurichten. | ||
+ | |||
+ | < | ||
+ | nano / | ||
+ | </ | ||
+ | < | ||
+ | Port 22 | ||
+ | PermitRootLogin yes | ||
+ | PasswordAuthentication yes | ||
+ | </ | ||
+ | |||
+ | |||
+ | ===== SSH Schlüssel===== | ||
+ | |||
+ | Dies ist nicht nur sicherer, sondern erleichtert auch die Verbindung zum Server, ohne dass man jedes mal das Passwort eingeben muss. | ||
+ | |||
+ | ==== Konfiguration - Server ==== | ||
+ | |||
+ | < | ||
+ | nano / | ||
+ | </ | ||
+ | < | ||
+ | Port 22 | ||
+ | HostKey / | ||
+ | PermitRootLogin no | ||
+ | PubkeyAuthentication yes | ||
+ | PasswordAuthentication no | ||
+ | PermitEmptyPasswords no | ||
+ | </ | ||
+ | |||
+ | |||
+ | ==== Schlüssel erstellen - Desktop ==== | ||
+ | |||
+ | Ob man eine Passphrase verwendet oder nicht, hängt davon ab, wie man die Infrastruktur nutzen will und ob eine zusätzliche Sicherheitsebene gewünscht/ | ||
+ | |||
+ | < | ||
+ | ssh-keygen -t ed25519 | ||
+ | </ | ||
+ | |||
+ | Kopiere den Inhalt von '' | ||
+ | |||
+ | < | ||
+ | cat ~/ | ||
+ | </ | ||
+ | |||
+ | === Host hinzufügen - Desktop === | ||
+ | |||
+ | Ändere '' | ||
+ | |||
+ | < | ||
+ | nano .ssh/config | ||
+ | </ | ||
+ | < | ||
+ | Host server | ||
+ | HostName $SERVERIP | ||
+ | Port 22 | ||
+ | User $USER | ||
+ | IdentitiesOnly yes | ||
+ | IdentityFile " | ||
+ | </ | ||
+ | |||
+ | === Pub-Schlüssel hinzufügen - Server === | ||
+ | |||
+ | Füge den Inhalt von '' | ||
+ | |||
+ | < | ||
+ | cd | ||
+ | mkdir .ssh | ||
+ | chmod 700 .ssh | ||
+ | touch .ssh/ | ||
+ | chmod 600 .ssh/ | ||
+ | nano .ssh/ | ||
+ | </ | ||
+ | |||
+ | |||
+ | ==== SSH-Agent - Desktop ==== | ||
+ | |||
+ | < | ||
+ | mkdir -p ~/ | ||
+ | nano ~/ | ||
+ | </ | ||
+ | < | ||
+ | [Unit] | ||
+ | Description=SSH key agent | ||
+ | |||
+ | [Service] | ||
+ | Type=simple | ||
+ | Environment=SSH_AUTH_SOCK=%t/ | ||
+ | ExecStart=/ | ||
+ | |||
+ | [Install] | ||
+ | WantedBy=default.target | ||
+ | </ | ||
+ | < | ||
+ | systemctl --user enable ~/ | ||
+ | systemctl --user start ssh-agent.service | ||
+ | </ | ||
+ | |||
+ | <alert type=" | ||
+ | |||