October 30, 2014
 
 
RSSRSS feed

More Linux Remote Networking Tips and Tricks (part 2) - page 2

Setting It Up

  • October 21, 2009
  • By Carla Schroder

Next, make sure that /etc/ssh/sshd_config on the server has these lines:

RSAAuthentication yes
PubkeyAuthentication yes

If you need to change /etc/ssh/sshd_config, restart the SSH daemon after you save your changes:

# /etc/init.d/ssh restart

Now try logging in with the new key:

[carla@localhost .ssh]$ ssh -i id_remotepc alrac@remotepc
Last login: Wed Oct 21 09:06:59 2009 from 192.168.2.131
alrac@remotepc:~$

Hurrah, it works. Password logins are still enabled; to restrict logins to public key logins only, disable password logins by editing /etc/ssh/sshd_config with these lines:

ChallengeResponseAuthentication no
PasswordAuthentication no
UsePAM no

Then restart the SSH server:

# /etc/init.d/ssh restart

And test password logins once more:

# [carla@localhost .ssh]$ ssh alrac@remotepc
Permission denied (publickey).

Very good, now only public key authentication works. You may use both if you prefer; you don't have to choose one or the other. Usually on the LAN users want more openness rather than more restrictions, and then using public key authentication is a nice convenience because you can grant access to more users without giving them system account passwords, or streamline your own SSH-surfing. Remote logins over the Internet definitely need to be more locked-down, so we'll learn how to do that in Part 3.

Doing All This Without Moving

You can do all this without ever leaving your chair, if you have SSH already enabled on your computers. Suppose you are sitting at Computer A, and follow the steps in this article to log in from Computer B. You can then log remotely into Computer B to allow logging in from Computer A. And so on. You can even restart OpenSSH without getting disconnected.

Carla Schroder is the author of the Linux Cookbook and the Linux Networking Cookbook (O'Reilly Media), the upcoming "Build a Digital Recording Studio with Audacity" (NoStarch Press), a lifelong book lover, and the managing editor of LinuxPlanet and Linux Today.

Sitemap | Contact Us