"A word of caution – the root account should NEVER have SSH access. If somehow someone breaks into the SSH server they would have administrative access. Administrative access can always be obtained by using su and entering the root password – which should be different from the user’s password!"
FreeBSD has an SSH server and client out of the box, it just needs to be enabled.
You need ssh public/private key first, so let's make it.
Initial login with no key pair (default):
# ssh junayed@192.168.10.114 (my ssh server LAN IP)
links: https://man.openbsd.org/ssh-keygen.1,
Generating a new SSH key and adding it to the ssh-agent
Configuring sshd
# ssh-keygen -t rsa -b 4096 -C "y@ex.com"
# ssh-keygen -t ecdsa -b 4096 -C "y@ex.com" -f ~/.ssh/freeBSD -N abc123
here,
[
[
[
[
[
AUTHORIZED KEY:
Create a key pair from your desktop bash /OR inside in server directly(not from the root account):
here,
[
-C comment][
-t dsa | ecdsa | ed25519 | rsa][
-b bits] 4096[
-f output_keyfile][
-N new_passphrase]
Sample Server credentials details,
port: 22
Server name: mg1149
-f freeBSD -N xyz987
AUTHORIZED KEY:
An authorized key in SSH is a public key used for granting login access to users. The authentication mechanism is called public key authentication.
Authorized keys are configured separately for each user - usually in the .ssh/authorized_keys file in the user's home directory. However, the location of the keys can be configured in SSH server configuration files and is often changed to a root-owned location in more secure environments.
Typically provisioning an authorized key involves generating a key pair, installing the public key as an authorized key, and using the private key as an identity key.
The first command will add your desktop’s public key to the server’s list of allowed desktop computers to connect (authorized keys)
The first command will add your desktop’s public key to the server’s list of allowed desktop computers to connect (authorized keys)
Option 1: Operation inside the server;
# cat id_rsa.pub >> ~/.ssh/authorized_keys
# rm id_rsa.pub
# cat ~/.ssh/id_rsa
Copy the content and paste it into a blank file, name it id_rsa.
From your desktop, make login with this private keys.
$ ssh -i ~/.ssh/freeBSD2 junayed@192.168.10.114 -p 22
Option 2: Operation from the desktop;
You need to use the SSH-COPY-ID
Create lock/key from your desktop, then copy the Lock/Public-key to the server using
# ssh-copy-id -i ~/.ssh/mykey user@host
# ssh-copy-id -i ~/.ssh/freeBSD.pub junayed@192.168.10.114 /103.10....
(Login to the machine)
(Authorize and delete public key)
# cat id_rsa.pub >> ~/.ssh/authorized_keys
# rm id_rsa.pub
# ssh-copy-id -i ~/.ssh/mykey user@host
# ssh-copy-id -i ~/.ssh/freeBSD.pub junayed@192.168.10.114 /103.10....
(Login to the machine)
Adding your SSH key to the ssh-agent:
# eval $(ssh-agent -s)
# ssh-add ~/.ssh/freeBSD
Log in to the server with the private key:
# ssh -i ~/.ssh/freeBSD junayed@192.168.10.114 -p 22
Lastly:
Don't forgot: Setting up your router port forwarding to :22
Funny mistake: You need to login from outside network to login with the public IP!
No comments:
Post a Comment