1. Environment
Server:
1
2
3
4
5
6
|
lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 18.04.5 LTS
Release: 18.04
Codename: bionic
|
Client: Macbook Pro
2. Install Open SSH Server
Check ssh client (installed by default on Ubuntu 18.04 TLS)
1
2
3
|
$ dpkg -l | grep ssh
ii libssh-4:amd64 0.8.0~20170825.94fa1e38-1ubuntu0.7 amd64 tiny C SSH library (OpenSSL flavor)
ii openssh-client 1:7.6p1-4ubuntu0.3 amd64 secure shell (SSH) client, for secure access to remote machines
|
Install SSH server
1
|
$ sudo apt-get install openssh-server
|
Then check installation.
1
2
3
4
5
6
|
$ dpkg -l | grep ssh
ii libssh-4:amd64 0.8.0~20170825.94fa1e38-1ubuntu0.7 amd64 tiny C SSH library (OpenSSL flavor)
ii openssh-client 1:7.6p1-4ubuntu0.3 amd64 secure shell (SSH) client, for secure access to remote machines
ii openssh-server 1:7.6p1-4ubuntu0.3 amd64 secure shell (SSH) server, for secure access from remote machines
ii openssh-sftp-server 1:7.6p1-4ubuntu0.3 amd64 secure shell (SSH) sftp server module, for SFTP access from remote machines
ii ssh-import-id 5.7-0ubuntu1.1 all securely retrieve an SSH public key and install it locally
|
Check process.
1
2
|
$ ps -ax | grep ssh
3089 ? Ss 0:00 /usr/bin/ssh-agent /usr/bin/im-launch env GNOME_SHELL_SESSION_MODE=ubuntu gnome-session --session=ubuntu
|
Change /etc/ssh/sshd_config.
1
2
3
4
|
PermitRootLogin no
PubkeyAuthentication yes
PasswordAuthentication no
PermitEmptyPasswords no
|
- PermitRootLogin: “no” for prohibiting SSH root login.
- PubkeyAuthentication: “yes” for permitting SSH public key authentication
- PasswordAuthentication: “no” for prohibiting password authentication
- PermitEmptyPasswords: “no” for prohibiting blank password when turn on password authentication
4. Open ports
Ubuntu 18.04 LTS closes ports by default. Using utf(Uncomplicated FireWall), open the port for SSH.
1
2
3
4
5
|
$ sudo ufw enable # Enable firewall
$ sudo ufw status # Check open port
$ sudo ufw allow 22
$ sudo ufw reload
$ sudo ufw status # Check open port again
|
5. Set static IP address
Ubuntu 18.04 supports network configuration at yaml files at /etc/netplan/. (ex. /etc/netplan/01-network-manager-all.yaml).
Define ethernets section at 01-network-manager-all.yaml
1
2
3
4
5
6
7
8
9
10
|
# Let NetworkManager manage all devices on this system
network:
version: 2
renderer: NetworkManager
ethernets:
enp3s0:
addresses: [192.168.0.18/24, 'xxxx:3b:xxxx:2:xxxx:xxxx:xxxx:xxxx/64'] # Mac address is on `ifconfig -a`
gateway4: 192.168.0.1
nameservers:
addresses: [192.168.0.1, 8.8.8.8, 8.8.4.4]
|
Note
For checking network configuration, I installed net-tools and run ifconfig -a.
Apply updated configuration.
6.1. Server
At server, generate SSH key.
I setup pass phrase for SSH key file this time.
6.2. Client
6.2.1. authorized_keys
Then sent a public key (id_rsa_xxx.pub) to client and add that to ${HOME}/.ssh/authorized_keys
1
|
cat id_rsa_xxx.pub >> ~/.ssh/authorized_keys
|
6.2.2. .ssh/config
Add server host to ~/.ssh/config
1
2
3
4
5
|
Host 92.168.0.18
Hostname ubuntu01
User xxxx
Port 22
IdentityFile ~/.ssh/id_rsa_xxx_202105
|
Then I could login to server to client by:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
|
$ ssh xxxx@ubuntu01
Welcome to Ubuntu 18.04.5 LTS (GNU/Linux 5.4.0-70-generic x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
* Canonical Livepatch is available for installation.
- Reduce system reboots and improve kernel security. Activate at:
https://ubuntu.com/livepatch
0 個のパッケージがアップデート可能です。
0 of these updates are security updates.
Your Hardware Enablement Stack (HWE) is supported until April 2023.
Last login: Thu May 6 13:51:33 2021 from 192.168.0.11
xxxx@ubuntu01:~$
|
References