====== SSH ======

===== Debian =====

=== Recommended config ===

<code bash>
mkdir ~/.ssh
cd ~/.ssh
wget https://raw.githubusercontent.com/JM-Lemmi/JM-Lemmi/main/authorized_keys
</code>

<file . /etc/ssh/sshd_config>
Port 22
#Port 22222

PermitRootLogin Prohibit-Password

PasswordAuthentication no
ChallengeResponseAuthentication no

#Match Address 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
#    PasswordAuthentication yes
</file>

<code bash>
echo "PermitRootLogin Prohibit-Password" >> /etc/ssh/sshd_config
</code>

=== allow root pw login ===

from [[https://linuxconfig.org/enable-ssh-root-login-on-debian-linux-server|here]].

<file bash /etc/ssh/sshd_config>
PermitRootLogin yes
</file>

=== Pubkeyauth ===

from [[https://linuxhandbook.com/add-ssh-public-key-to-server/]]

add key to ''root/.ssh/authorized_keys'' oder ''/home/user/.ssh/authorized_keys''

Settings for only Pubkey auth:

<file conf /etc/ssh/sshd_config>
PubkeyAuthentication yes
PasswordAuthentication no
</file>

password has to be explicitely disabled

=== SSH-Agent ===

To not have to reauth ssh key all the time use ssh-agent:

<code>
eval `ssh-agent`
ssh-add ~/.ssh/id_ed25519
</code>

===== See also =====

  * [[https://iximiuz.com/ssh-tunnels/ssh-tunnels.png|Forwarding Cheat Sheet]]
  * [[https://developer.1password.com/docs/ssh/get-started/|1Password SSH-Agent Setup]]
  * [[knowledge_base:software_setup:ssh_pubkey|Win10]]
  * [[knowledge_base:sonstiges:git_sign_commit|Git Commits Signieren]]