SSH Is Sexy And Fast Pt 1

PCAnywhere, GotomyPC…these are great for Windows users with more money than time, but what about those of us on Linux who want to grab our distros by the short hairs? Ah, this is where a hardened SSH install can do wonders for you. What would you say to a script that will allow you to take your SSH server installation on your home box, to the next level? Interested, keep reading.

First, install openssh-server on your desktop. As the client is already installed in Ubuntu by default, I will assume you have a client box such as a notebook already running Ubuntu elsewhere.

On that client (not server), install x11vnc. This is part of what will bring you a VNC-based experience with the security of SSH. Also on your router, you will need to open your port up. For a hardened install, I use something other than port 22 as that is just begging to be hit all day long. Use something like port 2222. So it would be something like TCP Any -> 2222 and not TCP 2222 -> 2222. I made that mistake on my FiOS router, took me forever to catch that one.

Now let’s configure your client box. For now, we’ll do our testing on port 22 even though the router is set for the permanent, port 2222. You can actually use almost anything, but 2222 is best.

Test the server pc now. In a terminal:

ssh the-server-local-ip-address

If it is working, it should ask you to authorize, then for your server pc password (the one you login to Ubuntu with). Cool, that is working. Now let’s keep going. On the client PC, from a terminal window, copy and paste the following with your mouse for speed.

mkdir ~/.ssh

chmod 700 ~/.ssh

ssh-keygen -q -f ~/.ssh/id_rsa -t rsa

Give it a made up “passphrase”, something you can type twice when confirming. Write it down.

chmod go-w ~/

chmod 700 ~/.ssh

chmod go-rwx ~/.ssh/*

Still working from the client PC:

scp ~/.ssh/id_rsa.pub username@ipaddress-of-server-pc:~/

Enter the passphrase you used a minute ago.

Enter the server PC’s password as if you were logging into the PC like usual.

If successful, you’ll see something like:

id_rsa.pub 100% 397 0.4KB/s 00:00

Back on the server PC:

mkdir ~/.ssh

chmod go-w ~/

chmod 700 ~/.ssh

cat ~/id_rsa.pub >> ~/.ssh/authorized_keys

chmod 600 ~/.ssh/authorized_keys

rm ~/id_rsa.pub

sudo gedit /etc/ssh/sshd_config

edit in the text file…

#PasswordAuthentication yes

to (remove the # mark with no spaces, ctrl F, paste the above in)

PasswordAuthentication no

then

sudo /etc/init.d/ssh restart

—-

Congrats, you just set up a SSH server on a PC. Now you will go ahead and login from the client, it’ll prompt you once for that “passphrase” one time only. From then on, it will remember that client PC.

In part two, I will help you harden SSH install so hackers are not throwing attacks at you all day. This will include helping you to access this from outside of your LAN and also changing your server’s port to 2222, as well. Oh, I will also give you a quick start script and VNC-based “visual desktop” experience, too.