1. Create public/private key pair
$ ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
2. Create config file
$ cd ~/.ssh $ cat >> config Host turris Hostname 192.168.1.1 Port 22 User root IdentityFile ~/.ssh/id_rsa
If remote-editing (using Sublime Text, TextMate, or VS Code) is desired, modify config to resemble:
Host 192.168.1.1 IdentityFile ~/.ssh/id_rsa RemoteForward 52698 localhost:52698
3. Press Enter and Ctrl(⌃)+D to end editing
1. Connect to Turris
$ ssh root@192.168.1.1
2. Create authorize_keys file
On router: # mkdir ~/.ssh # chmod 0700 ~/.ssh On your PC: $ ssh root@192.168.1.1 "tee -a ~/.ssh/authorized_keys" < ~/.ssh/id_rsa.pub On router: # chmod 0600 ~/.ssh/authorized_keys
If you want to be sure that nobody can log in with the password without having the key, edit the configuration file of the sshd service and restart it:
# vi /etc/ssh/sshd_config.d/local.conf
Write the following strings:
PasswordAuthentication no ChallengeResponseAuthentication no
(save the file and exit from vi)
# service sshd restart