Table of Contents
Enable SSH Access with a key
1. Create public/private key pair
$ ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
2. Create config file
$ cd ~/.ssh $ cat >> config Host turris Hostname 192.168.1.1 Port 22 User root IdentityFile ~/.ssh/id_rsa
If remote-editing (using Sublime Text, TextMate, or VS Code) is desired, modify config to resemble:
Host 192.168.1.1
IdentityFile ~/.ssh/id_rsa
RemoteForward 52698 localhost:52698
3. Press Enter and Ctrl(⌃)+D to end editing
Turris configuration
1. Connect to Turris
$ ssh root@192.168.1.1
2. Create authorize_keys file
On router: # mkdir ~/.ssh # chmod 0700 ~/.ssh On your PC: $ ssh root@192.168.1.1 "tee -a ~/.ssh/authorized_keys" < ~/.ssh/id_rsa.pub On router: # chmod 0600 ~/.ssh/authorized_keys
Hardening ssh
If you want to be sure that nobody can log in with the password without having the key, edit the configuration file of the sshd service and restart it:
# vi /etc/ssh/sshd_config change the following strings: '#PasswordAuthentication yes' in 'PasswordAuthentication no' '#ChallengeResponseAuthentication yes' in 'ChallengeResponseAuthentication no' (save the file and exit from vi) # service sshd restart
Turris is developed by CZ.NIC, z. s. p. o.
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
