User Tools

Site Tools


Enable SSH Access with a key

1. Create public/private key pair

  $ ssh-keygen -t rsa -b 4096 -C "your_email@example.com"

2. Create config file

  $ cd ~/.ssh
  $ cat >> config
  Host turris
  Hostname 192.168.1.1
  Port 22
  User root
  IdentityFile ~/.ssh/id_rsa

If remote-editing (using Sublime Text, TextMate, or VS Code) is desired, modify config to resemble:

  Host 192.168.1.1
    IdentityFile ~/.ssh/id_rsa
    RemoteForward 52698 localhost:52698

3. Press Enter and Ctrl(⌃)+D to end editing

Turris configuration

1. Connect to Turris

  $ ssh root@192.168.1.1

2. Create authorize_keys file

  On router:
  # mkdir ~/.ssh
  # chmod 0700 ~/.ssh
  On your PC:
  $ ssh root@192.168.1.1 "tee -a ~/.ssh/authorized_keys" < ~/.ssh/id_rsa.pub
  On router:
  # chmod 0600 ~/.ssh/authorized_keys

Hardening SSH

If you want to be sure that nobody can log in with the password without having the key, edit the configuration file of the sshd service and restart it:

  # vi /etc/ssh/sshd_config.d/local.conf

Write the following strings:

  PasswordAuthentication no
  ChallengeResponseAuthentication no

(save the file and exit from vi)

  # service sshd restart