Setting up a SSH server: Difference between revisions
m (Arrogance moved page Setting up a ssh-server to Setting up a SSH server: SSH should be capitalized, and I see no reason to hyphenate the title) |
(Improve →Dropbear: section) |
||
| Line 61: | Line 61: | ||
= Dropbear = | = Dropbear = | ||
[https://matt.ucc.asn.au/dropbear/dropbear.html Dropbear] is | [https://matt.ucc.asn.au/dropbear/dropbear.html Dropbear] is a lightweight SSH client/server alternative to OpenSSH. | ||
=== server === | |||
{{Tip|You can use {{Path|~/.ssh/authorized_keys}} in the same way as with OpenSSH}} | |||
{{Pkg|dropbear}} can be install through the [[Alpine setup scripts]], or manually with: | |||
{{Cmd|apk add dropbear}} | {{Cmd|apk add dropbear}} | ||
Start it: | Start it: | ||
| Line 74: | Line 78: | ||
The config file is located at <code>/etc/conf.d/dropbear</code> | The config file is located at <code>/etc/conf.d/dropbear</code> | ||
{{Pkg|dropbear-dbclient}} contains SSH client | {{Tip|{{Path|<nowiki>DROPBEAR_OPTS="-w -s"</nowiki>}} will forbid root login and password login}} | ||
=== client === | |||
{{Pkg|dropbear-dbclient}} contains the SSH client and can be installed manually with: | |||
{{Cmd|apk add dropbear-dbclient}} | |||
In its simplest form it can be used like this: | |||
{{Cmd|dbclient <user>@host.example.com}} | |||
{{Cmd|dbclient host.example.com}} | {{Cmd|dbclient host.example.com}} | ||
{{Cmd|dbclient x.x.x.x}} (where x.x.x.x is the IP address of the remote machine). | {{Cmd|dbclient x.x.x.x}} (where x.x.x.x is the IP address of the remote machine). | ||
Revision as of 01:52, 29 May 2022
Overview
This article provides a short overview of SSH on Alpine Linux.
Also see Secure Shell (Wikipedia).
OpenSSH
OpenSSH is a popular SSH implementation for remote encrypted login to a machine. OpenSSH defines sshd as the daemon, and ssh as the client program.
The openssh package provides OpenSSH on Alpine Linux.
Installation
Install the openssh package:
apk add openssh
Also see Alpine Linux package management .
Service commands
Enable the sshd service so that it starts at boot:
rc-update add sshd
List services to verify sshd is enabled:
rc-status
Start the sshd service immediately and create configuration files:
/etc/init.d/sshd start
Also see Alpine Linux Init System.
Fine tuning
You may wish to change the default configuration. This section describes some of the configuration options as examples, however it is by no means an exhaustive list. See the manual for full details.
The fine-tuning is done by editing /etc/ssh/sshd_config. Any line starting with "#" is ignored by sshd.
UseDNS no # By setting this to no, connection speed can increase. PasswordAuthentication no # Do not allow password authentication.
Other configuration options are shown in /etc/ssh/sshd_config. The file includes comments that explain many of the options.
Firewalling and Port Changes
By default, sshd will communicate on TCP port 22.
Sometimes 22/tcp is blocked by a firewall over which you have no control. Changing the Port option to an unused port number in /etc/ssh/sshd_config may be useful in this situation.
Port 443 # Use whichever port number fits your needs
Restart sshd after making modifications to the configuration file:
/etc/init.d/sshd restart
Dropbear
Dropbear is a lightweight SSH client/server alternative to OpenSSH.
server
dropbear can be install through the Alpine setup scripts, or manually with:
apk add dropbear
Start it:
rc-service dropbear start
Add it to the default runlevel:
rc-update add dropbear
Use the following command to check all available server options:
dropbear -h
The config file is located at /etc/conf.d/dropbear
client
dropbear-dbclient contains the SSH client and can be installed manually with:
apk add dropbear-dbclient
In its simplest form it can be used like this:
dbclient <user>@host.example.com
dbclient host.example.com
dbclient x.x.x.x
(where x.x.x.x is the IP address of the remote machine).
Use dbclient -h to see all available options.