SSH Client Setup

  • On linux follow instructions at–2.
  • On windows follows instructions at

Quick tutorial for creating key on client and copying to the server.

Create key

ssh-keygen -t rsa -b 4096 -C ""

Copy the key to the server. Obviously replace the IP with address of you servers.

ssh-copy-id user@

Alternative copy the key to the server.

cat ~/.ssh/ | ssh user@ "mkdir -p ~/.ssh && cat >>  ~/.ssh/authorized_keys"

You can now connect using ssh without a username and password.

SSH Server

Write me. I generally have this completely scripted anyway.

Connect to server. Run commands. Tunnel.

Configure ssh server to only allow root user and only with ssh public key.

#!/usr/bin/env bash
set -e # exit on first error
set -u # exit on using unset variable

	# Setup ssh server
	# probably already installed but lets make sure
	apt-get install -y openssh-server

	if [ ! -f /etc/ssh/sshd_config.factory-defaults ]; then
    	echo "create a read only copy of default settings"
    	cp /etc/ssh/sshd_config /etc/ssh/sshd_config.factory-defaults
		chmod a-w /etc/ssh/sshd_config.factory-defaults

	rm -rf /etc/ssh/sshd_config
	touch /etc/ssh/sshd_config

	echo "AllowUsers root" >> /etc/ssh/sshd_config
	echo "Port 22" >> /etc/ssh/sshd_config
	echo "Protocol 2" >> /etc/ssh/sshd_config
	echo "HostKey /etc/ssh/ssh_host_rsa_key" >> /etc/ssh/sshd_config
	echo "HostKey /etc/ssh/ssh_host_dsa_key" >> /etc/ssh/sshd_config
	echo "HostKey /etc/ssh/ssh_host_ecdsa_key" >> /etc/ssh/sshd_config
	echo "HostKey /etc/ssh/ssh_host_ed25519_key" >> /etc/ssh/sshd_config
	echo "UsePrivilegeSeparation yes" >> /etc/ssh/sshd_config
	echo "KeyRegenerationInterval 3600" >> /etc/ssh/sshd_config
	echo "ServerKeyBits 1024" >> /etc/ssh/sshd_config
	echo "SyslogFacility AUTH" >> /etc/ssh/sshd_config
	echo "LogLevel INFO" >> /etc/ssh/sshd_config
	echo "LoginGraceTime 120" >> /etc/ssh/sshd_config
	echo "PermitRootLogin without-password" >> /etc/ssh/sshd_config
	echo "StrictModes yes" >> /etc/ssh/sshd_config
	echo "RSAAuthentication yes" >> /etc/ssh/sshd_config
	echo "PubkeyAuthentication yes" >> /etc/ssh/sshd_config
	echo "IgnoreRhosts yes" >> /etc/ssh/sshd_config
	echo "RhostsRSAAuthentication no" >> /etc/ssh/sshd_config
	echo "HostbasedAuthentication no" >> /etc/ssh/sshd_config
	echo "PermitEmptyPasswords no" >> /etc/ssh/sshd_config
	echo "ChallengeResponseAuthentication no" >> /etc/ssh/sshd_config
	echo "PasswordAuthentication no" >> /etc/ssh/sshd_config
	echo "X11Forwarding no" >> /etc/ssh/sshd_config
	echo "X11DisplayOffset 10" >> /etc/ssh/sshd_config
	echo "PrintMotd no" >> /etc/ssh/sshd_config
	echo "PrintLastLog yes" >> /etc/ssh/sshd_config
	echo "TCPKeepAlive yes" >> /etc/ssh/sshd_config
	echo "AcceptEnv LANG LC_*" >> /etc/ssh/sshd_config
	echo "Subsystem sftp /usr/lib/openssh/sftp-server" >> /etc/ssh/sshd_config
	reload ssh

echo "ok=true  changed=true name='configuressh'" 

Root with password

If you want to have root access with a password instead of key set

Note: this is not a good idea

PermitRootLogin yes
PubkeyAuthentication no
PasswordAuthentication yes