模板:USJ Adjust SSH

来自Ubuntu中文
跳到导航跳到搜索

Adjust SSH for remote connections

  • The default SSH port is 22, but this may conflict with other SSH servers on your network. Change the SSH port to a custom port. Also disallow password-based logins, for now, to prevent unauthorized logins. See this tutorial.
sudo gedit /etc/ssh/sshd_config
change the listening port:
Port 22199
and disallow Password-based authentication by changing the line::
#PasswordAuthentication yes
to
PasswordAuthentication no
  • Make sure the OpenSSH server knows that it must look for the authorized_keys file. Uncomment the line:
#AuthorizedKeysFile %h/.ssh/authorized_keys

so that it resembles:

AuthorizedKeysFile %h/.ssh/authorized_keys
then restart the OpenSSH server:
sudo /etc/init.d/ssh restart
  • Make sure the router forwards the selected listening port (e.g. 22199) to the IP address (e.g. 192.168.0.99) of the server.
  • Install X11VNC:
sudo apt-get install x11vnc
Add an X11VNC Server menu item with the command:
x11vnc --forever
-> Place in system tray (ticked)
  • Create an SSH keypair for automated login:
  • Generate a key pair (by default, a 2048-bit RSA key pair is created):
ssh-keygen
  • Accept the default location for the key file ( /home/user/.ssh/id_rsa ).
  • Leave the passphrase empty
  • Make sure the directory /home/serveruser/.ssh exists; if not, create one using:
mkdir ~/.ssh
(In this instance, user = serveruser = jauntyadmin00, so the folder /home/jauntyadmin00/.ssh ought to already exist).

Make sure that a file named authorized_keys (with write privileges) is in that folder. If not, create such a file (using the touch command to create an empty file) while logged into the server as serveruser (i.e. jauntyadmin00):

cd ~/.ssh
touch authorized_keys
Concatenate the newly-generated id_rsa.pub key to the authorized_keys file:
cd ~/.ssh
cat authorized_keys id_rsa.pub >> authorized_keys
  • Create a test connection:
  • Start the X11VNC Server (as above)
  • Connect VNC through the SSH tunnel with the commands:
ssh -l jauntyadmin00 -L 5900:127.0.0.1:5900 myjaunty00.dyndns.org -p 22199
vinagre vnc://127.0.0.1

or with a single-line command (which can be placed in a Menu item / shortcut):

ssh -f -l jauntyadmin00 -L 5900:127.0.0.1:5900 myjaunty00.dyndns.org -p 22199 sleep 5; vinagre vnc://127.0.0.1

Note: vinagre -- fullscreen vnc://127.0.0.1 will start the VNC connection in fullscreen mode (but should only be used when connecting from other computers).