mirror of
https://github.com/clearlinux/clear-linux-documentation.git
synced 2026-05-14 02:43:43 +00:00
274 lines
14 KiB
HTML
274 lines
14 KiB
HTML
|
|
<!DOCTYPE html>
|
|
|
|
<html lang="en" data-content_root="../../">
|
|
<head>
|
|
<meta charset="utf-8" />
|
|
<meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />
|
|
|
|
<title>Enable and configure SSH service — Documentation for Clear Linux* project</title>
|
|
<link rel="stylesheet" type="text/css" href="../../_static/pygments.css?v=fa44fd50" />
|
|
<link rel="stylesheet" type="text/css" href="../../_static/bizstyle.css?v=5283bb3d" />
|
|
<link rel="stylesheet" type="text/css" href="../../_static/copybutton.css?v=76b2166b" />
|
|
|
|
<script src="../../_static/documentation_options.js?v=5929fcd5"></script>
|
|
<script src="../../_static/doctools.js?v=9bcbadda"></script>
|
|
<script src="../../_static/sphinx_highlight.js?v=dc90522c"></script>
|
|
<script src="../../_static/clipboard.min.js?v=a7894cd8"></script>
|
|
<script src="../../_static/copybutton.js?v=a56c686a"></script>
|
|
<script src="../../_static/bizstyle.js"></script>
|
|
<link rel="canonical" href="https://clearlinux.github.io/clear-linux-documentation/guides/network/openssh-server.html" />
|
|
<link rel="icon" href="../../_static/favicon.ico"/>
|
|
<link rel="author" title="About these documents" href="../../about.html" />
|
|
<link rel="index" title="Index" href="../../genindex.html" />
|
|
<link rel="search" title="Search" href="../../search.html" />
|
|
<link rel="next" title="Proxy Configuration" href="proxy.html" />
|
|
<link rel="prev" title="Combine multiple interfaces with network bonding" href="network-bonding.html" />
|
|
<meta name="viewport" content="width=device-width,initial-scale=1.0" />
|
|
<!--[if lt IE 9]>
|
|
<script src="_static/css3-mediaqueries.js"></script>
|
|
<![endif]-->
|
|
</head><body>
|
|
<div class="related" role="navigation" aria-label="Related">
|
|
<h3>Navigation</h3>
|
|
<ul>
|
|
<li class="right" style="margin-right: 10px">
|
|
<a href="../../genindex.html" title="General Index"
|
|
accesskey="I">index</a></li>
|
|
<li class="right" >
|
|
<a href="proxy.html" title="Proxy Configuration"
|
|
accesskey="N">next</a> |</li>
|
|
<li class="right" >
|
|
<a href="network-bonding.html" title="Combine multiple interfaces with network bonding"
|
|
accesskey="P">previous</a> |</li>
|
|
<li class="nav-item nav-item-0"><a href="../../index.html">Documentation for Clear Linux* project</a> »</li>
|
|
<li class="nav-item nav-item-1"><a href="../index.html" accesskey="U">Guides</a> »</li>
|
|
<li class="nav-item nav-item-this"><a href="">Enable and configure SSH service</a></li>
|
|
</ul>
|
|
</div>
|
|
|
|
<div class="document">
|
|
<div class="documentwrapper">
|
|
<div class="bodywrapper">
|
|
<div class="body" role="main">
|
|
|
|
<section id="enable-and-configure-ssh-service">
|
|
<span id="openssh-server"></span><h1>Enable and configure SSH service<a class="headerlink" href="#enable-and-configure-ssh-service" title="Link to this heading">¶</a></h1>
|
|
<p>This guide describes how to set up the SSH service.</p>
|
|
<nav class="contents local" id="contents">
|
|
<ul class="simple">
|
|
<li><p><a class="reference internal" href="#overview" id="id1">Overview</a></p></li>
|
|
<li><p><a class="reference internal" href="#prerequisites" id="id2">Prerequisites</a></p></li>
|
|
<li><p><a class="reference internal" href="#change-default-port" id="id3">Change default port</a></p></li>
|
|
<li><p><a class="reference internal" href="#enable-sftp" id="id4">Enable SFTP</a></p></li>
|
|
<li><p><a class="reference internal" href="#enable-root-login" id="id5">Enable root login</a></p></li>
|
|
<li><p><a class="reference internal" href="#enable-x11-forwarding" id="id6">Enable X11-forwarding</a></p></li>
|
|
</ul>
|
|
</nav>
|
|
<section id="overview">
|
|
<h2><a class="toc-backref" href="#id1" role="doc-backlink">Overview</a><a class="headerlink" href="#overview" title="Link to this heading">¶</a></h2>
|
|
<p>The <strong class="command">openssh-server</strong> bundle provides the OpenSSH package that
|
|
enables an SSH service in Clear Linux* OS. Remote users require an SSH service to be
|
|
able to use an encrypted login shell. The SSH daemon has all of its configuration built in and no template configuration file is present on the file system.</p>
|
|
<p>Clear Linux OS enables the <cite>sshd.socket</cite> unit, which listens on port 22 by default
|
|
and starts the OpenSSH service as required. The first time OpenSSH starts, it
|
|
generates the server SSH keys needed for the service.</p>
|
|
</section>
|
|
<section id="prerequisites">
|
|
<h2><a class="toc-backref" href="#id2" role="doc-backlink">Prerequisites</a><a class="headerlink" href="#prerequisites" title="Link to this heading">¶</a></h2>
|
|
<p>Ensure the <strong class="command">openssh-server</strong> bundle is installed.</p>
|
|
<p>To list all bundles on your host, enter:</p>
|
|
<div class="highlight-bash notranslate"><div class="highlight"><pre><span></span>sudo<span class="w"> </span>swupd<span class="w"> </span>bundle-list
|
|
</pre></div>
|
|
</div>
|
|
<p>To add the <strong class="command">openssh-server</strong> bundle, enter:</p>
|
|
<div class="highlight-bash notranslate"><div class="highlight"><pre><span></span>sudo<span class="w"> </span>swupd<span class="w"> </span>bundle-add<span class="w"> </span>openssh-server
|
|
</pre></div>
|
|
</div>
|
|
</section>
|
|
<section id="change-default-port">
|
|
<h2><a class="toc-backref" href="#id3" role="doc-backlink">Change default port</a><a class="headerlink" href="#change-default-port" title="Link to this heading">¶</a></h2>
|
|
<p>Perform the following steps to change the default listening port for the
|
|
OpenSSH service.</p>
|
|
<ol class="arabic">
|
|
<li><p>Open the <code class="file docutils literal notranslate"><span class="pre">sshd.socket</span></code> file:</p>
|
|
<div class="highlight-bash notranslate"><div class="highlight"><pre><span></span>sudo<span class="w"> </span>systemctl<span class="w"> </span>edit<span class="w"> </span>sshd.socket
|
|
</pre></div>
|
|
</div>
|
|
</li>
|
|
<li><p>Add the <cite>[Socket]</cite> section and <cite>ListenStream</cite> option to the sshd.socket
|
|
file as shown below. The first <cite>ListenStream</cite> entry removes the Clear Linux OS
|
|
default listen port value. The second <cite>ListenStream</cite> entry sets the new
|
|
default listen port value. In this example, we set the new default port
|
|
to 4200:</p>
|
|
<div class="highlight-console notranslate"><div class="highlight"><pre><span></span><span class="go">[Socket]</span>
|
|
<span class="go">ListenStream=</span>
|
|
<span class="go">ListenStream=4200</span>
|
|
</pre></div>
|
|
</div>
|
|
<p>Make sure to include a new line after the last line of text in the <code class="file docutils literal notranslate"><span class="pre">sshd.socket</span></code> file.</p>
|
|
</li>
|
|
<li><p>Verify your changes:</p>
|
|
<div class="highlight-bash notranslate"><div class="highlight"><pre><span></span>cat<span class="w"> </span>/etc/systemd/system/sshd.socket.d/override.conf
|
|
</pre></div>
|
|
</div>
|
|
<p>The following output is displayed:</p>
|
|
<div class="highlight-console notranslate"><div class="highlight"><pre><span></span><span class="go">[Socket]</span>
|
|
<span class="go">ListenStream=</span>
|
|
<span class="go">ListenStream=4200</span>
|
|
</pre></div>
|
|
</div>
|
|
</li>
|
|
<li><p>Reload the systemd daemon configurations:</p>
|
|
<div class="highlight-bash notranslate"><div class="highlight"><pre><span></span>sudo<span class="w"> </span>systemctl<span class="w"> </span>daemon-reload
|
|
</pre></div>
|
|
</div>
|
|
</li>
|
|
<li><p>Restart the sshd.socket unit:</p>
|
|
<div class="highlight-bash notranslate"><div class="highlight"><pre><span></span>sudo<span class="w"> </span>systemctl<span class="w"> </span>restart<span class="w"> </span>sshd.socket
|
|
</pre></div>
|
|
</div>
|
|
</li>
|
|
<li><p>Confirm the sshd.socket unit is listening on your new port:</p>
|
|
<div class="highlight-bash notranslate"><div class="highlight"><pre><span></span>sudo<span class="w"> </span>systemctl<span class="w"> </span>status<span class="w"> </span>sshd.socket
|
|
</pre></div>
|
|
</div>
|
|
<div class="admonition note">
|
|
<p class="admonition-title">Note</p>
|
|
<p>Output should show <span class="guilabel">Active:</span> as <cite>active(listening)</cite>.</p>
|
|
</div>
|
|
</li>
|
|
</ol>
|
|
</section>
|
|
<section id="enable-sftp">
|
|
<h2><a class="toc-backref" href="#id4" role="doc-backlink">Enable SFTP</a><a class="headerlink" href="#enable-sftp" title="Link to this heading">¶</a></h2>
|
|
<p>Clear Linux OS <em>disables</em> the <abbr title="SSH File Transfer Protocol">SFTP</abbr> subsystem by
|
|
default due to security considerations. To enable the SFTP subsystem, you can
|
|
configure the <code class="file docutils literal notranslate"><span class="pre">/etc/ssh/sshd_config</span></code> file.</p>
|
|
<ol class="arabic">
|
|
<li><p>Create the following file, if it does not already exist:
|
|
<code class="file docutils literal notranslate"><span class="pre">/etc/ssh/sshd_config</span></code></p></li>
|
|
<li><p>Add the the SFTP subsystem in <code class="file docutils literal notranslate"><span class="pre">/etc/ssh/sshd_config</span></code>:</p>
|
|
<div class="highlight-console notranslate"><div class="highlight"><pre><span></span><span class="go">subsystem sftp /usr/libexec/sftp-server</span>
|
|
</pre></div>
|
|
</div>
|
|
</li>
|
|
</ol>
|
|
<p>Congratulations! The SFTP subsystem is enabled. You do not need to restart the sshd service.</p>
|
|
</section>
|
|
<section id="enable-root-login">
|
|
<h2><a class="toc-backref" href="#id5" role="doc-backlink">Enable root login</a><a class="headerlink" href="#enable-root-login" title="Link to this heading">¶</a></h2>
|
|
<p>To enable root login via SSH, perform the following steps:</p>
|
|
<ol class="arabic">
|
|
<li><p>Create the following file, if it does not already exist:
|
|
<code class="file docutils literal notranslate"><span class="pre">/etc/ssh/sshd_config</span></code></p></li>
|
|
<li><p>Set the configuration variable in <code class="file docutils literal notranslate"><span class="pre">/etc/ssh/sshd_config</span></code>:</p>
|
|
<div class="highlight-console notranslate"><div class="highlight"><pre><span></span><span class="go">PermitRootLogin yes</span>
|
|
</pre></div>
|
|
</div>
|
|
</li>
|
|
</ol>
|
|
<p>You have now enabled root login on your system. You do not need to restart the sshd service.</p>
|
|
</section>
|
|
<section id="enable-x11-forwarding">
|
|
<h2><a class="toc-backref" href="#id6" role="doc-backlink">Enable X11-forwarding</a><a class="headerlink" href="#enable-x11-forwarding" title="Link to this heading">¶</a></h2>
|
|
<p>X11 forwarding allows you to securely run graphical applications (that is, X
|
|
clients) over the SSH connection. This enables remote GUI apps without the need
|
|
for full VNC or remote desktop setup. To enable X11-forwarding via SSH,
|
|
perform the following steps:</p>
|
|
<ol class="arabic">
|
|
<li><p>Create the following file, if it does not already exist:
|
|
<code class="file docutils literal notranslate"><span class="pre">/etc/ssh/sshd_config</span></code></p></li>
|
|
<li><p>Set the following configuration variables.</p>
|
|
<div class="highlight-bash notranslate"><div class="highlight"><pre><span></span>AllowTcpForwarding<span class="w"> </span>yes
|
|
X11UseLocalhost<span class="w"> </span>yes
|
|
X11DisplayOffset<span class="w"> </span><span class="m">10</span>
|
|
X11Forwarding<span class="w"> </span>yes
|
|
</pre></div>
|
|
</div>
|
|
</li>
|
|
</ol>
|
|
<p>You have now enabled X11-forwarding! You do not need to restart the sshd service.</p>
|
|
</section>
|
|
</section>
|
|
|
|
|
|
<div class="clearer"></div>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
<div class="sphinxsidebar" role="navigation" aria-label="Main">
|
|
<div class="sphinxsidebarwrapper">
|
|
<p class="logo"><a href="../../index.html">
|
|
<img class="logo" src="../../_static/clearlinux.png" alt="Logo of Clear Linux* Project Docs"/>
|
|
</a></p>
|
|
<div>
|
|
<h3><a href="../../index.html">Table of Contents</a></h3>
|
|
<ul>
|
|
<li><a class="reference internal" href="#">Enable and configure SSH service</a><ul>
|
|
<li><a class="reference internal" href="#overview">Overview</a></li>
|
|
<li><a class="reference internal" href="#prerequisites">Prerequisites</a></li>
|
|
<li><a class="reference internal" href="#change-default-port">Change default port</a></li>
|
|
<li><a class="reference internal" href="#enable-sftp">Enable SFTP</a></li>
|
|
<li><a class="reference internal" href="#enable-root-login">Enable root login</a></li>
|
|
<li><a class="reference internal" href="#enable-x11-forwarding">Enable X11-forwarding</a></li>
|
|
</ul>
|
|
</li>
|
|
</ul>
|
|
|
|
</div>
|
|
<div>
|
|
<h4>Previous topic</h4>
|
|
<p class="topless"><a href="network-bonding.html"
|
|
title="previous chapter">Combine multiple interfaces with network bonding</a></p>
|
|
</div>
|
|
<div>
|
|
<h4>Next topic</h4>
|
|
<p class="topless"><a href="proxy.html"
|
|
title="next chapter">Proxy Configuration</a></p>
|
|
</div>
|
|
<div role="note" aria-label="source link">
|
|
<h3>This Page</h3>
|
|
<ul class="this-page-menu">
|
|
<li><a href="../../_sources/guides/network/openssh-server.rst.txt"
|
|
rel="nofollow">Show Source</a></li>
|
|
</ul>
|
|
</div>
|
|
<search id="searchbox" style="display: none" role="search">
|
|
<h3 id="searchlabel">Quick search</h3>
|
|
<div class="searchformwrapper">
|
|
<form class="search" action="../../search.html" method="get">
|
|
<input type="text" name="q" aria-labelledby="searchlabel" autocomplete="off" autocorrect="off" autocapitalize="off" spellcheck="false"/>
|
|
<input type="submit" value="Go" />
|
|
</form>
|
|
</div>
|
|
</search>
|
|
<script>document.getElementById('searchbox').style.display = "block"</script>
|
|
</div>
|
|
</div>
|
|
<div class="clearer"></div>
|
|
</div>
|
|
<div class="related" role="navigation" aria-label="Related">
|
|
<h3>Navigation</h3>
|
|
<ul>
|
|
<li class="right" style="margin-right: 10px">
|
|
<a href="../../genindex.html" title="General Index"
|
|
>index</a></li>
|
|
<li class="right" >
|
|
<a href="proxy.html" title="Proxy Configuration"
|
|
>next</a> |</li>
|
|
<li class="right" >
|
|
<a href="network-bonding.html" title="Combine multiple interfaces with network bonding"
|
|
>previous</a> |</li>
|
|
<li class="nav-item nav-item-0"><a href="../../index.html">Documentation for Clear Linux* project</a> »</li>
|
|
<li class="nav-item nav-item-1"><a href="../index.html" >Guides</a> »</li>
|
|
<li class="nav-item nav-item-this"><a href="">Enable and configure SSH service</a></li>
|
|
</ul>
|
|
</div>
|
|
<div class="footer" role="contentinfo">
|
|
© Copyright 2022 Intel Corporation. All Rights Reserved..
|
|
Last updated on Nov 04, 2024.
|
|
Created using <a href="https://www.sphinx-doc.org/">Sphinx</a> 8.1.3.
|
|
</div>
|
|
</body>
|
|
</html> |