The server here uses Ubuntu 20.04.6 LTS aarch64. This article will not talk about using tools to connect. Just add the tools directly. Here is the terminal command operation.
SSH command to connect using password
Use the following command to make a password connection in the terminal
ssh username@hostname
If it is the first time to connect to the SSH client, you will be prompted whether to confirm to continue the connection.
This prompt indicates that the server's host key (fingerprint) has no other known name on your computer (i.e. there has been no previous connection to the same hostname).
Therefore, the SSH client is not sure whether you already trust this server.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])?
yes: Indicates that you confirm to continue the connection. If you trust this server and you are sure that the server's host key is correct, you can enter "yes" and continue connecting.
no: Indicates that you do not want to continue the connection. If you don't trust or are unsure of the server's host key, you can enter "no" to abort the connection attempt.
fingerprint: If you have connected to a server with the same host name before, the server's fingerprint will be displayed here. You can check whether this fingerprint matches what you expected to confirm the authenticity of the server.
If you enter yes, you will be asked to enter a password to connect later. If the password is correct, the connection will be successful.
SSH command to connect using private key
Here it is recorded that the key pair is generated locally, then the public key is placed on the server, and the local private key is used to connect to the server
Locally generated key pair
Use the following command to generate a key pair. The process will ask you to enter the generated path and the passphrase of the private key. Enter the passphrase of the private key again. I default here and the passphrase is empty.
ssh-keygen -t rsa
-t keytype: Specifies the key type to generate, such as rsa, dsa, ecdsa, or ed25519.
-b bits: Specifies the number of bits in the generated key. By default, RSA keys are 2048 bits.
-C comment: Add a comment, usually identifying the purpose or owner of the key.
-f output_file: Specifies the file name of the generated key file.
-N passphrase: Set the passphrase (password) of the private key.
-P old_passphrase -N new_passphrase: Change the passphrase of the private key.
-q: Silent mode, reducing output information.
-y: Display the contents of the public key without generating a key pair.
-E hash: Specify the hash algorithm used to generate fingerprints, such as sha256, md5, etc.
-t ecdsa -b bits: Specifies the number of bits of the elliptic curve when used to generate ECDSA keys.
Add public key to server
Put the content of the generated public key in /root/.ssh/authorized_keysa file on the server
Connect to server using private key
Use the following command to connect to the server using the private key. If you set a passphrase for the private key, you will be asked to enter the passphrase to unlock the private key.
ssh -i /path/to/private_key username@hostname
Change login password
Modify the current user’s login password
To modify the password of the currently logged in user, just enter the following command in the terminal, and follow the prompts to enter the new password twice
passwd
Change other users’ login passwords
To modify the password of other users, you need to use the passwd command and specify the user name. Modifying the password of other users usually requires administrator privileges
sudo passwd username
Modify SSH connection configuration
The configuration file path is /etc/ssh/sshd_config, the following are some commonly modified configurations
Port: Specify the port number that the SSH server listens on. The default is 22, but for security, you can consider changing it to other ports.
PermitRootLogin: controls whether the root user is allowed to log in through SSH. It is recommended to set it to no, log in as a normal user and then switch to the root user
PasswordAuthentication: Controls whether to allow the use of passwords for authentication. It is recommended to set it to no, it is more secure to use the key for authentication.
PubkeyAuthentication: Specifies whether to allow the use of public key for authentication. Should be set to yes to enable public key authentication
AuthorizedKeysFile: Specifies the location of the public key file. The default is ~/.ssh/authorized_keys
MaxAuthTries: Set the maximum number of authentication attempts. The default is 6, which can be adjusted as needed.
ClientAliveInterval/ClientAliveCountMax: Set the time interval and maximum number of times the server detects client activity.
LoginGraceTime: Set the login timeout. If no login is performed after this time, the connection will be disconnected.
TCPKeepAlive: Whether to enable TCP keep- alive, can maintain the connection when the network is unstable