模板:USJ Adjust SSH
来自Ubuntu中文
Adjust SSH for remote connections
- The default SSH port is 22, but this may conflict with other SSH servers on your network. Change the SSH port to a custom port. Also disallow password-based logins, for now, to prevent unauthorized logins. See this tutorial.
sudo gedit /etc/ssh/sshd_config
- change the listening port:
Port 22199
- and disallow Password-based authentication by changing the line::
#PasswordAuthentication yes
- to
PasswordAuthentication no
- Make sure the OpenSSH server knows that it must look for the authorized_keys file. Uncomment the line:
#AuthorizedKeysFile %h/.ssh/authorized_keys
so that it resembles:
AuthorizedKeysFile %h/.ssh/authorized_keys
- then restart the OpenSSH server:
sudo /etc/init.d/ssh restart
- Make sure the router forwards the selected listening port (e.g. 22199) to the IP address (e.g. 192.168.0.99) of the server.
- Install X11VNC:
sudo apt-get install x11vnc
- Add an X11VNC Server menu item with the command:
x11vnc --forever
- -> Place in system tray (ticked)
- Create an SSH keypair for automated login:
- Generate a key pair (by default, a 2048-bit RSA key pair is created):
ssh-keygen
- Accept the default location for the key file ( /home/user/.ssh/id_rsa ).
- Leave the passphrase empty
- Make sure the directory /home/serveruser/.ssh exists; if not, create one using:
mkdir ~/.ssh
- (In this instance, user = serveruser = jauntyadmin00, so the folder /home/jauntyadmin00/.ssh ought to already exist).
Make sure that a file named authorized_keys (with write privileges) is in that folder. If not, create such a file (using the touch command to create an empty file) while logged into the server as serveruser (i.e. jauntyadmin00):
cd ~/.ssh touch authorized_keys
- Concatenate the newly-generated id_rsa.pub key to the authorized_keys file:
cd ~/.ssh cat authorized_keys id_rsa.pub >> authorized_keys
- Create a test connection:
- Start the X11VNC Server (as above)
- Connect VNC through the SSH tunnel with the commands:
ssh -l jauntyadmin00 -L 5900:127.0.0.1:5900 myjaunty00.dyndns.org -p 22199 vinagre vnc://127.0.0.1
or with a single-line command (which can be placed in a Menu item / shortcut):
ssh -f -l jauntyadmin00 -L 5900:127.0.0.1:5900 myjaunty00.dyndns.org -p 22199 sleep 5; vinagre vnc://127.0.0.1
Note: vinagre -- fullscreen vnc://127.0.0.1 will start the VNC connection in fullscreen mode (but should only be used when connecting from other computers).