Kapisi/roles/SSH/README.md
2022-03-25 06:08:12 -05:00

1.8 KiB

Remote access is important in the AniNIX, and so we support the use of the OpenSSH protocol to supporting hosts.

Etymology

SSH is named for the protocol on which it's built. It's so ubiquitous that we don't rename it.

Relevant Files and Software

Most of this service's configuration lives in sshd_config as specified in sshd_config(5). This includes match statements on what groups are allowed to connect, allowed protocols, and somewhat importantly the ForceCommand directives that hold certain users captive to specific operations.

VNC and X11 forwarding can be used over SSH to allow graphical clients. X11 forwarding without SSH compression is generally slower. To allow VNC, log in over SSH and forward remote port 5901 to localhost port 5901. Start the VNC server on the remote, and use a VNC viewer like tightVNC portable to view the remote desktop.

This role does expect that you have a public key in your .ssh folder named deploy.pub. This public key will be put on all servers, and as such it is intrinsically necessary that there be a passphrase on the private key to protect it from compromise. AniNIX/ShadowArch will provide a convenient service file to wrap the ssh-agent service for you to make working with this key easier.

Available Clients

  • Mac has a native client in their Terminal application.
  • Windows users should use Git Bash.
  • Linux users can install openssh.
  • Android users can use AdminHands.