SSH

Generate a public and private key for a machine:

ssh-keygen -t rsa

do not put password. Private and public keys are stored in ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub files, respectively.

Copy public key in the remote machine with the command:

cat ~/.ssh/id_rsa.pub | ssh <user_name>@<host/ip_address> 'cat >> .ssh/authorized_keys'

Now login can be performed directly without password.

Remember that in the remote host correct permissions are 700 for the .ssh directory, and 600 for the authorized_keys file.

There are two PCs, the client behind a NAT and the server with a public IP address. We want to access the client from the server.

We can follow the following steps:

• Exchange keys in order to allow the client to login into the server without typing a password.
• Add in the file /etc/network/if-up.d/reverse-ssh-tunnel the following commands

#!/bin/bash
su -c "autossh -f -N -R *:15000:localhost:22 user@remote_host.com"

that are runed on startup and allow the access to the client with the command:

ssh <username>@localhost -p 15000

• Give to the file the execution permission:

sudo chmod +x /etc/network/if-up.d/reverse-ssh-tunnel

The client must have the ability to connect with the server without password. To this extent follow the guide “SSH login without password” at the beginning of the page.