Generate a public and private key for a machine:
ssh-keygen -t rsa
do not put password. Private and public keys are stored in ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub files, respectively.
Copy public key in the remote machine with the command:
cat ~/.ssh/id_rsa.pub | ssh <user_name>@<host/ip_address> 'cat >> .ssh/authorized_keys'
Now login can be performed directly without password.
Remember that in the remote host correct permissions are 700
for the .ssh
directory, and 600
for the authorized_keys
file.
There are two PCs, the client behind a NAT and the server with a public IP address. We want to access the client from the server.
We can follow the following steps:
#!/bin/bash su -c "autossh -f -N -R *:15000:localhost:22 user@remote_host.com"
that are runed on startup and allow the access to the client with the command:
ssh <username>@localhost -p 15000
sudo chmod +x /etc/network/if-up.d/reverse-ssh-tunnel
The client must have the ability to connect with the server without password. To this extent follow the guide “SSH login without password” at the beginning of the page.