OpenSSH is a freely available version of the Secure Shell (SSH) protocol family of tools for remotely controlling, or transferring files between, computers. The OpenSSH server component, sshd, listens continuously for client connections from any of the client tools. When a connection request occurs, sshd sets up the correct connection depending on the type of client tool connecting. For example, if the remote computer is connecting with the ssh client application, the OpenSSH server sets up a remote control session after authentication. If a remote user connects to an OpenSSH server with scp, the OpenSSH server daemon initiates a secure copy of files between the server and client after authentication. OpenSSH can use many authentication methods, including plain password, public key, and Kerberos tickets.

Installation

Installation of the OpenSSH client and server applications is simple. To install the OpenSSH client applications on your Ubuntu system, use this command at a terminal prompt:

      sudo apt-get install openssh-client


To install the OpenSSH server application, and related support files, use this command at a terminal prompt:

     sudo apt-get install openssh-server

Configuration

Prior to editing the configuration file, you should make a copy of the original file and protect it from writing so you will have the original settings as a reference and to reuse as necessary. Copy the /etc/ssh/sshd_config file and protect it from writing with the following commands, issued at a terminal prompt:

    sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.original

    sudo chmod a-w /etc/ssh/sshd_config.original

1. To set your OpenSSH to listen on TCP port 2222 instead of the default TCP port 22, change the Port directive as such: Port 2222

2. To have sshd allow public key-based login credentials, simply add or modify the line: PubkeyAuthentication yes.If the line is already present, then ensure it is not commented out.

3. To make your OpenSSH server display the contents of the /etc/issue.net file as a pre-login banner, simply add or modify the line: Banner /etc/issue.net. In the /etc/ssh/sshd_config file. After making changes to the /etc/ssh/sshd_config file, save the file, and restart the sshd server application to effect the changes using the following command at a terminal prompt:

After you have edited the config files for each of the 3 new sites you need to tell Apache to start serving the new domains and stop serving the default. From a terminal window run the following commands:

     sudo service ssh restart

SSH Keys

SSH keys allow authentication between two hosts without the need of a password. SSH key authentication uses two keys, a private key and a public key.To generate the keys, from a terminal prompt enter:

     ssh-keygen -t dsa

This will generate the keys using the Digital Signature Algorithm (DSA) method. During the process you will be prompted for a password. Simply hit Enter when prompted to create the key.

By default the public key is saved in the file ~/.ssh/id_dsa.pub, while ~/.ssh/id_dsa is the private key. Now copy the id_dsa.pub file to the remote host and append it to ~/.ssh/authorized_keys by entering:

     sh-copy-id username@remotehost

Finally, double check the permissions on the authorized_keys file, only the authenticated user should have read and write permissions. If the permissions are not correct change them by:

     chmod 600 .ssh/authorized_keys

You should now be able to SSH to the host without being prompted for a password.