2014-08-24 18:18:18 +01:00
|
|
|
<section xmlns="http://docbook.org/ns/docbook"
|
|
|
|
xmlns:xlink="http://www.w3.org/1999/xlink"
|
|
|
|
xmlns:xi="http://www.w3.org/2001/XInclude"
|
|
|
|
version="5.0"
|
|
|
|
xml:id="sec-ssh">
|
2018-05-02 00:57:09 +01:00
|
|
|
<title>Secure Shell Access</title>
|
2014-08-24 18:18:18 +01:00
|
|
|
|
2018-05-02 00:57:09 +01:00
|
|
|
<para>
|
|
|
|
Secure shell (SSH) access to your machine can be enabled by setting:
|
2014-08-24 18:18:18 +01:00
|
|
|
<programlisting>
|
2018-04-05 09:43:56 +01:00
|
|
|
<xref linkend="opt-services.openssh.enable"/> = true;
|
2014-08-24 18:18:18 +01:00
|
|
|
</programlisting>
|
2018-05-02 00:57:09 +01:00
|
|
|
By default, root logins using a password are disallowed. They can be disabled
|
|
|
|
entirely by setting <xref linkend="opt-services.openssh.permitRootLogin"/> to
|
|
|
|
<literal>"no"</literal>.
|
|
|
|
</para>
|
|
|
|
|
|
|
|
<para>
|
|
|
|
You can declaratively specify authorised RSA/DSA public keys for a user as
|
|
|
|
follows:
|
2014-08-24 18:18:18 +01:00
|
|
|
<!-- FIXME: this might not work if the user is unmanaged. -->
|
|
|
|
<programlisting>
|
2018-04-05 09:43:56 +01:00
|
|
|
<link linkend="opt-users.users._name__.openssh.authorizedKeys.keys">users.extraUsers.alice.openssh.authorizedKeys.keys</link> =
|
2014-08-24 18:18:18 +01:00
|
|
|
[ "ssh-dss AAAAB3NzaC1kc3MAAACBAPIkGWVEt4..." ];
|
|
|
|
</programlisting>
|
2018-05-02 00:57:09 +01:00
|
|
|
</para>
|
2014-08-24 18:18:18 +01:00
|
|
|
</section>
|