Openssh, laymans guide required

Hi, this subject has always been "as clear as mud" to me. Thus remain on first base.

I read Seeni’s recent tutorial, via this months itsFoss e-mail, it demysified some elements.

I’ve installed openssh-client and openssh-server and it suggested the following packages, molly-guard, monkeysphere, rssh and ssh-askpass.

In turn they wanted extra packages: (usually I would go with the first lot suggestions/recommendations, but ignorance and the potential to compromise my system, to err). Necessary dependencies?

$ sudo apt install molly-guard monkeysphere rssh ssh-askpass

Reading package lists… Done

Building dependency tree

Reading state information… Done

The following additional packages will be installed:

libcrypt-openssl-bignum-perl libcrypt-openssl-rsa-perl

Suggested packages:

monkeysphere-validation-agent cvs makejail rdist subversion

Recommended packages:


The following NEW packages will be installed:

libcrypt-openssl-bignum-perl libcrypt-openssl-rsa-perl molly-guard monkeysphere rssh ssh-askpass

0 upgraded, 6 newly installed, 0 to remove and 0 not upgraded.

Need to get 222 kB of archives.

After this operation, 744 kB of additional disk space will be used.

Do you want to continue? [Y/n] n


I wish to achieve a secure local link between my desktop and laptop to sync my data, have no immediate plans to transmit beyond my routers local network, until I’m well versed in the techniques required to do this securely.

1 Like

The basic use of ssh is to open a command-line onto a remote machine. There’s not a huge amount to know for that: you need an ssh server (sshd) running on the remote machine & the ssh client (ssh) on your local machine. And if that’s all you want to do, then you’re pretty much there. There’s a variable amount of configuration depending on what you want to do & it is all pretty ugly but not difficult.

And if that’s the main thing you want to achieve then I would recommend going an extra step and installing mosh, which builds on top of ssh to give yourself a connection that persists past loss of network.

Could you be more specific about what you would like to achieve?

1 Like

Hi sfkleach,

Thanks for the reply.

Specifics: sync the data between my desktop and laptop. *

Once I’ve grasped the local set up, there are some remote projects I want to attempt. I maintain a few friends & family computers and it is not always convenient to go to their home.

I like to use Gnome boxes remote facility for this purpose. Team Viewer equals Microsoft, and would prefer not to go along this path.

I spend a frustrating evening, yesterday, making a complete XXXXX up. Again.


Additional edit

Specifics: NAS project using openvault, could set up system (have repurposed machine for this project, 3TB NAS disk), could not connect.?

1 Like

… or openmediavault?

Ah righty. So the old-school way (my way) of doing this is indeed to set up ssh and then use rsync over shh to do the sync. I am guessing that this is sort of along the lines you need. WARNING - I don’t do this every day or anything, so I tend to just work my way through logically. This is a summary of how I usually do it.

To do that: you set up sshd on the desktop and will run rsync from your laptop, probably on a timer or something like that. I am guessing you’re using a fairly modern Debian-based Linux from the fact you are using “apt” - is that right? I would have guessed that on your desktop all you needed was:

apt install -y openssh openssh-server rsync

and on your laptop

apt install -y openssh rsync

Unfortunately it’s a bit difficult for me to test - I would need to use a container & they all have ssh set up as a server already :frowning:

The next step is that you EITHER need to create a private key OR tweak the sshd setup to allow passwords. My own preferred route, 'cos I only do this once every few years & have to re-learn it every time, is to tweak the setup to allow passwords. Once I have it working I go back to fix it to work with private keys. So I start by allowing password authentication in /etc/ssh/sshd_config for my user “itsme”:

Match User itsme
    PasswordAuthentication yes

Then I restart the sshd service because these services are written by folk whose lost their sense of perspective of what makes a service work properly a loooong time ago. The approved recipe for restarting services varies from system to system and is written for fashion reasons every six months. It’s probably:

sudo service restart sshd

Then I try connecting from a terminal on the desktop to itself! Because you don’t want to bash your head against firewall issues before you get it working locally. This usually involves persuading the sshd to allow my normal account permission to use ssh. I usually just allow PAMAuthentication. Again editing /etc/ssh/sshd_config

UsePAM yes

And then I keep plugging away until I have successfully logged in from the desktop to the desktop with …

ssh itsme@localhost

Once that is working I then try the same command from my laptop. And at that point I probably find that I need to punch a hole through the firewall, which is pretty tedious. What you have to do there is totally distribution dependent.

After that, it’s usually plain sailing. As this is a LAN based thing, you could just carry on with passwords. But most people want to run with private keys. So you generate an RSA private key … there’s a nice description here:

This also creates a public key. That’ll be called something like: The ‘pub’ part tells you its the public bit that can be safely shared. So you move that part onto your desktop (using scp at this point!) and then stuff it in the right folder - which rather depends on the version of ssh. You probably want to put it somewhere like ~itsme/.ssh/authorized_keys2 on the desktop because that’s where the ssh-daemon is gonna look for the authorized-keys of the account itsme.

Then it is the rigmarole of switching off Password Authentication (comment out the line in /etc/sshd/sshd_config) and seeing if you can log in from your laptop still.

If you can, basically you are sorted. At which point I reach for Evernote and I write down exactly what I did. The recipe is usually stale after a year but it helps me get up and running next time.


Ah my homework project. :thinking:

Thank you for your detailed reply, hopefully this time next year, think issue, what issue. :grinning:


guessing you’re using a fairly modern Debian-based Linux from the fact you are using “apt” - is that right?

I’m using Debian Stretch on the laptop and Manjaro on the desktop.

1 Like

You can also consider ssh-copy-id itsme@[laptop]. This copies the key to the remote and sets it to active.
When you are done, the remote should stop asking for passwords and you can turn off password authentication.

If you want a simpler name for the host, put this in ~/.ssh/config

Host Mom_laptop
User Mom
Hostname [Mom’s IP or address or hostname]
Port 22
IdentityFile ~/.ssh/
PreferredAuthentications publickey
ControlMaster auto
ControlPath /tmp/%r%h:%p
ControlPersist 1h

May make things simpler.

1 Like

Thanks for the suggestion, sounds a useful idea. :grinning: