fedora-docs-l10n/fedora-system-administrat/f29/pages/infrastructure-services/OpenSSH — English @ Fedora Weblate: indexterm:[OpenSSH,using key-based authentication] To improve the system security even further, …

The translation is temporarily closed for contributions due to maintenance, please come back later.
The translation was automatically locked due to following alerts: Could not merge the repository.

Zen

Source string Source string

English

indexterm:[OpenSSH,using key-based authentication] To improve the system security even further, generate SSH key pairs and then enforce key-based authentication by disabling password authentication. To do so, open the `/etc/ssh/sshd_config` configuration file in a text editor such as [application]*vi* or [application]*nano*, and change the [option]`PasswordAuthentication` option as follows:

Needs editing

This translation is currently locked.

Skip

	English	Actions
	indexterm:[OpenSSH,server,stopping] To stop the running [command]#sshd# daemon in the current session, use the following command as `root`:
	~]#{nbsp}systemctl stop sshd.service
	If you want the daemon to start automatically at the boot time, type as `root`:
	~]#{nbsp}systemctl enable sshd.service ln -s '/usr/lib/systemd/system/sshd.service' '/etc/systemd/system/multi-user.target.wants/sshd.service'
	See xref:infrastructure-services/Services_and_Daemons.adoc#ch-Services_and_Daemons[Services and Daemons] for more information on how to configure services in {MAJOROS}.
	Note that if you reinstall the system, a new set of identification keys will be created. As a result, clients who had connected to the system with any of the OpenSSH tools before the reinstall will see the following message:
	@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that the RSA host key has just been changed.
	To prevent this, you can backup the relevant files from the `/etc/ssh/` directory (see xref:OpenSSH.adoc#table-ssh-configuration-configs-system[System-wide configuration files] for a complete list), and restore them whenever you reinstall the system.
	Requiring SSH for Remote Connections
	indexterm:[SSH protocol,insecure protocols]indexterm:[SSH protocol,requiring for remote login] For SSH to be truly effective, using insecure connection protocols should be prohibited. Otherwise, a user's password may be protected using SSH for one session, only to be captured later while logging in using Telnet. Some services to disable include [command]#telnet#, [command]#rsh#, [command]#rlogin#, and [command]#vsftpd#.
	These services are not installed by default in {MAJOROS}. If required, to make sure these services are not running, type the following commands at a shell prompt:
	[command]#systemctl stop telnet.service# [command]#systemctl stop rsh.service# [command]#systemctl stop rlogin.service# [command]#systemctl stop vsftpd.service#
	To disable running these services at startup, type:
	[command]#systemctl disable telnet.service# [command]#systemctl disable rsh.service# [command]#systemctl disable rlogin.service# [command]#systemctl disable vsftpd.service#
	Using Key-based Authentication
	indexterm:[OpenSSH,using key-based authentication] To improve the system security even further, generate SSH key pairs and then enforce key-based authentication by disabling password authentication. To do so, open the `/etc/ssh/sshd_config` configuration file in a text editor such as [application]vi or [application]nano, and change the [option]`PasswordAuthentication` option as follows:
	PasswordAuthentication no
	If you are working on a system other than a new default installation, check that [command]#PubkeyAuthentication no# has not been set. If connected remotely, not using console or out-of-band access, testing the key-based log in process before disabling password authentication is advised.
	To be able to use [command]#ssh#, [command]#scp#, or [command]#sftp# to connect to the server from a client machine, generate an authorization key pair by following the steps below. Note that keys must be generated for each user separately.
	{MAJOROSVER} uses SSH Protocol 2 and RSA keys by default (see xref:OpenSSH.adoc#s2-ssh-versions[Protocol Versions] for more information).
	Do not generate key pairs as root
	If you complete the steps as `root`, only `root` will be able to use the keys.
	Backup your ~/.ssh/ directory
	If you reinstall your system and want to keep previously generated key pairs, backup the `~/.ssh/` directory. After reinstalling, copy it back to your home directory. This process can be done for all users on your system, including `root`.
	Generating Key Pairs
	indexterm:[RSA keys,generating]indexterm:[OpenSSH,RSA keys,generating] To generate an RSA key pair for version 2 of the SSH protocol, follow these steps: indexterm:[OpenSSH,ssh-keygen,RSA]
	Generate an RSA key pair by typing the following at a shell prompt:
	~]${nbsp}ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/USER/.ssh/id_rsa):
	Press kbd:[Enter] to confirm the default location, `~/.ssh/id_rsa`, for the newly created key.
	Enter a passphrase, and confirm it by entering it again when prompted to do so. For security reasons, avoid using the same password as you use to log in to your account.
	After this, you will be presented with a message similar to this:

Loading…

None

Source string added

English 0 characters edited

4 years ago

Browse all string changes

Things to check

Long untranslated

The string has not been translated for a long time

Reset

Glossary

English	English
No related strings found in the glossary.

886166 String information

Source string description

type: Plain text

Flags

read-only

Source string location

./pages/infrastructure-services/OpenSSH.adoc:263

String age

4 years ago

Last updated

a year ago

Source string age

4 years ago

Translation file

pot/f29/pages/infrastructure-services/OpenSSH.pot, string 94

Shortcut	Action
`?`	Open available keyboard shortcuts.
`Alt` + `Home`	Navigate to the first translation in the current search.
`Alt` + `End`	Navigate to the last translation in the current search.
`Alt` + `PageUp` or `Ctrl` + `↑` or `Alt` + `↑` or `Cmd` + `↑` or	Navigate to the last translation in the current search.
`Alt` + `PageDown` or `Ctrl` + `↓` or `Alt` + `↓` or `Cmd` + `↓` or	Navigate to the next translation in the current search.
`Ctrl` + `Enter` or `Cmd` + `Enter`	Submit current form; this works the same as pressing Save and continue while editing translation.
`Ctrl` + `Shift` + `Enter` or `Cmd` + `Shift` +`Enter`	Unmark translation as Needing edit and submit it.
`Alt` + `Enter` or `Option` + `Enter`	Submit the string as a suggestion; this works the same as pressing Suggest while editing translation.
`Ctrl` + `E` or `Cmd` + `E`	Focus on translation editor.
`Ctrl` + `U` or `Cmd` + `U`	Focus on comment editor.
`Ctrl` + `M` or `Cmd` + `M`	Shows Automatic suggestions tab.
`Ctrl` + `1` to `Ctrl` + `9` or `Cmd` + `1` to `Cmd` + `9`	Copies placeable of a given number from source string.
`Ctrl` + `M` followed by `1` to `9` or `Cmd` + `M` followed by `1` to `9`	Copy the machine translation of a given number to current translation.
`Ctrl` + `I` followed by `1` to `9` or `Cmd` + `I` followed by `1` to `9`	Ignore one item in the list of failing checks.
`Ctrl` + `J` or `Cmd` + `J`	Shows the Nearby strings tab.
`Ctrl` + `S` or `Cmd` + `S`	Focus on search field.
`Ctrl` + `O` or `Cmd` + `O`	Copy the source string.
`Ctrl` + `Y` or `Cmd` + `Y`	Toggle the Needs editing checkbox.
`→`	Browse the next translation string.
`←`	Browse the previous translation string.