OpenSSH
Server Configuration
OpenSSH requires that users be in the ssh-users group to login.
A public key is recommended, but not required.
# A barebones sshd_config PermitRootLogin no PasswordAuthentication no UsePAM no PrintMotd no PrintLastLog no Subsystem sftp /usr/lib64/misc/sftp-server AllowGroups ssh-users
User Configuration
Don't hash known_hosts so that bash completion will work. Add to ~/.ssh/config:
HashKnownHosts no
Decide which public key to use. Also see this.
IdentityFile ~/.ssh/id_rsa
OS X
SSHD must be enabled in System Preferences > Sharing with service Remote Login enabled. A firewall rule must allow access on port 22 as well, which can be setup in System Preferences > Security > Firewall > Advanced with the following configuration:
- Block all incoming connections (unchecked)
- Remote Login (SSH) - Allow incoming connections
The config file for OS X for SSHD is located at /etc/sshd_config
Add these lines to the config file:
PermitRootLogin no PasswordAuthentication no UsePAM no AllowUsers <user-name>
Then restart the SSH server manually from Terminal:
launchctl stop com.openssh.sshd launchctl start com.openssh.sshd
Building from Source
Use the local copy of OpenSSL:
./configure --with-ssl-dir=/usr/local
If looking for ssh-copy-id, it will be in the contrib directory.
