1 files changed, 72 insertions, 0 deletions

diff --git a/ssh/README.md b/ssh/README.md
new file mode 100644
index 0000000..aa80f36
--- /dev/null
+++ b/ssh/README.md
@@ -0,0 +1,72 @@
+## Secure Shell (SSH)
+
+### Generate SSH key pair
+
+#### Medium security
+
+    ssh-keygen -b 4096
+
+#### High security
+
+    ssh-keygen -b 16384
+
+### Change private key permissions
+
+    chmod 600 ~/.ssh/id_rsa
+
+### Client usage
+
+To connect to a server, run:
+
+    ssh -p port user@server-address
+
+### Copy SSH key
+
+1. `sudo apt-get install xclip` or `sudo pacman -S xclip`
+2. `xclip -sel clip < ~/.ssh/id_rsa.pub`
+
+### Configuration
+
+The client can be configured to store common options and hosts. All options can be declared globally or restricted to specific hosts. For example:
+
+```
+~/.ssh/config
+
+# host-specific options
+Host myserver
+    HostName server-address
+    Port     port
+
+```
+
+With such a configuration, the following commands are equivalent
+
+`ssh -p port user@server-address`
+
+`ssh myserver`
+
+### Server usage
+
+#### Configuration
+
+The SSH daemon configuration file can be found and edited in /etc/ssh/sshd_config.
+
+To allow access only for some users add this line:
+
+    AllowUsers    user1 user2
+
+To allow access only for some groups:
+
+    AllowGroups   group1 group2
+
+To add a nice welcome message (e.g. from the /etc/issue file), configure the Banner option:
+
+    Banner /etc/issue
+
+#### Securing the authorized_keys file
+
+For additional protection, you can prevent users from adding new public keys and connecting from them.
+
+In the server, make the authorized_keys file read-only for the user and deny all other permissions:
+
+    chmod 400 ~/.ssh/authorized_keys