Goals of SSH Configuration and Use
The following flowchart shows the steps involved in making a trustworthy yet still convenient SSH connection.
|User logs in on a client desktop system and an SSH agent is started.|
|User types SSH key passphrase and enables single-sign-on.|
|User requests a connection to a remote SSH server.|
|Client and server hosts authenticate to each other. They have been configured to do this in a trustworthy way, rather than asking the user an impossible-to-answer question about server SSH keys to which the user will simply answer "yes".|
|Client and server hosts negotiate a cipher and session key|
|The user is connected using cryptographic authentication. There is no need to type the password on the remote server.|
The remote server can apply access control rules when the connection is first requested, and also during the attempted authentication request.
All this is easy to set up if done according to a well organized plan. Start with Step 1 below to see how to configure and use SSH securely: