Create the RSA Key Pair [client]
ssh-keygen -t rsa
Copy the Public Key [client to server]
ssh-copy-id user@ip
Copy the RSA key from [client]
~/.ssh/id_rsa.pub
Create these [server]
mkdir ~/.ssh
chmod 700 ~/.ssh
touch ~/.ssh/authorized_keysput the key in authorized_keys [server]
Config location
sudo nano /etc/ssh/sshd_config
Make sure pubkey auth is enabled
PubkeyAuthentication yes
Disable password auth
PasswordAuthentication no
make sure you test that the publickey works before you disable password auth, otherwise you can't login
you can add address restrictions to use password auth from local addresses [end of the file]
Match Address 192.168.1.*
PasswordAuthentication yesyou can add more address ranges using a comma
Match Address 192.168.1.*,192.168.2.*,
PasswordAuthentication yesreload service
sudo systemctl reload sshd.service
ssh -N -L 8888:127.0.0.1:80 -i KEYFILE username@hostname
This will map remote:80 to 127.0.0.1:8888
Putty and moba will work with windows for creating tunnels https://mobaxterm.mobatek.net/