SSH: Difference between revisions

From XPUB & Lens-Based wiki
No edit summary
 
(11 intermediate revisions by the same user not shown)
Line 1: Line 1:
Secure Shell
<noinclude>
=Secure Shell=


An encrypted protocol for a remote shell login.
An encrypted protocol for a remote shell login.


See [[wikipedia:Secure shell]]
See [[wikipedia:Secure shell]]
</noinclude>


== Create a new SSH key ==
== Create a new SSH key ==


<syntaxhighlight lang="bash">
$ ssh-keygen -t ed25519
ssh-keygen -t ed25519
 
</syntaxhighlight>
They key you just created, has a '''private''' and a '''public''' part:
 
* private: id_ed25519
* public: id_ed25519.pub


'''CHOOSE A STRONG PASSPHRASE, EMPY PASSPHRASE might not be a good idea, but people do it still ;)'''. If someone has access to your machine via social engineering or tech exploit, your key can be stolen and used to login in all the machines and services without password.
'''IMPORTANT''': only share the public part, never the private!!


== Install your SSH key on your server ==
== Install your SSH key on a server ==


=== Manual way ===
=== Manual way ===
Line 20: Line 26:
# log into your server
# log into your server
# edit this file: <code>$ nano ~/.ssh/authorized_keys</code>
# edit this file: <code>$ nano ~/.ssh/authorized_keys</code>
# paste your public key (<code>filename.pub</code>) here on a new line
# paste your public key (the output of <code>$ cat id_ed25519.pub</code>) here on a new line


=== Handy command that does the same (linux/mac only)===
=== Handy command that does the same (linux/mac only)===
Line 28: Line 34:
==Where are my SSH keys stored?==
==Where are my SSH keys stored?==


On Linux based distros: <code>/home/<your username>/.ssh</code>
* linux: <code>/home/USER/.ssh/</code>
 
* mac: <code>/Users/USER/.ssh/</code>
On Mac: <code>/Users/<your username>/.ssh</code>
* windows: <code>C:\Users\USER\.ssh\</code>
 
On Windows: ?


== SSH config file ==
== SSH config file ==
Line 43: Line 47:
Rather than typing
Rather than typing


  scp myfile username@host:/path/to/copy/file/to
  $ scp myfile username@host:/path/to/copy/file/to


We can simply do with  
We can simply do with  
   
   
  scp myfile hostname:/path/to/copy/file/to
  $ scp myfile hostname:/path/to/copy/file/to


Create the file:
Create the file:


  nano ~/.ssh/config
  $ nano ~/.ssh/config


insert:
insert:
Line 67: Line 71:


using only  
using only  
  ssh username@hostname
  $ ssh hostname
 
or even
ssh hostname


This is an example of a <code>~/.ssh/config</code> file:
This is an example of a <code>~/.ssh/config</code> file:
Line 89: Line 90:


<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
ssh superserver
$ ssh superserver
</syntaxhighlight>
</syntaxhighlight>


Line 106: Line 107:


Now restart your session and you will be prompted, once for your passphrase. After that you can directly ssh/scp to the machines where your installed your key and you will not be prompted for any passwords!
Now restart your session and you will be prompted, once for your passphrase. After that you can directly ssh/scp to the machines where your installed your key and you will not be prompted for any passwords!
<syntaxhighlight lang="bash">
ssh super
</syntaxhighlight>
 
==SSFS==
{{:Sshfs}}


==See also==
==See also==


* [[SSH proxy jump]]
* [[SSHFS]]: mount a server and access it through your filesystem!
* [[SSH proxy jump]]: jump from one server to another using SSH
* [[Scp|scp]]: upload files to a server using the terminal


[[Category:Cookbook]]
[[Category:Cookbook]]

Latest revision as of 10:40, 21 October 2024

Secure Shell

An encrypted protocol for a remote shell login.

See wikipedia:Secure shell


Create a new SSH key

$ ssh-keygen -t ed25519

They key you just created, has a private and a public part:

  • private: id_ed25519
  • public: id_ed25519.pub

IMPORTANT: only share the public part, never the private!!

Install your SSH key on a server

Manual way

  1. copy your public key, this is the public part of one ssh key, it ends with .pub, like: filename.pub
  2. log into your server
  3. edit this file: $ nano ~/.ssh/authorized_keys
  4. paste your public key (the output of $ cat id_ed25519.pub) here on a new line

Handy command that does the same (linux/mac only)

$ ssh-copy-id username@ip-address

Where are my SSH keys stored?

  • linux: /home/USER/.ssh/
  • mac: /Users/USER/.ssh/
  • windows: C:\Users\USER\.ssh\

SSH config file

The ssh configuration file makes it a lot simpler to ssh scp or sshfs.

It is especially convenient when you have keys for different servers. It helps you to keep them organized and to ssh into servers with easy to remember shortcuts.

Rather than typing

$ scp myfile username@host:/path/to/copy/file/to

We can simply do with

$ scp myfile hostname:/path/to/copy/file/to

Create the file:

$ nano ~/.ssh/config

insert:

Host hostname // name for the shortcut you use to ssh into the server
User usename // ssh user
Hostname 192.168.10.20 // hostname of the server
Port 22 // this is the default ssh port
Identityfile ~/.ssh/id_rsa // change and make sure this is the path to the location of your keys
Serveraliveinterval 30

Now you can use the short cut to ssh/scp/sshfs to that and any other host in in .ssh/config

using only

$ ssh hostname

This is an example of a ~/.ssh/config file:

Host superserver
User username
Hostname super.server.nl

Host superserver2
User anotherusername
Hostname super.serverl.nl
Port 12345
ForwardAgent yes

Now when you want to ssh/scp to your server you can just do the following:

$ ssh superserver

Store your passphrase (optional)

Keychain is a software that will keep track of which keys are available in your system and will only ask your passphrase once per session instead. It is a front-end to ssh-add and ssh-agent.

Add the following in your shell resource file:

if [ -e ~/.ssh/id_rsa ]
then
    keychain --quiet --nogui ~/.ssh/id_rsa
    . ~/.keychain/${HOSTNAME}-sh
fi

Now restart your session and you will be prompted, once for your passphrase. After that you can directly ssh/scp to the machines where your installed your key and you will not be prompted for any passwords!

See also

  • SSHFS: mount a server and access it through your filesystem!
  • SSH proxy jump: jump from one server to another using SSH
  • scp: upload files to a server using the terminal