SSH: Difference between revisions
No edit summary |
No edit summary |
||
Line 5: | Line 5: | ||
See [[wikipedia:Secure shell]] | See [[wikipedia:Secure shell]] | ||
== Create a new SSH key == | |||
<syntaxhighlight lang="bash"> | |||
ssh-keygen -t rsa | |||
</syntaxhighlight> | |||
'''CHOOSE A STRONG PASSPHRASE, EMPY PASSPHRASE might not be a good idea, but people do it still ;)'''. If someone has access to your machine via social engineering or tech exploit, your key can be stolen and used to login in all the machines and services without password. | |||
== Install your SSH key on your server == | |||
=== Manual way === | |||
# copy your public key, this is the public part of one ssh key, it ends with <code>.pub</code>, like: <code>filename.pub</code> | |||
# log into your server | |||
# edit this file: <code>$ nano ~/.ssh/authorized_keys</code> | |||
# paste your public key (<code>filename.pub</code>) here on a new line | |||
=== Handy function to put in your shell config === | |||
In your shell resource file (~/.zhrc, ~/.bashrc,...) add the following function: | |||
<syntaxhighlight lang="bash"> | |||
ssh-install-key() { | |||
cat ~/.ssh/id_rsa.pub | ssh ${1} "cat - >> ~/.ssh/authorized_keys" | |||
} | |||
</syntaxhighlight> | |||
Now you can install your '''default''' key, id_rsa.pub, directly to a target machine: | |||
<syntaxhighlight lang="bash"> | |||
ssh-install-key username@super.server.nl | |||
</syntaxhighlight> | |||
==Where are my SSH keys stored?== | |||
On Linux based distros: ''/home/<your username>/.ssh'' | |||
On Mac: ''Users/<your username>/.ssh'' on MacOS. | |||
== SSH config file == | |||
'''The ssh configuration file makes it a lot simpler to ssh scp or sshfs. | '''The ssh configuration file makes it a lot simpler to ssh scp or sshfs. | ||
It is especially convenient when you have keys for different servers. It helps you to keep them organized and to ssh into servers with easy to remember shortcuts. | It is especially convenient when you have keys for different servers. It helps you to keep them organized and to ssh into servers with easy to remember shortcuts. | ||
''' | ''' | ||
Rather than typing | Rather than typing | ||
Line 22: | Line 58: | ||
scp myfile hostname:/path/to/copy/file/to | scp myfile hostname:/path/to/copy/file/to | ||
Create the file: | |||
nano ~/.ssh/config | nano ~/.ssh/config | ||
insert: | insert: | ||
<pre> | <pre> | ||
Host hostname // name for the shortcut you use to ssh into the server | Host hostname // name for the shortcut you use to ssh into the server | ||
Line 50: | Line 81: | ||
or even | or even | ||
ssh hostname | ssh hostname | ||
<pre> | |||
Host super | |||
User username | |||
Hostname super.server.nl | |||
Host super2 | |||
User anotherusername | |||
Hostname super.serverl.nl | |||
Port 12345 | |||
ForwardAgent yes | |||
</pre> | |||
Now when you want to ssh/scp to your server you can just do the following: | |||
<syntaxhighlight lang="bash"> | |||
ssh super | |||
</syntaxhighlight> | |||
== Store your passphrase == | |||
Keychain is a software that will keep track of which keys are available in your system and will only ask your passphrase once per session instead. It is a front-end to ssh-add and ssh-agent. | |||
Add the following in your shell resource file: | |||
<syntaxhighlight lang="bash"> | |||
if [ -e ~/.ssh/id_rsa ] | |||
then | |||
keychain --quiet --nogui ~/.ssh/id_rsa | |||
. ~/.keychain/${HOSTNAME}-sh | |||
fi | |||
</syntaxhighlight> | |||
Now restart your session and you will be prompted, once for your passphrase. After that you can directly ssh/scp to the machines where your installed your key and you will not be prompted for any passwords! | |||
<syntaxhighlight lang="bash"> | |||
ssh super | |||
</syntaxhighlight> | |||
==SSFS== | ==SSFS== | ||
{{:Sshfs}} | {{:Sshfs}} |
Revision as of 15:03, 16 June 2023
Secure Shell
An encrypted protocol for a remote shell login.
Create a new SSH key
ssh-keygen -t rsa
CHOOSE A STRONG PASSPHRASE, EMPY PASSPHRASE might not be a good idea, but people do it still ;). If someone has access to your machine via social engineering or tech exploit, your key can be stolen and used to login in all the machines and services without password.
Install your SSH key on your server
Manual way
- copy your public key, this is the public part of one ssh key, it ends with
.pub
, like:filename.pub
- log into your server
- edit this file:
$ nano ~/.ssh/authorized_keys
- paste your public key (
filename.pub
) here on a new line
Handy function to put in your shell config
In your shell resource file (~/.zhrc, ~/.bashrc,...) add the following function:
ssh-install-key() {
cat ~/.ssh/id_rsa.pub | ssh ${1} "cat - >> ~/.ssh/authorized_keys"
}
Now you can install your default key, id_rsa.pub, directly to a target machine:
ssh-install-key username@super.server.nl
Where are my SSH keys stored?
On Linux based distros: /home/<your username>/.ssh
On Mac: Users/<your username>/.ssh on MacOS.
SSH config file
The ssh configuration file makes it a lot simpler to ssh scp or sshfs.
It is especially convenient when you have keys for different servers. It helps you to keep them organized and to ssh into servers with easy to remember shortcuts.
Rather than typing
scp myfile username@host:/path/to/copy/file/to
We can simply do with
scp myfile hostname:/path/to/copy/file/to
Create the file:
nano ~/.ssh/config
insert:
Host hostname // name for the shortcut you use to ssh into the server User usename // ssh user Hostname 192.168.10.20 // hostname of the server Port 22 // this is the default ssh port Identityfile ~/.ssh/id_rsa // change and make sure this is the path to the location of your keys Serveraliveinterval 30
Now you can use the short cut to ssh/scp/sshfs to that and any other host in in .ssh/config
using only
ssh username@hostname
or even
ssh hostname
Host super User username Hostname super.server.nl Host super2 User anotherusername Hostname super.serverl.nl Port 12345 ForwardAgent yes
Now when you want to ssh/scp to your server you can just do the following:
ssh super
Store your passphrase
Keychain is a software that will keep track of which keys are available in your system and will only ask your passphrase once per session instead. It is a front-end to ssh-add and ssh-agent.
Add the following in your shell resource file:
if [ -e ~/.ssh/id_rsa ]
then
keychain --quiet --nogui ~/.ssh/id_rsa
. ~/.keychain/${HOSTNAME}-sh
fi
Now restart your session and you will be prompted, once for your passphrase. After that you can directly ssh/scp to the machines where your installed your key and you will not be prompted for any passwords!
ssh super
SSFS
SSHFS (SSH Filesystem) is a filesystem client for mounting remote directories on your machine, using an SSH connection.
By using it you can access, read, edit files from a remote machine on your local machine, as long as you have an account in the remote machine.
Install
on Debian/Ubuntu
sudo apt update sudo apt install sshfs
on mac
Use homebrew:
brew cask install osxfuse brew install sshfs
If homebrew is not installed, run the installation command:
/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
Mounting the Remote File System with sshfs
sshfs command essential parameters:
sshfs user@host:remote_directory local_mount_directory
How to mount:
Create a directory in your local machine, to be use as a mount point
mkdir ~/remote
Mount host remote directory onto the ~/remote directory
ssh user@host:/full/path/to/remote/dir ~/remote
That's it
How to unmount
To unmount the remote dir from the local directory we use the umount
NOT unmount, BUT umount
umount ~/remote