SSH
Secure Shell
An encrypted protocol for a remote shell login.
Create a new SSH key
$ ssh-keygen -t ed25519
They key you just created, has a private and a public part:
- private: id_ed25519
- public: id_ed25519.pub
IMPORTANT: only share the public part, never the private!!
Install your SSH key on a server
Manual way
- copy your public key, this is the public part of one ssh key, it ends with
.pub
, like:filename.pub
- log into your server
- edit this file:
$ nano ~/.ssh/authorized_keys
- paste your public key (the output of
$ cat id_ed25519.pub
) here on a new line
Handy command that does the same (linux/mac only)
$ ssh-copy-id username@ip-address
Where are my SSH keys stored?
- linux:
/home/USER/.ssh/
- mac:
/Users/USER/.ssh/
- windows:
C:\Users\USER\.ssh\
SSH config file
The ssh configuration file makes it a lot simpler to ssh scp or sshfs.
It is especially convenient when you have keys for different servers. It helps you to keep them organized and to ssh into servers with easy to remember shortcuts.
Rather than typing
$ scp myfile username@host:/path/to/copy/file/to
We can simply do with
$ scp myfile hostname:/path/to/copy/file/to
Create the file:
$ nano ~/.ssh/config
insert:
Host hostname // name for the shortcut you use to ssh into the server User usename // ssh user Hostname 192.168.10.20 // hostname of the server Port 22 // this is the default ssh port Identityfile ~/.ssh/id_rsa // change and make sure this is the path to the location of your keys Serveraliveinterval 30
Now you can use the short cut to ssh/scp/sshfs to that and any other host in in .ssh/config
using only
$ ssh hostname
This is an example of a ~/.ssh/config
file:
Host superserver User username Hostname super.server.nl Host superserver2 User anotherusername Hostname super.serverl.nl Port 12345 ForwardAgent yes
Now when you want to ssh/scp to your server you can just do the following:
$ ssh superserver
Store your passphrase (optional)
Keychain is a software that will keep track of which keys are available in your system and will only ask your passphrase once per session instead. It is a front-end to ssh-add and ssh-agent.
Add the following in your shell resource file:
if [ -e ~/.ssh/id_rsa ]
then
keychain --quiet --nogui ~/.ssh/id_rsa
. ~/.keychain/${HOSTNAME}-sh
fi
Now restart your session and you will be prompted, once for your passphrase. After that you can directly ssh/scp to the machines where your installed your key and you will not be prompted for any passwords!
See also
- SSHFS: mount a server and access it through your filesystem!
- SSH proxy jump: jump from one server to another using SSH