SSH: Difference between revisions

Revision as of 16:05, 16 June 2023

Secure Shell

An encrypted protocol for a remote shell login.

Create a new SSH key

ssh-keygen -t rsa

CHOOSE A STRONG PASSPHRASE, EMPY PASSPHRASE might not be a good idea, but people do it still ;). If someone has access to your machine via social engineering or tech exploit, your key can be stolen and used to login in all the machines and services without password.

Install your SSH key on your server

Manual way

copy your public key, this is the public part of one ssh key, it ends with .pub, like: filename.pub
log into your server
edit this file: $ nano ~/.ssh/authorized_keys
paste your public key (filename.pub) here on a new line

Handy function to put in your shell config

In your shell resource file (~/.zhrc, ~/.bashrc,...) add the following function:

ssh-install-key() {
    cat ~/.ssh/id_rsa.pub | ssh ${1} "cat - >> ~/.ssh/authorized_keys"
}

Now you can install your default key, id_rsa.pub, directly to a target machine:

ssh-install-key username@super.server.nl

Where are my SSH keys stored?

On Linux based distros: /home/<your username>/.ssh

On Mac: /Users/<your username>/.ssh

On Windows: ?

SSH config file

The ssh configuration file makes it a lot simpler to ssh scp or sshfs.

It is especially convenient when you have keys for different servers. It helps you to keep them organized and to ssh into servers with easy to remember shortcuts.

Rather than typing

scp myfile username@host:/path/to/copy/file/to

We can simply do with

scp myfile hostname:/path/to/copy/file/to

Create the file:

nano ~/.ssh/config

insert:

Host hostname // name for the shortcut you use to ssh into the server
User usename // ssh user
Hostname 192.168.10.20 // hostname of the server
Port 22 // this is the default ssh port
Identityfile ~/.ssh/id_rsa // change and make sure this is the path to the location of your keys
Serveraliveinterval 30

Now you can use the short cut to ssh/scp/sshfs to that and any other host in in .ssh/config

using only

ssh username@hostname

or even

ssh hostname

This is an example of a ~/.ssh/config file:

Host superserver
User username
Hostname super.server.nl

Host superserver2
User anotherusername
Hostname super.serverl.nl
Port 12345
ForwardAgent yes

Now when you want to ssh/scp to your server you can just do the following:

ssh superserver

Store your passphrase

Keychain is a software that will keep track of which keys are available in your system and will only ask your passphrase once per session instead. It is a front-end to ssh-add and ssh-agent.

Add the following in your shell resource file:

if [ -e ~/.ssh/id_rsa ]
then
    keychain --quiet --nogui ~/.ssh/id_rsa
    . ~/.keychain/${HOSTNAME}-sh
fi

Now restart your session and you will be prompted, once for your passphrase. After that you can directly ssh/scp to the machines where your installed your key and you will not be prompted for any passwords!

ssh super

SSFS

SSHFS (SSH Filesystem) is a filesystem client for mounting remote directories on your machine, using an SSH connection.

By using it you can access, read, edit files from a remote machine on your local machine, as long as you have an account in the remote machine.

Install

on Debian/Ubuntu

sudo apt update
sudo apt install sshfs

on mac

Use homebrew: If homebrew is not installed run the installation command:

/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"

Once brew is installed, run:

brew cask install osxfuse
brew install sshfs

Mounting the Remote File System with sshfs

sshfs command essential parameters:

sshfs user@host:remote_directory local_mount_directory

How to mount:

Create a directory in your local machine, to be use as a mount point

mkdir ~/remote

Mount host remote directory onto the ~/remote directory

ssh user@host:/full/path/to/remote/dir ~/remote

That's it

How to unmount

To unmount the remote dir from the local directory we use the umount NOT unmount, BUT umount

umount ~/remote