Skip to main content

SSH

ssh public key auth

  • generate key: ssh-keygen

  • copy ssh key to remote:

    • windows: type $env:{userProfile}\.ssh\id_rsa.pub | ssh -p{port} {user@serverAddress} "cat >> .ssh/authorized_keys"
    • linux: ssh-copy-id -i {userHome}/.ssh/id_rsa.pub -p{port} {user@serverAddress}

  • try login: ssh -p{port} {user@serverAddress}

  • the public key should now be on in the file ~/.ssh/authorized_keys on the server

workflow

add your key to a single server

  • create keys

    • on linux use ssh-keygen -t rsa -b 4096 -C "{name or mail}"
    • create a public/private RSA key
    • use a passphrase
    • identification / private key: ~/.ssh/id_rsa
    • public key: ~/.ssh/id_rsa.pub

  • copy ssh key to remote:

    • windows: type $env:{userProfile}\.ssh\id_rsa.pub | ssh -p{port} {user@serverAddress} "cat >> .ssh/authorized_keys"
    • linux: ssh-copy-id -i {userHome}/.ssh/id_rsa.pub -p{port} {user@serverAddress}

  • try login: ssh -p{port} {user@serverAddress}

ssh basics

keys

generating using openSSH

  • ssh-keygen -t rsa -b 4096 -C "{name or mail}"

    • -t rsa
    • -b 4096
    • -C "{name or mail}

  • save your public key, private key and passphrase on a save place

upload key

  • ssh-copy-id -i ~/.ssh/id_rsa -p222 user@host

    • -i ~/.ssh/id_rsa
    • -p222
    • user@host

  • windows: type $env:USERPROFILE\.ssh\id_rsa.pub | ssh {IP-ADDRESS-OR-FQDN} "cat >> .ssh/authorized_keys"

restore keys (on a new pc)

  • copy id_rsa and id_rsa.pub to ~/.ssh/
  • set correect permissions sudo chmod 400 ~/.ssh/id_rsa*

files

server side

config file

parts of /etc/ssh/sshd_config:

Port = 22   # self explaining
PermitRootLogin = no   # should be 'no'
PasswordAuthentication no   # disallow Username-Password login
ClientAliveInterval 300   # inactivity time period after which the server send an alive message
ClientAliveCountMax 3   # number of attempts the server will make
auth keys authorized_keys

https://www.ssh.com/academy/ssh/authorized-keys-file https://www.ssh.com/academy/ssh/authorized-keys-openssh

  • server side
  • list of pub keys

client side

config (client side)

  • before client config: ssh john@dev.example.com -p 2322

  • edit client config ~/.ssh/config:

    Host devNetcup
    HostName dev.example.com
    User john

Host *Netcup
    Port 222

Host *
    ForwardAgent yes
    ServerAliveInterval 300

  • after client config: ssh dev

ssh agent

eval `ssh-agent -s`
ssh-add
Back to top