A way of securely and remotely connecting to another computer over tcp.
Common command form
ssh user@<server-or-ip> -p <portnum> -i <identity/file/path>
you can run a single command on a remote machine like this
ssh user@server 'command'
for example:
ssh danaukes@mycomputer 'echo "Hello World">>test.txt'
-p: port number-i: identity path file-v / -vv / -vvv / -vvvv: levels of “verbosity”-o: options you can specifyYou can configure your ssh client on a per-server basis with the .ssh/config file
Note: this is an example, don’t just copy/paste
Below we see an example
Host <name or *>
# if you want to restrict your ssh client to only using keys
IdentitiesOnly yes
# supply the default path to your identity file (key)
IdentityFile <path/to/new_file>
# default username
User <username>
#
ForwardAgent yes # set this option carefully
AddKeysToAgent yes # set this option carefully
...many other options
The first entry to match will be used, so make sure you put more general rules, such as Host * at the end.
you can find more info here:
or by typing
man ssh_config
Use a key like “ed25519”
ssh-keygen -t ed25519 -f <path/to/key>
Select a passphrase
print the public key:
cat <path/to/key>.pub
add your key(s) to authorized keys:
There are many ways you can do this. You can copy the key directly:
cat <path/to/key>.pub >> ~/.ssh/authorized_keys
edit the file and paste in the text:
sudo nano ~/.ssh/authorized_keys
or distribute your key to another server with ssh-copy-id
ssh-copy-id -f -i <path/to/your/key>.pub user@server
you can also use a ssh one-liner:
cat <path/to/your/key>.pub | \
ssh <user_name>@<hostname-or-ip> 'cat >> .ssh/authorized_keys'
These options are useful defaults setting up your client.
```txt
Host *
IdentitiesOnly yes
IdentityFile [path/to/new_file]
ForwardAgent yes
AddKeysToAgent yes
User <user>
```
It is important when you work with files related to secure communications, that you make it impossible for others to access your ssh keys and configuration settings
chmod 700 ~/.ssh # the .ssh directory itself
chmod 600 ~/.ssh/* # by default all the files in .ssh
chmod 644 ~/.ssh/*.pub # change public key permissions
chmod 750 $HOME
https://superuser.com/questions/215504/permissions-on-private-key-in-ssh-folder
To accept incoming ssh connections, install openssh-server
sudo apt install -y openssh-server
systemctl can be used to control your server. To enable the service so that it starts with your computer, type
sudo systemctl enable ssh
The next time your computer starts, it will start. To start it immediately, type
sudo systemctl start ssh
sudo systemctl stop ssh
sudo systemctl disable ssh
sudo systemctl reload ssh
sudo systemctl restart ssh
Configuring your ssh server is done in the
/etc/ssh/sshd_config file and in the
/etc/ssh/sshd_config.d/ directory.
If your server is running, you can get the current configuration with
sshd -T
ssh-add is the “agent” that manages the keys currently available to use.
ssh-add -l
ssh-add -D
if you want to change the passphrase associated with an existing key
ssh-keygen -p -f <path-to-key>
Sometimes, you need to create a certificate at the same time as a key.
from here: https://support.microfocus.com/kb/doc.php?id=7013103:
openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout key.pem -out cert.pem