SSH

Anh-Thi Dinh

How it works?

  1. Local creates public_key (id_rsa.pub) & private_key (id_rsa).
  1. Only private_key can understand public_key.
  1. Remote sends messages encrypted based on public_key.
  1. Local has to use private_key to understand (decrypt) remote's messages.

Generate a public key

  • Windows: Using below command, if it asks for a location, indicate C:\Users\dinha\.ssh\
  • Linux: /home/thi/.ssh/
    • 1ssh-keygen -t rsa -b 4096 -C "[email protected]"
      2# without email
      3ssh-keygen -t rsa -f ~/.ssh/id_rsa.home

Multiple ssh keys

  1. Create key with different names, e.g. id_rsa.home, id_rsa.work.
  1. Add to ~/.ssh/config
    1. 1Host home
      2Hostname home.example.com
      3IdentityFile ~/.ssh/id_rsa.home
      4User <your home acct>
      5#
      6Host work
      7Hostname work.example.com
      8IdentityFile ~/.ssh/id_rsa.work
      9User <your work acct>
  1. Add to ssh-agent (don't need to retype password again)
    1. 1eval "$(ssh-agent -s)"
      2ssh-add ~/.ssh/id_rsa.home
      3ssh-add ~/.ssh/id_rsa.work
  1. Don't forget to clone you repo with git instead of https.

Add public key to remote

Suppose that we wanna connect to a remote host [email protected] from a local machine.
  1. On local machine, copy public key at C:/Users/dinha/.ssh (Windows) and ~/.ssh (Linux) (something like id_rsa.pub) (copy its content).
  1. On remote server (Linux), go to ~/.ssh, open file authorized_keys by vim authorized_keys
    1. Be carefull, you can modify the current keys!
    2. Go to the end of this file (by W)
    3. Press I to enter to the editing mode, press Enter for a new line.
    4. Using mouse to copy/paste the key in the 1st step (on your local machine).
    5. Note that, each key stays in a separated line.
    6. ESC and then type :wq to quick and save.
    7. Try to connect again!

Connecting

1ssh remote_username@remote_host
2ssh remote_username@remote_host -p remote_port
1# CHECK VERSION
2ssh -V
1# DISCONNECT
2exit
1# COPY FILE: LOCAL -> REMOTE
2scp local_file user@remote-host:/var/tmp/
3
4# multiple files, using wildcat "\*"
1# REMOTE -> LOCAL
2scp user@remote:/usr/local/bin/add.sh .
3
4# multiple files, using wildcat "\*"
1# Pass inside the command
2sudo apt-get install sshpass
3sshpass -p your_password ssh user@hostname
1# copy with sudo on remote
2# 1. copy to a place you have permissions
3scp * thi@remote:/home/thi/tmp/
4# 2. move to the place you want
5ssh thi@remote sudo mv /home/thi/tmp/\* /place/we/want

Command line parameters

1# FOR EXAMPLE
2ssh -C # use data compression
Below are some popular commands (ref):
1# check the full list
2man ssh
1# exit background running
2sudo apt install net-tools
3netstat -lepunt
4
5# kill a process, e.g. 29231/ssh
6kill <pid> # eg. kill 29231
  • C: use data compression.
  • f: Requests ssh to go to background just before command execution
  • L <local-port>:remote.com:80: local port forwarding (ref).
  • N: Do not execute a remote command. This is useful for just forwarding ports
  • p <port>: port to connect.
  • q: quiet mode.
  • v: verbose mode.
  • X: running GUI remote app locally.

Errors

1# REMOTE HOST IDENTIFICATION HAS CHANGED
2# Offending ECDSA key in /home/thi/.ssh/known_hosts:21
3
4# SOLUTION:
5# Open /home/thi/.ssh/known_host and delete line 21