Last modified on 12 Oct 2020.
How it works?
- Local creates
- Remote sends messages encrypted based on
- Local has to use
private_keyto understand (decrypt) remote’s messages.
Generate a public key
- Windows: Using below command, if it asks for a location, indicate
ssh-keygen -t rsa -b 4096 -C "[email protected]" # without email ssh-keygen -t rsa -f ~/.ssh/id_rsa.home
Multiple ssh keys
- Create key with different names, e.g.
- Add to
Host home Hostname home.example.com IdentityFile ~/.ssh/id_rsa.home User <your home acct> Host work Hostname work.example.com IdentityFile ~/.ssh/id_rsa.work User <your work acct>
- Add to ssh-agent (don’t need to retype password again)
eval "$(ssh-agent -s)" ssh-add ~/.ssh/id_rsa.home ssh-add ~/.ssh/id_rsa.work
- Don’t forget to clone you repo with
Add public key to remote
Suppose that we wanna connect to a remote host
[email protected] from a local machine.
- On local machine, copy public key at
~/.ssh(Linux) (something like
id_rsa.pub) (copy its content).
- On remote server (Linux), go to
~/.ssh, open file authorized_keys by
- Be carefull, you can modify the current keys!
- Go to the end of this file (by W)
- Press I to enter to the editing mode, press Enter for a new line.
- Using mouse to copy/paste the key in the 1st step (on your local machine).
- Note that, each key stays in a separated line.
- ESC and then type
:wqto quick and save.
- Try to connect again!
# CHECK VERSION ssh -V
# DISCONNECT exit
# COPY FILE: LOCAL -> REMOTE scp local_file [email protected]:/var/tmp/ # multiple files, using wildcat "\*"
# REMOTE -> LOCAL scp [email protected]:/usr/local/bin/add.sh . # multiple files, using wildcat "\*"
# pass inside the command sudo apt-get install sshpass sshpass -p your_password ssh [email protected]
Command line parameters
# FOR EXAMPLE ssh -C # use data compression
Below are some popular commands[ref] :
# check the full list man ssh
# exit background running sudo apt install net-tools netstat -lepunt # kill a process, e.g. 29231/ssh kill <pid> # eg. kill 29231
-C: use data compression.
-f: Requests ssh to go to background just before command execution
-L: local port forwarding[ref] .
-N: Do not execute a remote command. This is useful for just forwarding ports
-p <port>: port to connect.
-q: quiet mode.
-v: verbose mode.
-X: running GUI remote app locally.
# REMOTE HOST IDENTIFICATION HAS CHANGED # Offending ECDSA key in /home/thi/.ssh/known_hosts:21 # SOLUTION: # Open /home/thi/.ssh/known_host and delete line 21