SSH Basics
When using external servers, services like Github etc. it’s hard not to come across topic of SSH. It’s a protocol that allow safe remote connection with external device. SSH secures transmission and makes basic usage quite easy.
Connecting
Basic syntax looks as follows:
ssh username@host_url
… and in huge chunk of cases that’s it :) . You’ll be asked for password, after which connection is ready.
During the very first connection there’s a chance additional question will pop up, just to make sure it’s being established with the right host. After accepting the host will be added to known_hosts file (which can be found in ~/.ssh on Linux).
SSH Keys
Typing passwords sucks. With SSH there’s a much nicer variant - asynchronous keys. Public key is a sharable one, something that’s being uploaded on a target device. while private one is stored in secret.
The idea is that a pair of keys is being created for each device we want to connect from (ok, I know - you can share the keys and use them on multiple devices, but it can lead to issues) and the public one is uploaded on the target server / service.
The keys can be created this way:
ssh-keygen -t ed25519
You set the path to save the file with filename (by default it’s /.ssh) and as an option a password for securing the key.
The file with .pub is naturally a public key, which should be transferred to the target device / service.
Uploading keys
The first variant is a manual upload. You need to log in on a target normally (for example with ssh using password). Next you append contents of the .pub file to the ~/.ssh/authorized_keys (you can check the contents of pub file in any text editor or with any other method like cat file_name). Here’s a sample approach:
echo pub_file_contents >> ~/.ssh/authorized_keys
There’s much more straightforward method though:
ssh-copy-id username@remote_host -i path_to_pub_keyfile
Unusual use cases
- Connection bypassing
known_hostsentries
ssh -o UserKnownHostsFile=/dev/null user@ip
- Connecting without using the keys
ssh -o PubkeyAuthentication=no user@ip
The options can be used together. They can come handy for example when the server is being restarted in rescue mode, when the server signature changes and differs from the one in known_hosts.
Storing configuration
To store chosen configuration (for example when some specific, separate key is used) you can create ~/.ssh/config file and add entry like:
Host somename
HostName host_url
PubkeyAuthentication yes
IdentityFile path_to_keyfile
Links
https://linuxize.com/post/using-the-ssh-config-file/
https://www.redswitches.com/blog/use-the-ssh-config-file-for-openssh-users/
https://www.ssh.com/academy/ssh/config
https://www.youtube.com/watch?v=PjDFk8xdtGw