Ssh: Difference between revisions
| (7 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
{{lowercase title}} | {{lowercase title}} | ||
== Cheat Sheet == | |||
<pre> | |||
ssh-keygen -t ed25519 -a 31 (public/private key) | |||
ssh -L localhost:2222:perth:22 tube (create tunnel) | |||
hg clone ssh://hg@localhost:2222/irc/peplab-dev dev (use the tunnel for mercurial) | |||
</pre> | |||
== Basics == | |||
To log into a remote computer that's running an ssh server: | To log into a remote computer that's running an ssh server: | ||
<pre> | <pre> | ||
| Line 57: | Line 68: | ||
To create a public/private key pair: | To create a public/private key pair: | ||
<pre> | <pre> | ||
ssh-keygen -t ecdsa -b 521 (currently best security) | ssh-keygen -t rsa -b 8192 (for servers with SSH2 but without ecdsa) | ||
ssh-keygen -t | ssh-keygen -t ecdsa -b 521 (currently best security for SSH1) | ||
ssh-keygen -t ed25519 -a 31 (new) | |||
</pre> | </pre> | ||
| Line 74: | Line 86: | ||
chmod 600 ~/.ssh/authorized_keys | chmod 600 ~/.ssh/authorized_keys | ||
</pre> | </pre> | ||
ALSO: some older Ubuntu's won't accept ecdsa keys. | |||
Latest revision as of 17:04, 23 March 2020
Cheat Sheet
ssh-keygen -t ed25519 -a 31 (public/private key) ssh -L localhost:2222:perth:22 tube (create tunnel) hg clone ssh://hg@localhost:2222/irc/peplab-dev dev (use the tunnel for mercurial)
Basics
To log into a remote computer that's running an ssh server:
ssh -l barney myserver.com
or
ssh barney@myserver.com
To copy a file to barney's home directory on a remote computer:
scp test.txt barney@myserver.com:
To copy a directory to barney's home directory on a remote computer:
scp -r my_dir/ barney@myserver.com:
To copy a file to another directory on a remote computer:
scp test.txt barney@myserver.com:/tmp
To copy a file from a remote computer to a local computer:
scp barney@myserver.com:test.txt .
To execute a command on a remote computer (uses home directory as current):
ssh barney@myserver.com pwd
If the username is the same on both local and remote computers, it may be omitted in the above commands.
SSH server listening on alternate port
If the SSH server is listening on port 1234 instead of the standard 22, modify the commands as follows:
ssh -p1234 ...
and
scp -P1234 ...
Public/Private Keys
https://help.ubuntu.com/community/SSH/OpenSSH/Keys
SSH is a client-server protocol. You use an ssh client to connect to a remote host running an ssh server (where you already have an account). Your public key is stored on the remote computer. ssh-agent runs on the local machine, and you must give it your private key and a passphrase to unlock it (with ssh-add).
Port forwarding or tunneling reroutes a TCP/IP connection to pass through an SSH connection.
Public/private key combinations are an alternative to passwords and are useful for automated logins and file transfers. The local user creates a public/private key pair and gives the public key to the remote user. When the local user tries to log in to the remote account, the remote host uses local's public key to encrypt a random string. The local user then decrypts this with his private key and sends it back to the remote host. This authenticates the local user to the remote user account.
To create a public/private key pair:
ssh-keygen -t rsa -b 8192 (for servers with SSH2 but without ecdsa) ssh-keygen -t ecdsa -b 521 (currently best security for SSH1) ssh-keygen -t ed25519 -a 31 (new)
This creates a public key at ~/.ssh/id_ecdsa.pub and a private key at ~/.ssh/id_ecdsa
To set up key-based login from larry@local to roger@remote:
- Login as
larry@localand run thessh-keygencommand. - Copy the text from
~larry/.ssh/id_dsa.pubon local and append it to~roger/.ssh/authorized_keyson remote. - From the
larry@localaccount, typessh roger@remote. You should not be prompted forroger@remote's password. If you supplied a passphrase when generating the key pair, you will be asked for this. If you left the passphrase blank, you won't be asked for any authentication.
Troubleshooting permissions
chmod go-w ~/ chmod 700 ~/.ssh chmod 600 ~/.ssh/authorized_keys
ALSO: some older Ubuntu's won't accept ecdsa keys.