SSH is the secure shell protocol. It allows you to attach your terminal window to a remote server and execute commands in it. It's highly useful.
Generate a key
$ ssh-keygen -b 2048 -t rsa -q -N "" -f <file_name>
Attach to remote server
$ ssh <username>@<ip>
Connect to ssh server
ssh -i <path/to/file> <name>@<ip>
or with a
Add SSH key to server
$ ssh-keygen -f ~/.ssh/<key-name> # interactively generate keys $ ssh-copy-id -i <ssh-keyfile> <remote> # copy key to remote
If you don't own the private key, the server will throw a warning - e.g. when
installing a friends public key. You can pass the
-f flag to
force install it anwyay. If you want to preview how things work pass it the
-n flag for a dry run.
ssh(1) obtains configuration data from the following sources in the following
- command-line options
- user's configuration file (~/.ssh/config)
- system-wide configuration file (/etc/ssh/ssh_config)
~/.ssh/configHost SERVER1 IdentitiesOnly yes IdentityFile ~/.ssh/id_rsa_SERVER1
Host SERVER2 IdentitiesOnly yes IdentityFile ~/.ssh/id_ed25519_SERVER2
Host server1 HostName server1.cyberciti.biz User nixcraft Port 4242 IdentityFile /nfs/shared/users/nixcraft/keys/server1/id_rsa
- [create ssh config file on linux](http://www.cyberciti.biz/faq/create-ssh-config-file-on-linux-unix/) A good naming scheme for SSH host is to end it on the domain. E.g. I've got a sinle server in Sydney which is called `sydney1.yoshua`; for a client I might name it `region.clientname`. ## Files - `~/.ssh`: holds all `ssh` configuration - `~/.ssh/known_hosts`: connect to a server, make sure it's not an impersonator. - `~/.ssh/authorized_keys`: let the server authenticate the user. ## Copying files ### rsync `rsync` is probably the fastest way of getting files across, _but_ it has one major caveat: it needs to be installed on both sides. If that's the case then copying files over is easy-peasy. ```sh # recursively copy files to remote $ rsync -r -e ssh <username>@<remote>:<path> <files-to-copy> $ rsync -r -e ssh [email protected]:/~ ./my-dir
To specify the location of
rsync on the remote you can pass in the
Secure copy is a less performant alternative to
rsync but does not require to
be installed on both sides. On the flip side: it acts more as an extension to
rsync by allowing similar configuration to be passed in.
scp reads commands from
source > destination, and thus allows copying files
from remote to remote.
$ scp [opts] <source> <destination> $ scp <files-to-copy> <user>@<remote>:<path> # copy a file $ scp -i ./linux/id_rsa ./file.dat [email protected]:~/ # use an ssh id file $ scp -r [!.]* [email protected]:~/ # copy dir recursively excluding dotfiles $ scp -p "$infile" "$remote":~/"$outfile" # preserve permissions
To copy a file with an intermediate host using
[ tbi ]
Multiple connections can be shared using the
compare key files
Generate a public key from a private key, and compare it with an existing public key.
$ diff <(ssh-keygen -y -f <path_to_private_key.pem>) <path_to_public_key.pub>
Exit ssh if frozen