ssh

SSH is the secure shell protocol. It allows you to attach your terminal window to a remote server and execute commands in it. It's highly useful.

Generate a key

$ ssh-keygen -b 2048 -t rsa -q -N "" -f <file_name>

Attach to remote server

$ ssh <username>@<ip>

Connect to ssh server

ssh -i <path/to/file> <name>@<ip>

or with a ~/.ssh/configfile

ssh <Host>

Add SSH key to server

$ ssh-keygen -f ~/.ssh/<key-name>         # interactively generate keys
$ ssh-copy-id -i <ssh-keyfile> <remote>   # copy key to remote

If you don't own the private key, the server will throw a warning - e.g. when installing a friends public key. You can pass the -f flag to ssh-copy-id to force install it anwyay. If you want to preview how things work pass it the -n flag for a dry run.

• 3-steps-to-ssh

Managing configuration

ssh(1) obtains configuration data from the following sources in the following order:

1. command-line options
2. user's configuration file (~/.ssh/config)
3. system-wide configuration file (/etc/ssh/ssh_config) ```txt

   ~/.ssh/config

   Host SERVER1 IdentitiesOnly yes IdentityFile ~/.ssh/id_rsa_SERVER1

Host SERVER2 IdentitiesOnly yes IdentityFile ~/.ssh/id_ed25519_SERVER2

Host server1 HostName server1.cyberciti.biz User nixcraft Port 4242 IdentityFile /nfs/shared/users/nixcraft/keys/server1/id_rsa

- [create ssh config file on linux](http://www.cyberciti.biz/faq/create-ssh-config-file-on-linux-unix/)

A good naming scheme for SSH host is to end it on the domain. E.g. I've got a
sinle server in Sydney which is called `sydney1.yoshua`; for a client I might
name it `region.clientname`.

## Files
- `~/.ssh`: holds all `ssh` configuration
- `~/.ssh/known_hosts`: connect to a server, make sure it's not an
  impersonator.
- `~/.ssh/authorized_keys`: let the server authenticate the user.

## Copying files
### rsync
`rsync` is probably the fastest way of getting files across, _but_ it has one
major caveat: it needs to be installed on both sides. If that's the case then
copying files over is easy-peasy.

```sh
# recursively copy files to remote
$ rsync -r -e ssh <username>@<remote>:<path> <files-to-copy>
$ rsync -r -e ssh [email protected]:/~ ./my-dir

To specify the location of rsync on the remote you can pass in the --rsync-path= flag.

scp

Secure copy is a less performant alternative to rsync but does not require to be installed on both sides. On the flip side: it acts more as an extension to ssh than rsync by allowing similar configuration to be passed in.

scp reads commands from source > destination, and thus allows copying files from remote to remote.

$ scp [opts] <source> <destination>
$ scp <files-to-copy> <user>@<remote>:<path>         # copy a file
$ scp -i ./linux/id_rsa ./file.dat [email protected]:~/  # use an ssh id file
$ scp -r [!.]* [email protected]:~/   # copy dir recursively excluding dotfiles
$ scp -p "$infile" "$remote":~/"$outfile"   # preserve permissions

To copy a file with an intermediate host using scp: [ tbi ]

• stackoverflow/intermediate-host-copy

connection multiplexing

Multiple connections can be shared using the -M flag.

compare key files

Generate a public key from a private key, and compare it with an existing public key.

$ diff <(ssh-keygen -y -f <path_to_private_key.pem>) <path_to_public_key.pub>

Exit ssh if frozen

$ <Enter>~.