Daniel Fernandes
Notes

SSH

Based on Veronica Explains “Open SSH for absolute beginners”

https://youtu.be/3FKsdbjzBcc

Configure Server

Check if sshd is running

sudo systemctl status sshd

To install the server:

sudo apt install openssh-server

NOTE: The package name may differ by distro.

Start ssh server:

sudo systemctl start sshd # start it now
sudo systemctl enable sshd # start it on boot

To find the IP address:

ip a # most use cases
hostname -I # basic servers

Recommended to use static IPs.

Windows has an ssh server (recent version).

Connecting

On the client:

ssh [-i ~/.ssh/<filename>] <server-username>@<host-ip> [-p <port>]

In prod envs, fingerprints will be provided to verify that you’re connecting to the correct server.

Tunnelling a network port

This is useful for Jupyter Notebooks, for example.

ssh [-i ~/.ssh/<filename>] -L 8888:localhost:8888 <server-username>@<host-ip>

Key-based authentication

Good practice to disable password auth for security.

To generate keys on client:

ssh-keygen -t ed25519 -f ~/.ssh/<filename> -C "<useful comment>"

ed25519 is the keygen algo filename allows having different keys for different servers. comment: commonly used as user-server / device name

Hightly recommended to set a passphrase for any admin / sudo account.

This will generate the .pub and private key.

To send the keys to server:

ssh-copy-id -i .ssh/<filename>.pub [-p <port>] <server-username>@<host-ip>

Turn off password auth

On server:

sudo vi /etc/ssh/sshd_config
# make sure this line is present
PasswordAuthentication no
# turn this off if it's there (rare)
PubkeyAuthentication yes
# if you're not sshing into root
PermitRootLogin no

Reload sshd:

sudo systemctl reload sshd

SSH Config File

Makes it easy to connect to servers

vi .ssh/config
Host <friendly-name>
	HostName <ip-addr>
	Port <port no.>
	IdetitiyFile ~/.ssh/<filename>
	User <username>
	LocalForward 8888 localhost:8888

Now to connect:

ssh <friendly-name>

Good to keep an encrypted backup of the .ssh/ folder.

Using SSH with git

Authentication

Host github.com
        IdentityFile ~/.ssh/id_ed25519.git
        User git

Signing

git config --global gpg.format ssh
git config --global user.signingkey ~/.ssh/id_ed25519.git.pub

Debugging

Issues with using git clone?

ssh -vT git@github.com