SSH
Secure SHell (SSH) is a remote access program for *nix machines. It can be used to obtain both command-line and graphical (via the command line) access to machines.
Basic usage
The basic syntax for SSH is:
ssh user@remote
Where user and remote are replaced by the username and remote machine name (the machine name can also be an IP address). If the username is left off, SSH will default to the current username:
ssh remote
The default authentication method is username/password, but a variety of authentication methods exist, of which the most popular alternative is SSH keys (see configuration section).
Configuration
SSH can be configured to simplify a number of workflows. The most common of these configurations are setting up a config file for hostnames and adding SSH keys.
SSH keys
"SSH" keys are RSA keypairs.
To generate a keypair, use ssh-keygen:
ssh-keygen
You will be asked a series of questions, generally the default (no answer) is fine:
you@local (~) ∑ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/you/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/you/.ssh/id_rsa.
Your public key has been saved in /home/you/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:1234567890ABCDEFGH1234567890 you@local
The key's randomart image is:
+---[RSA 3072]----+
| ^__^ |
| (oo)\_______ |
| (__)\ )\/\|
| ||----w | |
| || || |
+----[SHA256]-----+
you@local (~) ∑
If you like, you can increase the number of bits used in the RSA key, for example to 4096:
ssh-keygen -b 4096
If you only generate one SSH key, it will be the default used by SSH when connecting to any remote server, which may not be what you want. If you want to have multiple SSH keys, a good organizational tip is to have a keys folder in your .ssh directory:
you@local (~) ∑ tree ~/.ssh
/home/you/.ssh
├── config
├── keys
│ ├── school.key
│ ├── school.key.pub
│ ├── github.key
│ ├── github.key.pub
│ ├── gitlab.key
│ └── gitlab.key.pub
└── known_hosts
1 directory, 8 files
you@local (~) ∑
This will let you use a config file (next section) to control which keys are used for which machines.
Config file
The basic syntax of the SSH config file is:
Host symbolic name
HostName machine hostname
User username
IdentityFile /path/to/a/key
Suppose I had three keys, one for school, one for GitHub, and one for GitLab. My config file could look like this:
Host github.com
HostName github.com
User git
IdentityFile ~/.ssh/keys/github.key
Host gitlab.com
HostName gitlab.com
User git
IdentityFile ~/.ssh/keys/gitlab.key
Host school
HostName remote@school.edu
User schoolid
IdentityFile ~/.ssh/keys/school
Warning
The username for Git source control repositories must be git, unless you have been told that it is otherwise.
Note that the Host and HostName values do not have to match. The Host value is what you will type on the command line, and the HostName is what SSH uses to make the connection. So if I wanted to login to the school machine, which is actually remote@school.edu, I would type:
ssh school
Advanced usage
Other ports
The default port for SSH is 22. To connect to an SSH daemon on another port, use the -p flag:
ssh -p user@remote
Specifying identity file
To specify the identity file to use (which you generally don't have to do if you use a config file), use the -i flag:
ssh -i /path/to/key/file user@remote
Remote graphical windows
To run graphical commands on the remote machine (often called "throwing the X display back"), use the -X flag:
ssh -X user@remote
Using keys with other programs
The keys used by command-line SSH can also be used by other programs, such as SCP.