Skip to content

Instantly share code, notes, and snippets.

@MarcosBernal
Last active October 30, 2020 00:27
Show Gist options
  • Save MarcosBernal/8b826af6260e7d1b24d4f11794a87687 to your computer and use it in GitHub Desktop.
Save MarcosBernal/8b826af6260e7d1b24d4f11794a87687 to your computer and use it in GitHub Desktop.
SSH configuration, key creation and key fingerprint check

Generating a key pair with ssh-genkey

  1. Generate the key with $ ssh-keygen -t rsa -b 4096 -v and when asked to enter file in which to save the key, type my-certificate and when asked to enter passphrase, press Enter (empty passphrase) and confirm by Enter.
  2. You will get two files generated, one will be my-certificate and one will be my-certificate.pub, make my-certificate on your computer read-only sudo chmod 400 my-certificate
  3. Upload the public certificate to to server: ssh-copy-id -i my-certificate.pub user@hostname
    • By default appends user key in ~/.ssh/authorized_keys of the remote machine
    • In case of requiring to force password authentication: -o PreferredAuthentications=password
  4. OPTIONAL To copy your key to your clipboard: xclip -selection clipboard < my-certificate.pub
Protect identity with keyring when using clients like git
  1. Launch ssh-agent: eval $(ssh-agent)
  2. Add identity: ssh-add my-certificate

Connect to a server/computer via ssh using either

ssh [-i my-certificate] [user@]hostname

  • You might add the param [-X] for allowing graphical applications
  • Hostname can be either a domain name or an ip address
  • Without the certificate, you can use the user password(server)
  • To use several configurations easily the file ~/.ssh/

Check the fingerprint of a key, i.e. when connecting a unknown host

ssh-keygen -l [-E md5] -f filename i.e. ssh-keygen -l -f /etc/ssh/ssh_host_ecdsa_key.pub

  • The path /etc/ssh/ssh_host_ecdsa_key.pub contains the key of the user@hostname created when installing the ssh-server
  • In old systems like ubuntu 12.04 -E md5 could be required (old hash format)
  • To check already known hosts(servers) use the file ~/.ssh/known_hosts i.e. ssh-keygen -l -f ~/.ssh/known_hosts
  • SSH access are stored at /var/log/auth.log

Work/Mount a remote folder in a local machine

sshfs USER@ADDRESS:absolute_remote_path absolute_local_path [-o IdentityFile=absolute_path]

  • To end cleanly the shared folder: fusermount -u absolute_local_path

Sources:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment