ruk·si

ssh, ssh-agent and scp

Updated at 2017-01-09 02:23

This note is about SSH related commands on Unix machines.

ssh command is an OpenSSH SSH client, a remote login program.

# logging in using details in `~/.ssh/config` or the current user
ssh workwork.com

# logging in as a specific user
ssh ruksi@workwork.com

# logging in using a specific identity file
ssh -i ~/.ssh/id_home_to_workwork workwork.com

You can use ssh to execute commands on the remote host.

# run the uptime command on remote host
ssh ruksi@workwork.com "uptime"

# execute commands on target host and return the results to the local machine
ssh ruksi@workwork.com "mysqldump | gzip" > production.sql.gz

You can use ssh to tunnel connections.

# localhost:8080 -> workwork.com:22 -> hostname.com:80
ssh -L 8080:hostname.com:80 ruksi@workwork.com

You should configure ssh so you don't have to write all of those parameters.

# ~/.ssh/config
Host workwork.com
    IdentityFile ~/.ssh/id_laptop_to_workwork
Host github.com
    IdentityFile ~/.ssh/id_laptop_to_github
Host home
    Hostname 123.11.15.158
    Port 6000
    User ruksi
    IdentityFile ~/.ssh/id_laptop_to_home

You can establish a SSH tunnel.

# ~/.ssh/config
Host database_tunnel
    HostName databasehost.com
    IdentityFile ~/.ssh/id_all_to_databasehost_com
    LocalForward 9906 127.0.0.1:3306
    User ruksi

# Usage:
# -f = Requests ssh to go to background just before command execution.
# -N = Do not execute a remote command.
# ssh -f -N database_tunnel

ssh-agent

ssh-agent is a program that holds private keys used for public key auth.

The program is usually started in the beginning of a login session.

ps -ax | grep [s]sh-agent

ssh-keygen

ssh-keygen generates and converts authentication keys for SSH.

# ~/.ssh should contain all your SSH configurations and identities
cd ~/.ssh
ssh-keygen -t rsa -b 4096 -C "me@ruk.si"

Computers have a ~/.ssh/authorized_keys file per user that contains a list of public SSH keys that allow access to that specific user.

You should name your identity files uniformly. E.g. I use id_<ORGANIZATION>_<SERVICE/DESTINATION>.

id_aws_donky
id_merkurius_to_aws_donky
id_companyx_digital_ocean_staging
id_companyx_azure_megaserver

ssh-add

If a command keeps requesting for SSH key password, you can add it to the authentication agent.

git clone git@github.com/example/repo.gi
# => Enter passphrase for key...

ssh-add ~/.ssh/keyname
# input the password once and be done with it until reboot
git clone git@github.com/example/repo.gi
# works without a password

ssh-add -l  # lists fingerprints of all identities in the agent
ssh-add -L  # lists public key of all identities in the agent
ssh-add -d  # remove a specific identity from the agent
ssh-add -D  # remove all identities from the agent

scp

You can use secure copy scp to copy files from a computer to another. scp comes with SSH.

scp /file/to/copy.txt  /destination/path

# Copy local archives to remote server.
scp *.tar.gz user@host.com:/path/on/destination

# Copy from remote to local.
scp user@host.com:/path/to/file .

# Copy from remote to local while using specified identity file.
scp -i ~/.ssh/id_source_to_destionation user@host.com:/path/to/file.txt ~/