ssh, ssh-agent and scp
This note is about SSH related commands on Unix machines.
ssh
command is an OpenSSH SSH client, a remote login program.
# logging in using details in `~/.ssh/config` or the current user
ssh workwork.com
# logging in as a specific user
ssh ruksi@workwork.com
# logging in using a specific identity file
ssh -i ~/.ssh/id_home_to_workwork workwork.com
You can use ssh
to execute commands on the remote host.
# run the uptime command on remote host
ssh ruksi@workwork.com "uptime"
# execute commands on target host and return the results to the local machine
ssh ruksi@workwork.com "mysqldump | gzip" > production.sql.gz
You can use ssh
to tunnel connections.
# localhost:8080 -> workwork.com:22 -> hostname.com:80
ssh -L 8080:hostname.com:80 ruksi@workwork.com
You should configure ssh
so you don't have to write all of those parameters.
# ~/.ssh/config
Host workwork.com
IdentityFile ~/.ssh/id_laptop_to_workwork
Host github.com
IdentityFile ~/.ssh/id_laptop_to_github
Host home
Hostname 123.11.15.158
Port 6000
User ruksi
IdentityFile ~/.ssh/id_laptop_to_home
You can establish a SSH tunnel.
# ~/.ssh/config
Host database_tunnel
HostName databasehost.com
IdentityFile ~/.ssh/id_all_to_databasehost_com
LocalForward 9906 127.0.0.1:3306
User ruksi
# Usage:
# -f = Requests ssh to go to background just before command execution.
# -N = Do not execute a remote command.
# ssh -f -N database_tunnel
ssh-agent
ssh-agent
is a program that holds private keys used for public key auth.
The program is usually started in the beginning of a login session.
ps -ax | grep [s]sh-agent
ssh-keygen
ssh-keygen
generates and converts authentication keys for SSH.
# ~/.ssh should contain all your SSH configurations and identities
cd ~/.ssh
ssh-keygen -t rsa -b 4096 -C "me@ruk.si"
Computers have a ~/.ssh/authorized_keys
file per user that contains a list of public SSH keys that allow access to that specific user.
You should name your identity files uniformly. E.g. I use id_<ORGANIZATION>_<SERVICE/DESTINATION>
.
id_aws_donky
id_merkurius_to_aws_donky
id_companyx_digital_ocean_staging
id_companyx_azure_megaserver
ssh-add
If a command keeps requesting for SSH key password, you can add it to the authentication agent.
git clone git@github.com/example/repo.gi
# => Enter passphrase for key...
ssh-add ~/.ssh/keyname
# input the password once and be done with it until reboot
git clone git@github.com/example/repo.gi
# works without a password
ssh-add -l # lists fingerprints of all identities in the agent
ssh-add -L # lists public key of all identities in the agent
ssh-add -d # remove a specific identity from the agent
ssh-add -D # remove all identities from the agent
scp
You can use secure copy scp
to copy files from a computer to another. scp
comes with SSH.
scp /file/to/copy.txt /destination/path
# Copy local archives to remote server.
scp *.tar.gz user@host.com:/path/on/destination
# Copy from remote to local.
scp user@host.com:/path/to/file .
# Copy from remote to local while using specified identity file.
scp -i ~/.ssh/id_source_to_destionation user@host.com:/path/to/file.txt ~/