DEV Community

Cover image for Things I want to remember about SSH

Things I want to remember about SSH

Aidas Bendoraitis on October 24, 2019

SSH, short for Secure Shell, is a protocol for secure network communications. It is widely used for executing commands on remote servers, and for f...
Collapse
 
moopet profile image
Ben Sinclair

You can also copy your public key to a remote server's authorized_keys file using ssh-copy-id which is available on most systems. I think it didn't used to be installed on MacOS but am pretty sure it's there in the newer versions.

Collapse
 
ferricoxide profile image
Thomas H Jones II

Suuuuuuuper useful if your in an org that demands keys be rotated frequently (but don't have PKI-enabled SSHDs on the target systems).

Collapse
 
djangotricks profile image
Aidas Bendoraitis

Thanks for the note. I didn't know about it.

Collapse
 
djangotricks profile image
Aidas Bendoraitis

Just for others to see, the syntax of this tool is as follows:

$ ssh-copy-id -i ~/.ssh/examplecom_id_rsa the_user@example.com
Collapse
 
manoharvoggu profile image
Voggu Manohar Reddy

It's available in MacOS too :)

Collapse
 
jrwren profile image
Jay R. Wren

In addition to ssh-copy-id that is already mentioned is ssh-import-id which copies a key from launchpad.net or github.com.

It is available in ubuntu and maybe elsewhere by default.

It is roughly equivalent to curl -s https://api.github.com/users/$USER/keys | jq -r .[].key >> ~/.ssh/authorized_keys assuming your username is the same on github as it is on the linux system.

Collapse
 
djangotricks profile image
Aidas Bendoraitis

Does that mean that Github ir Launchpad gets access to the files on your computer?

Collapse
 
jrwren profile image
Jay R. Wren

No. The ssh-import-id runs on your computer and calls remote API and writes the file on your computer.

Collapse
 
djangotricks profile image
Aidas Bendoraitis • Edited

Here is what would be necessary to enter to the Terminal:

$ ssh-keygen -t ed25519 -b 4096
Generating public/private ed25519 key pair.
Enter file in which to save the key (~/.ssh/id_ed25519): ~/.ssh/examplecom_id_ed25519
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in ~/.ssh/examplecom_id_ed25519.
Your public key has been saved in ~/.ssh/examplecom_id_ed25519.pub.
...
$ ssh-agent /usr/local/bin/bash
$ ssh-add ~/.ssh/examplecom_id_ed25519
$ pbcopy < ~/.ssh/examplecom_id_ed25519.pub
Collapse
 
ferricoxide profile image
Thomas H Jones II

With respect to rsync:

  • If you're uploading large data-streams, it's best to override the default cipher to one better-optimized to that use-case (Blowfish used to be a good choice)
  • If you're needing to transfer a bunch of files in a bunch of directories, you can sometimes (e.g., if you're going over a WAN link that implements session-limits …and annoyingly common configuration problem) get better performance by running rsync in concert with the parallel command

Speaking of performance…

If someone ever complains about network throughput speeds, never use SSH-enabled techniques for bandwidth testing. The encryption-overhead of SSH means that such tests will never really show you your network's actual capabilities (unless your network is so degraded that SSH's encryption is no longer a bottleneck).

Collapse
 
djangotricks profile image
Aidas Bendoraitis

These are interesting tips. Thanks.

Collapse
 
trasherdk profile image
TrasherDK

You might want to mention, that using user@password authentication on a public facing ssh server is not recommended.

Brute force attacks are running 24/7

Collapse
 
djangotricks profile image
Aidas Bendoraitis

Does it work with GitHub, Bitbucket, and other online services? Or is it only for internal server communication?

 
djangotricks profile image
Aidas Bendoraitis

Thanks. That's very useful.