Differences

This shows you the differences between two versions of the page.

--- it_tips:ssh [2017/05/03 14:46]
florido [SSH key pair quick setup]
+++ it_tips:ssh [2023/10/09 14:27] (current)
florido
@@ Line 12: / Line 12: @@
 This file is very useful to create ssh shortcuts to servers and add specific options for each server. In what follows I show some examples of how this can be used. You can edit the file with any text editor of your choice, it's a simple text file.
+===== Prevent broken pipe when not using the client =====
+Sometimes you're connected to a server but you are not interacting with the ssh client because you have other things to do. In many cases the server will disconnect you if it doesn't see any activity (in jargon, you're //idle//)
+To prevent such disconnection add to your ''~/.ssh/config'' the following:
+<code bash>
+Host *
+  ServerAliveInterval 30
+</code>
+you may tweak that number to be less aggressive eventually. Typical intervals are 60, 90, 120.
+This should be done on the machine where you launch the ''ssh'' command, to keep that machine in contact with the server.
 ===== Speedup connection using tunneling =====
@@ Line 143: / Line 157: @@
 ==== SSH key pair quick setup ====
-  - Generate a private/public keypair **with password** and strong encryption((NIST complexity recommendations, http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57Pt3r1.pdf)): <code:bash> ssh-keygen -b 4096 -f ~/.ssh/myid_rsa
+We will generate a public/private key pair called //myid_rsa// and //myid_rsa.pub// and copy it to a machine called ''watto.matfys.lth.se'' in order to login to it.
+  - Generate a private/public keypair **with password** and strong encryption((NIST complexity recommendations, http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57Pt3r1.pdf)): Command: <code:bash> ssh-keygen -b 4096 -f ~/.ssh/myid_rsa</code>Result:<code:bash>
 Generating public/private rsa key pair.
 Enter passphrase (empty for no passphrase):
@@ Line 164: / Line 180: @@
 +-----------------+
 </code>
-  - Make sure the permissions are correct: <code:bash>
+  - Make sure the permissions are correct: Commands:<code:bash>chmod 600 ~/.ssh/myid_rsa; chmod 644  ~/.ssh/myid_rsa.pub; ls -ltrah ~/.ssh/myid_rsa*</code>Result:<code:bash>
-tjatte:~> chmod 600 ~/.ssh/myid_rsa; chmod 644  ~/.ssh/myid_rsa.pub; ls -ltrah ~/.ssh/myid_rsa*</code>
-<code:bash>
 -rw------- 1 pflorido hep 3,3K maj  3 13:59 /nfs/users/floridop/.ssh/myid_rsa
 -rw-r--r-- 1 pflorido hep  751 maj  3 13:59 /nfs/users/floridop/.ssh/myid_rsa.pub
 </code>
-  - Copy the key to the target server, say watto:<code:bash>ssh-copy-id -i ~/.ssh/myid_rsa pflorido@watto.matfys.lth.se</code><code:bash>
+  - Copy the key to the target server, say watto: Command:<code:bash>ssh-copy-id -i ~/.ssh/myid_rsa.pub pflorido@watto.matfys.lth.se</code>Result:<code:bash>
 /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
 /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
@@ Line 180: / Line 194: @@
 and check to make sure that only the key(s) you wanted were added.
 </code>
-  - Add the key to the agent keyring:<code:bash>ssh-add ~/.ssh/myid_rsa</code><code:bash>
+  - Add the key to the agent keyring:Command:<code:bash>ssh-add ~/.ssh/myid_rsa</code>Result:<code:bash>
 Enter passphrase for /nfs/users/floridop/.ssh/myid_rsa:
 Identity added: /nfs/users/floridop/.ssh/myid_rsa (/nfs/users/floridop/.ssh/myid_rsa)
 </code>
-  - Try to login to the server **using the identity created**:<code:bash>ssh -i ~/.ssh/myid_rsa.pub pflorido@watto.matfys.lth.se</code>
+  - Try to login to the server **using the identity created**: Command:<code:bash>ssh -i ~/.ssh/myid_rsa.pub pflorido@watto.matfys.lth.se</code>
+For every entry in your config you will need to run ssh-copy-id if you want to use ssh keys on that entry. This will copy the key to the target machine (for example beast)
+You can now create entries in your ''~/.ssh/config'' file to use tunnelling as described in [[#Speedup connection using tunneling]], and the agent should automatically forward your keys.
+===== Debugging SSH problems and useful commands =====
+The best to debug is to enable ssh verbose mode:
+<code:bash>ssh -vv pflorido@watto.matfys.lth.se</code>
+==== See which keys are tried by the agent ====
+<code:bash>ssh-add -l</code>
+==== Delete a key from the agent keyring ====
+<code:bash>ssh-add -d ~/.ssh/myid_rsa</code>
+==== Check if the agent is running ====
+<code:bash>ps aux | grep ssh-agent</code>
+==== Remove an offending key from known_hosts ====
+<code:bash>ssh-keygen -R <hostname></code>
-==== Debugging problems ====
+==== Remove an offending key from known_hosts ====
+<code:bash>ssh-keygen -R <hostname or IP></code>
 ====== References ======
   * Arch linux SSH PKI tutorial, https://wiki.archlinux.org/index.php/SSH_Keys

pfwiki

User Tools

Site Tools

Differences

Page Tools