User Tools

Site Tools


it_tips:ssh

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
it_tips:ssh [2017/05/03 14:49]
florido [SSH key pair quick setup]
it_tips:ssh [2023/10/09 14:27] (current)
florido
Line 12: Line 12:
  
 This file is very useful to create ssh shortcuts to servers and add specific options for each server. In what follows I show some examples of how this can be used. You can edit the file with any text editor of your choice, it's a simple text file. This file is very useful to create ssh shortcuts to servers and add specific options for each server. In what follows I show some examples of how this can be used. You can edit the file with any text editor of your choice, it's a simple text file.
 +
 +===== Prevent broken pipe when not using the client =====
 +
 +Sometimes you're connected to a server but you are not interacting with the ssh client because you have other things to do. In many cases the server will disconnect you if it doesn'​t see any activity (in jargon, you're //idle//)
 +
 +To prevent such disconnection add to your ''​~/​.ssh/​config''​ the following:
 +<code bash>
 +Host *
 +  ServerAliveInterval 30
 +</​code>​
 +
 +you may tweak that number to be less aggressive eventually. Typical intervals are 60, 90, 120.
 +
 +This should be done on the machine where you launch the ''​ssh''​ command, to keep that machine in contact with the server.
  
 ===== Speedup connection using tunneling ===== ===== Speedup connection using tunneling =====
Line 142: Line 156:
  
 ==== SSH key pair quick setup ==== ==== SSH key pair quick setup ====
 +
 +We will generate a public/​private key pair called //​myid_rsa//​ and //​myid_rsa.pub//​ and copy it to a machine called ''​watto.matfys.lth.se''​ in order to login to it.
  
   - Generate a private/​public keypair **with password** and strong encryption((NIST complexity recommendations,​ http://​nvlpubs.nist.gov/​nistpubs/​SpecialPublications/​NIST.SP.800-57Pt3r1.pdf)):​ Command: <​code:​bash>​ ssh-keygen -b 4096 -f ~/​.ssh/​myid_rsa</​code>​Result:<​code:​bash>​   - Generate a private/​public keypair **with password** and strong encryption((NIST complexity recommendations,​ http://​nvlpubs.nist.gov/​nistpubs/​SpecialPublications/​NIST.SP.800-57Pt3r1.pdf)):​ Command: <​code:​bash>​ ssh-keygen -b 4096 -f ~/​.ssh/​myid_rsa</​code>​Result:<​code:​bash>​
Line 168: Line 184:
 -rw-r--r-- 1 pflorido hep  751 maj  3 13:59 /​nfs/​users/​floridop/​.ssh/​myid_rsa.pub -rw-r--r-- 1 pflorido hep  751 maj  3 13:59 /​nfs/​users/​floridop/​.ssh/​myid_rsa.pub
 </​code>​ </​code>​
-  - Copy the key to the target server, say watto: Command:<​code:​bash>​ssh-copy-id -i ~/​.ssh/​myid_rsa pflorido@watto.matfys.lth.se</​code>​Result:<​code:​bash>​+  - Copy the key to the target server, say watto: Command:<​code:​bash>​ssh-copy-id -i ~/​.ssh/​myid_rsa.pub pflorido@watto.matfys.lth.se</​code>​Result:<​code:​bash>​
 /​usr/​bin/​ssh-copy-id:​ INFO: attempting to log in with the new key(s), to filter out any that are already installed /​usr/​bin/​ssh-copy-id:​ INFO: attempting to log in with the new key(s), to filter out any that are already installed
 /​usr/​bin/​ssh-copy-id:​ INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys /​usr/​bin/​ssh-copy-id:​ INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Line 184: Line 200:
   - Try to login to the server **using the identity created**: Command:<​code:​bash>​ssh -i ~/​.ssh/​myid_rsa.pub pflorido@watto.matfys.lth.se</​code>​   - Try to login to the server **using the identity created**: Command:<​code:​bash>​ssh -i ~/​.ssh/​myid_rsa.pub pflorido@watto.matfys.lth.se</​code>​
  
-==== Debugging problems ====+For every entry in your config you will need to run ssh-copy-id if you want to use ssh keys on that entry. This will copy the key to the target machine (for example beast) 
 + 
 +You can now create entries in your ''​~/​.ssh/​config''​ file to use tunnelling as described in [[#Speedup connection using tunneling]],​ and the agent should automatically forward your keys. 
 + 
 + 
 +===== Debugging ​SSH problems ​and useful commands ===== 
 + 
 +The best to debug is to enable ssh verbose mode: 
 + 
 +<​code:​bash>​ssh -vv pflorido@watto.matfys.lth.se</​code>​ 
 + 
 +==== See which keys are tried by the agent ==== 
 + 
 +<​code:​bash>​ssh-add -l</​code>​ 
 + 
 +==== Delete a key from the agent keyring ==== 
 + 
 +<​code:​bash>​ssh-add -d ~/​.ssh/​myid_rsa</​code>​ 
 + 
 +==== Check if the agent is running ==== 
 + 
 +<​code:​bash>​ps aux | grep ssh-agent</​code>​ 
 + 
 +==== Remove an offending key from known_hosts ==== 
 + 
 +<​code:​bash>​ssh-keygen -R <​hostname></​code>​ 
 + 
 +==== Remove an offending key from known_hosts ​====
  
 +<​code:​bash>​ssh-keygen -R <​hostname or IP></​code>​
 ====== References ====== ====== References ======
  
   * Arch linux SSH PKI tutorial, https://​wiki.archlinux.org/​index.php/​SSH_Keys ​   * Arch linux SSH PKI tutorial, https://​wiki.archlinux.org/​index.php/​SSH_Keys ​
it_tips/ssh.1493822964.txt.gz · Last modified: 2017/05/03 14:49 by florido

Accessibility Statement