This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
ssh [2017/05/19 20:06] – deul | ssh [2020/10/22 12:12] – jansen | ||
---|---|---|---|
Line 22: | Line 22: | ||
--------- | --------- | ||
- | ====== SSH shell access ====== | ||
- | ====== SSH keys ====== | ||
- | ====== SFTP and SCP file access ====== | ||
====== SSH tunnels ====== | ====== SSH tunnels ====== | ||
- | For the Mac and Linux commandline ssh client, setting up a tunnel is usually a matter of using the option '' | + | For the Mac and Linux commandline ssh client, setting up a tunnel is usually a matter of using the option |
+ | '' | ||
+ | for forwarding a Windows remote desktop. More detail can be found in the [[vnc|vnc | ||
- | See [[linux: | + | See [[linux: |
====== SSH client software ====== | ====== SSH client software ====== | ||
Linux and macOS come with a commandline client for ssh. | Linux and macOS come with a commandline client for ssh. | ||
For Windows, the recommended client is [[linux: | For Windows, the recommended client is [[linux: | ||
+ | |||
+ | ====== SSH keys ====== | ||
+ | ====Create a key pair==== | ||
+ | To create a simple key pair, with the default encryption, open up a console, and enter the following command: | ||
+ | |||
+ | $ ssh-keygen -t rsa | ||
+ | Generating public/ | ||
+ | Enter file in which to save the key (/ | ||
+ | Enter passphrase (empty for no passphrase): | ||
+ | Enter same passphrase again: | ||
+ | Your identification has been saved in / | ||
+ | Your public key has been saved in / | ||
+ | The key fingerprint is: | ||
+ | SHA256: | ||
+ | The key's randomart image is: | ||
+ | +---[RSA 2048]----+ | ||
+ | |.=*++XB=. | ||
+ | |o..o=E+*o. | ||
+ | |=o.= ...= | | ||
+ | |*.= * oo | | ||
+ | |.*.= + S | | ||
+ | |o+O | | ||
+ | |.+.o | | ||
+ | |. | | ||
+ | | | | ||
+ | +----[SHA256]-----+ | ||
+ | |||
+ | When asked for a " | ||
+ | |||
+ | The ssh-keygen program will now generate both your public and your private key. Your keys are stored in the .ssh/ directory in your home directory. | ||
+ | |||
+ | The file '' | ||
+ | |||
+ | The file '' | ||
+ | |||
+ | ====Simplified version in case of a shared home disk==== | ||
+ | This is how you authorize the key for use within a local network with shared home disk. See below for the general case of accessing a remote system. | ||
+ | |||
+ | Simply add the public part of the key to your .ssh/ | ||
+ | cat ~/ | ||
+ | chmod 600 ~/ | ||
+ | |||
+ | |||
+ | ====Copy public key to server. 1. modern and easy, if it works==== | ||
+ | Nowadays, ssh comes with a utility to send a public key to a remote machine (requiring you to log in using your password once, or requiring a previous key to be already in place). This will take care adding the key to the authorized_keys on the remote system. To do this, simply use: | ||
+ | ssh-copy-id -i id_rsa.pub user@remotehost | ||
+ | Actually, if you only have one key pair, you can leave out the -i and the name of the key to be copied, so this will do: | ||
+ | ssh-copy-id user@remotehost | ||
+ | |||
+ | ====Copy public key to server. 2. the old way ==== | ||
+ | To be able to log in to remote systems using your pair of keys, you will first have to add your public key on the remote server to the authorized_keys file in the .ssh/ directory in your home directory on the remote machine. | ||
+ | |||
+ | In our example we will assume you don't have any keys in the authorized_keys files on the remote server. (Hint: If you do not have a remote shell, you can always use your own useraccount on your local machine as a remote shell (ssh localhost)) | ||
+ | |||
+ | First we will upload the public keys to the remote server: | ||
+ | $ cd .ssh/ | ||
+ | $ scp id_rsa.pub xxxx@zzzz: | ||
+ | id_rsa.pub | ||
+ | |||
+ | This will place your keys in your home directory on the remote server. After that we will login on the remote server using ssh the conventional way... with a password. | ||
+ | |||
+ | When you are logged in you should create a .ssh directory, and inside the .ssh/ directory create an authorized_keys file and add the keys to the file. Make sure the files are not readable for other users/ | ||
+ | |||
+ | Placing the key works as follows: | ||
+ | |||
+ | $ cd .ssh | ||
+ | $ touch authorized_keys | ||
+ | $ chmod 600 authorized_keys | ||
+ | $ cat ../ | ||
+ | $ rm ../ | ||
+ | |||
+ | From now on you can login from client yyyy to server zzzz without having to specify a password. | ||
+ |