A few years ago I published a post about aliases, one of which I set up to allow me to SSH into my Namecheap shared web server. Someone shared that post to Hacker News, so naturally my the gaping flaws in my understanding of aliases and SSH at the time came to light. One piece of feedback I got was that my alias "sshchuck" was "suboptimal". At the time I barely had a grasp on SSH, but since then I've become far more familiar with it.
This post isn't going to be the holy grail of SSH, just some of the fundamentals that I find interesting and have incorporated in my home network environment.
SSH was designed as a replacement for Telnet which initiated remote sessions in plain text. SSH allows remote sessions over an encrypted connection. Within the OSI model, SSH is generally considered to be at Layer 7, the application layer. By default it uses port 22, but from a security standpoint, it's considered best practice to change it to a different non-standard port number to deter automated brute-force attacks.
Your SSH client config file is stored in your home directly in ~/.ssh/config. A basic configuration includes the host, hostname IP address, the user, and a port number. We could also include options like ServerAliveInterval 60 which sends a keep-alive every 60 seconds to prevent timeouts, or ServerAliveCountMax 3 which will drop the connection if 3 keep-alives go unanswered.
An example ssh config looks something like this:
Host jupiter
Hostname 192.168.1.10
User chuck
Port 21098
Host mercury
Hostname 192.168.1.30
User chuck
Port 22212
Host web-server
Hostname server166.webhosting.net
User chuck12345
Port 22
With this configuration, instead of running ssh chuck@192.168.1.10 -p 21098 to initiate a remote session to my server, I can simply run ssh jupiter. I went from typing 31 characters, to just 11 (or 5 with bash auto-completion) which expends less energy from my fingers, and billions of hours of time saved.
Note that SFTP also uses this config file, since it's FTP running over SSH.
Running ssh [host] is great, but you still need to authenticate your session. We can, however, configure a passwordless SSH login.
Assuming you don't have an existing ssh key pair, generate a new key pair with ssh-keygen -t rsa -b 4096 -C "name@example.com". This will generate an RSA key with a key length of 4096 bits. The -C option creates a comment and conventionally that's the user's email address. Hit enter to accept the default file location, then enter again if you want an empty passphrase (less secure, but helps with automation). This generates your private and public keys to ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub respectively.
Now to login to our server without a password, copy the public key to the server we're managing. Run ssh-copy-id [username]@[IP address of server] and you'll be prompted to enter our password. If all went well, you should receive a message Number of key(s) added: 1.
Now, all I need to do is run ssh jupiter and I'm immediately connected to my server.
Thanks for reading. Feel free to send comments, questions, or recommendations to hey@chuck.is.