2675
Comment: How to set up ssh keys and config from command line
|
← Revision 10 as of 2014-03-17 01:38:38 ⇥
2765
extra step for putty users needed!
|
Deletions are marked like this. | Additions are marked like this. |
Line 6: | Line 6: |
1. On the server convert your PuttyGen key to openssh format: {{{ ssh-keygen -i -f puttygen_key > openssh_key}}} |
|
Line 10: | Line 14: |
. Create your RSA keys in ~/.ssh/ . * $ ssh-keygen |
Create your RSA keys in ~/.ssh/ * $ ssh-keygen |
Line 14: | Line 19: |
. . This right here is the easy way to do something I did by hand for a long time: * * $ ssh-copy-id username@blinkenshell.org This appends ~/.ssh/id_rsa.pub to the ~/.ssh/authorized_keys file of the remote host. It also removes group writability on ~/.ssh and ~/.ssh/authorized_keys in case StrictModes is set on the server. "The negative aspect to this approach is that you cannot specify a port, so if the service is running on a non-standard port, such as the case with Blinkenshell, you need to add the host to your config file first." The manual way to do it is as follows: * $ scp -P 2222 ~/.ssh/id_rsa.pub username@blinkenshell.org :./ssh/authorized_keys |
|
Line 19: | Line 20: |
. Which seems just as easy, but is not, if you already have an authorized key file and want to append to it rather than overwrite it. Plus, ssh-copy-id will create ~/.ssh if it does not already, which it won't, if you have not ssh'd out from that account on that box. In which case it would be something like this: * $ ssh -p 2222 username@blinkenshell.org mkdir .ssh * $ scp -P 2222 ~/.ssh/id_rsa.pub username@blinkenshell.org : * $ ssh -p 2222 username@blinkenshell.org cat id_rsa.pub >> .ssh/authorized_keys && rm id_rsa.pub && chmod -R 740 .ssh |
This right here is the easy way to do something I did by hand for a long time: |
Line 24: | Line 22: |
. '''Example Blinkenshell ~/.ssh/config Entry''' . This goes in ~/.ssh/ on the machine you are ssh'ing "out" of: . . Host blink . User arthax0r . Port 2222 . HostName blinkenshell.org . Blank lines between entries for other hosts, and you can leave the port line out if it is on 22 as is standard. Also, you can leave out the user name is the same on both hosts (I think). |
{{{ ssh-copy-id username@ssh.blinkenshell.org}}} This appends ~/.ssh/id_rsa.pub to the ~/.ssh/authorized_keys file of the remote host. It also removes group writability on ~/.ssh and ~/.ssh/authorized_keys in case StrictModes is set on the server. ''The negative aspect to this approach is that you cannot specify a port, so if the service is running on a non-standard port, such as the case with Blinkenshell, you need to add the host to your config file first.'' The manual way to do it is as follows: {{{ scp -P 2222 ~/.ssh/id_rsa.pub username@ssh.blinkenshell.org:~/.ssh/authorized_keys}}} Which seems just as easy, but is not, if you already have an authorized key file and want to append to it rather than overwrite it. Plus, ssh-copy-id will create ~/.ssh if it does not already, which it won't, if you have not ssh'd out from that account on that box. In which case it would be something like this: {{{ ssh -p 2222 username@ssh.blinkenshell.org mkdir .ssh scp -P 2222 ~/.ssh/id_rsa.pub username@ssh.blinkenshell.org : ssh -p 2222 username@ssh.blinkenshell.org cat id_rsa.pub >> .ssh/authorized_keys && rm id_rsa.pub && chmod -R 740 .ssh}}} '''Example Blinkenshell ~/.ssh/config Entry''' This goes in ~/.ssh/ on the machine you are ssh'ing ''out'' of: {{{ Host blink Port 2222 User arthax0r HostName ssh.blinkenshell.org}}} With blank lines between entries for other hosts, and you can leave the port line out if it is on 22 as is standard. Also, you can leave out the user name is the same on both hosts. |
Line 31: | Line 51: |
* $ ssh-copy-id blink * $ ssh blink |
{{{ ssh-copy-id blink ssh blink}}} |
Line 35: | Line 56: |
* $ scp -r MySweetDirectoryFullOfGoodies blink:wherever/you/want (-r for recursive, extra knowledge for you!) | |
Line 37: | Line 57: |
. Enjoy your knew ssh pimp cane. . -ah'2010 | {{{ scp -r MySweetDirectoryFullOfGoodies blink:~/wherever/you/want}}} Enjoy your knew ssh pimp cane! . -ah'2010 |
Windows
install pageant from putty
- exchanges keys
- launch pageant
- enter your secret passphrase
On the server convert your PuttyGen key to openssh format:
ssh-keygen -i -f puttygen_key > openssh_key
Linux
SSH keys are the way, especially when used with you maintain your config file as well. Here is the quick and dirty version.
Create your RSA keys in ~/.ssh/
- $ ssh-keygen
- id_rsa (your private key, keep secure it is like knowing your password)
- id_rsa.pub (your public key, you copy this places you want to recognize you [sorta])
This right here is the easy way to do something I did by hand for a long time:
ssh-copy-id username@ssh.blinkenshell.org
This appends ~/.ssh/id_rsa.pub to the ~/.ssh/authorized_keys file of the remote host. It also removes group writability on ~/.ssh and ~/.ssh/authorized_keys in case StrictModes is set on the server. The negative aspect to this approach is that you cannot specify a port, so if the service is running on a non-standard port, such as the case with Blinkenshell, you need to add the host to your config file first. The manual way to do it is as follows:
scp -P 2222 ~/.ssh/id_rsa.pub username@ssh.blinkenshell.org:~/.ssh/authorized_keys
Which seems just as easy, but is not, if you already have an authorized key file and want to append to it rather than overwrite it. Plus, ssh-copy-id will create ~/.ssh if it does not already, which it won't, if you have not ssh'd out from that account on that box. In which case it would be something like this:
ssh -p 2222 username@ssh.blinkenshell.org mkdir .ssh scp -P 2222 ~/.ssh/id_rsa.pub username@ssh.blinkenshell.org : ssh -p 2222 username@ssh.blinkenshell.org cat id_rsa.pub >> .ssh/authorized_keys && rm id_rsa.pub && chmod -R 740 .ssh
Example Blinkenshell ~/.ssh/config Entry
This goes in ~/.ssh/ on the machine you are ssh'ing out of:
Host blink Port 2222 User arthax0r HostName ssh.blinkenshell.org
With blank lines between entries for other hosts, and you can leave the port line out if it is on 22 as is standard. Also, you can leave out the user name is the same on both hosts.
Now that you have a config file, it's as easy as this:
ssh-copy-id blink ssh blink
- Voila! No password prompt or long command line bs for ssh/scp, cuz you can also do this:
scp -r MySweetDirectoryFullOfGoodies blink:~/wherever/you/want
Enjoy your knew ssh pimp cane!
- -ah'2010