SSH quickset

What is SSH?

A web connection made secure. It uses cryptography tokens at both ends. The raw code stack is included in most Linux system you can find, and it’s hidden in other systems also, for example, the code for SSH is used for secure/protected web pages.

Automatic systems like webpages run… automatically. What I talk about here is manual connections—if you need SSH connections for logging onto other systems, or because some software does not set up automatically. For example, Github needs an SSH connection, but will not automatically connect to a Git installation on your computer.

Gaining keys

From website software

Some websites will generate keys for you. In which case, it’s likely best to use their software. Generate the keys. They’ll automatically generate the public key, log it, then give you a private key. Probably with a warning that you will only get one chance to copy this.

If you are asked for a name at this time, no need to worry. This is likely not a password. but a name used only on the provider software so you can identify which public key is doing what. I would name the key both by it’s target machine and it’s intended target area on the website e.g. ”Yellow computer ‐ encrypted email”

When you have gained a private key, you need to establish it on your machine. See the next section.

Generating keys

Some websites take the other route, allow you to log keys generated on your machine.

Warning! SSH software includes all kinds of alternative algorithms. If you need to generate keys for a particular endpoint, read the instructions—the endpoint may require a special form of key, and so a special ‘ssh‐keygen’ command.

To generate a key,

ssh-keygen

Software will say,

Enter file in which to save the key (/home/egdoc/.ssh/id_rsa):

This defaults to ‘/home/rob/.ssh/id_rsa’, and the public key to ‘~/.ssh/id_rsa.pub’. This placement is usually helpful, so press ‘Enter’. Software will then ask,

Enter passphrase (empty for no passphrase):

type one in (you can not use one by pressing ‘Enter’). Then keys will be generated (since keys go to the same files unless adjusted, software may warn about overwriting files).

Now what? Open the public key at ‘~/.ssh/id_rsa.pub’ in a text editor, copy. then paste in whatever remote place it is supposed to go. The software at the remote place will probably ask for a title and give a place to paste in the key. Then you can submit.

Registering private keys on a machine

You generated a key pair using remote software, then copied it. Navigate to ‘~/.ssh’, create a file with a simple name, open it, paste in the private key, save and close.

You will almost for sure need to change the permissions on the file to make it work,

chmod 600 ~/.ssh/config

Usage

Basic commandline

With basic software, like this,

ssh -i ~/.ssh/host_key username@someaddress.com

There’s another way.

Config file

While the line in the above is the base way to use SSH, it becomes unmanageable for anything but one‐off connections—who wants to or can remember hostnames and IP connections, especially if many or infrequent, and especially if they are dressed with port information or other special instructions?

If you don’t have one, create a ‘config’ file in the SSH area,

touch ~/.ssh//config

Like the key files, this needs it’s permissions tightening,

chmod 600 ~/.ssh/config

Simplest form of what goes inside is,

Host  gubbins
    HostName 192.xxx.xxx.xxx
    IdentityFile ~/.ssh/gubbins
    User root

Host  Pluto
    HostName 192.xxx.xxx.xxx
    IdentityFile ~/.ssh/pluto
    User astraunaut

Works instantly. Just type,

ssh gubbins

And all the detail is filled in and the connection made (for most SSH connections, you’ll then be challenged for the passphrase). If you need, a lot of connection detail can be added to a ‘config’ file—see online.

Notes

SSH sharing

Far as I know, an SSH connection can be used for anything and can carry multiple logons at once—they are only an encrypted and key‐protected data connection. However, however… SSH software is often enabled by other software. These pieces of software can often object to carrying multiple connections in one SSH line. A typical case would be if you gained keys from a website—the website software would want to know which part of the site you wish to access. I’ve seen this established on first logon, when the precise IP instruction is recorded for the given key pair. In which case you will need different key pairs for different places.

Permissions

The software that runs manual SSH is sensitive to Linux permissions,

It is required that your private key files are NOT accessible by others.
This private key will be ignored.

You need to to modify the permissions to (usually) remove group access from ‘config’ and any private key files. Or use the commandline,

chmod 600 ~/.ssh/config