OpenSSH-101
OpenSSH (also known as OpenBSD Secure Shell) is a suite of secure networking utilities based on the Secure Shell (SSH) protocol, which provides a secure channel over an unsecured network in a client–server architecture.
The OpenSSH suite includes the following command-line utilities and daemons:
- scp, a replacement for rcp.
- sftp, a replacement for ftp to copy files between computers.
- ssh, a replacement for rlogin, rsh and telnet to allow shell access to a remote machine.
- ssh-add and ssh-agent, utilities to ease authentication by holding keys ready and avoid the need to enter passphrases every time they are used.
- ssh-keygen, a tool to inspect and generate the RSA, DSA and elliptic-curve keys that are used for user and host authentication.
- ssh-keyscan, which scans a list of hosts and collects their public keys.
- sshd, the SSH server daemon.
1. Generate SSH Keys
In your computer environment, you will create a “Public Key” and a “Private Key.”
ssh-keygen -t rsa -b 4096 -C <your-email>
By default, the keys are saved in the “~/.ssh” folder with the name “id_rsa” for the private key and “id_rsa.pub” for the public key.
If you want to generate a keypair using ED25519 algorithm (Elliptic-curve cryptography – ECC), try:
ssh-keygen -t ed25519 -C <your-email>
2. Send the public key to a remote server
Once you have your SSH key pair, use the ssh-copy-id command to copy your public key to the remote server. Replace <user> with your username on the remote server and <server> with the IP address or domain name of the server you want to connect to:
ssh-copy-id <user>@<server>
If you want to specify the path of the public key, follow the next step
ssh-copy-id -i <public_key_path> <user>@<server>
3. Copy a remote file
If you needs a file to be copied to a remote destination, use the following example
scp <source_file_path> <user>@<server>:<target_file_path>
scp <user>@<server>:<source_file_path> <target_file_path>
4. Config File Example
In OpenSSH, the configuration file, commonly referred to as the “config file,” is a text file that allows users to customize and configure the behavior of both the SSH client and SSH server. This file contains a series of directives and options that affect how SSH connections are established, how users are authenticated, and how various configurations are handled.
The configuration file in OpenSSH is typically named ssh_config for the SSH client and sshd_config for the SSH server. These files are often located in the /etc/ssh/ directory on Unix/Linux-based systems. In some cases, you can also find them in the ~/.ssh/ directory at the user level for user-specific configurations.
Some common configurations that can be set in the OpenSSH configuration file include:
Authentication options: You can specify which authentication methods are allowed, such as passwords, public keys, GSSAPI authentication, and more.
Port forwarding: You can configure local or remote port forwarding to enable access to services through the SSH connection.
Host aliases: You can set up host aliases, making it easier to connect to remote machines using a friendlier name.
Encryption and security options: You can adjust encryption algorithms and other security-related settings for the connection.
Tunnel configurations: You can configure SSH tunnels to route traffic through secure connections.
Environment variables: You can set specific environment variables for SSH connections.
Agent forwarding options: You can configure SSH agent forwarding to allow the use of private keys on remote systems.
It’s important to note that changes to the configuration file can affect the behavior of the SSH client or server. It’s advisable to create backups of the configuration files before making significant changes and to review the OpenSSH documentation to fully understand the impact of the configurations you are applying.
Host <hostname>
HostName <host_ip_address>
User <username>
Port 22
IdentityFile <path_private_key>