SSH Toolcase

Here is a small lists of frequent operations you may want to do regarding your SSH keys

Create a SSH key pair

On default directory

The following command will create the keys on default directory (~/.ssh). Warning that this command may overwrite previous keys.

The following command will create the following files:

  • id_rsa (private key)
  • id_rsa.pub (public key)
ssh-keygen -t rsa -C β€œblabla@example.com”

On user defined directory

The following command will create the following files:

  • example_rsa (private key)
  • example_rsa.pub (public key)
ssh-keygen -t rsa -b 4096 -C "blabla@example.com" -f ./example_rsa

Configure filesystem permissions

If you store the keys to default directories you don’t have to set the permissions manually. However, if you decide to store them elsewhere you need to make sure that they are only readable by you:

  • Directories should have permissions: 0700
  • Files should have permissions: 0600

Copy a key to clipboard

You can copy a key to the clipboard by using the following command:

xclip -sel clip < ~/.ssh/id_rsa.pub

Configure SSH client and connect

Connect via terminal

Connect using default configuration
ssh username@blabla.example.com
Connect via user-defined key file

You should provide the private key to -i flag:

ssh -i ./bla/blu/example.rsa username@blabla.example.com
Connect via user-defined key and conf file

You can run custom code placed on a file of your choice too:

ssh -i ./bla/blu/example.rsa -F ssh.conf username@blabla.example.com

Content of ssh.conf:

Host *
    RequestTTY yes
    RemoteCommand cd /var/www; exec $SHELL
Use Different keys for same domains

Create a config file (~/.ssh/config):

### default ##
Host *
     User Bob

### configuration for project1 ##
Host gitlab.com-project1
  IdentityFile ~/.ssh/id_rsa.project1

### configuration for project2 ##
Host gitlab.com-project2
  Hostname gitlab.com
  IdentityFile /.sshp/id_rsa.project2

To clone project1:

git clone git@gitlab.com-project1:blalbalbal/project1.git

To clone project2:

git clone git@gitlab.com-project2:blalbalbal/project2.git
Use Different keys for different domains

Create a config file (~/.ssh/config):

### default ##
Host *
     User Bob

### configuration for bla.example.com ##
Host bla.example.com
  Hostname bla.example.com
  User bla_admin
  IdentityFile ~/backups/bla/id_dsa

### configuration for blu.example.com ##
Host blu.example.com
  Hostname blu.example.com
  User blu_admin
  Port 1234
  IdentityFile /backup/blu/id_rsa

Mount locally (SSHFS)

You can mount SSH directories locally via ssh fs:

Install
sudo apt-get install sshfs
Mount remote directory

Create a directory:

mkdir /home/user/localdir

Mount:

sshfs user@server.com:/remote/dir /home/user/localdir

Unmount:

fusermount -u /home/user/localdir

Configure SSH Server access

The best way is to use ssh-copy-id.

Create the certificates as usual:

ssh-keygen -t rsa -b 4096 -o -C "comment" -f ./id_rsa.bob

Then upload with:

ssh-copy-id -i ~/.ssh/id_rsa.bob user@server.example.com

Alternatively, you can use the following command:

cat ~/.ssh/id_rsa.bob | ssh user@server.example.com 'cat >> .ssh/authorized_keys && echo "Key copied"'

Then change the config. For example:

Host myserver
    HostName server.example.com
    User user
    Port 2222            # only if non-default
    IdentityFile ~/.ssh/id_rsa
    IdentitiesOnly yes