Skip to content

Latest commit

 

History

History
576 lines (392 loc) · 12.2 KB

ssh.md

File metadata and controls

576 lines (392 loc) · 12.2 KB
Raw

SSH

Table of Contents

SSH Basics

Login via SSH with password (Local Server):

$ ssh <USERNAME>@192.168.1.29

Create folder, file, install Apache:

$ mkdir test
$ cd test
$ touch hello.txt
$ sudo apt-get install apache2

Generate Keys (Local Machine):

$ ssh-keygen

Add Key to server in one command:

$ cat ~/.ssh/id_rsa.pub | ssh <USERNAME>@192.168.1.29 "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >>  ~/.ssh/authorized_keys

Create & copy a file to the server using SCP:

$ touch test.txt
$ scp ~/test.txt <USERNAME>@192.168.1.29:~

SSH on Digital Ocean

Create account->create droplet

Create Keys For Droplet (id_rsa_do):

$ ssh-keygen -t rsa

Add Key When Creating Droplet

Try logging in:

$ ssh root@doserver

If it doesn't work:

$ ssh-add ~/.ssh/id_rsa_do # or whatever name you used

Login should now work:

$ ssh root@doserver

Update packages:

$ sudo apt update
$ sudo apt upgrade

Create new user with sudo:

$ adduser <USERNAME>
$ usermod -aG sudo <USERNAME>
$ id <USERNAME>

Login as <USERNAME>:

$ ssh <USERNAME>@doserver

We need to add the key to <USERNAME> .ssh on the server, log back in as root:

$ ssh root@doserver
$ cd /home/<USERNAME>
$ mkdir .ssh
$ cd .ssh
$ touch authorized_keys
$ sudo vim authorized_keys # paste in the id_rsa_do.pub key, exit and log in as <USERNAME>

Disable root password login:

$ sudo vim /etc/ssh/sshd_config

Set the following:

PermitRootLogin no
PasswordAuthentication no

Reload sshd service:

$ sudo systemctl reload sshd

Change owner of /home/<USERNAME>/* to <USERNAME>:

$ sudo chown -R <USERNAME>:<USERNAME> /home/<USERNAME>

May need to set permission:

$ chmod 700 /home/<USERNAME>/.ssh

Install Apache and visit ip:

$ sudo apt install apache2 -y

SSH on Github

Generate Github Key (On Server):

$ ssh-keygen -t rsa
# (id_rsa_github or whatever you want)

Add new key:

$ ssh-add /home/genesis/.ssh/id_rsa_github

If you get a message about auth agent, run this and try again:

$ eval `ssh-agent -s

Clone repo:

$ git clone [email protected]:<USERNAME>/react_otka_auth.git

Install Node:

$ curl -sL https://deb.nodesource.com/setup_10.x | sudo -E bash -
$ sudo apt-get install -y nodejs

Install Dependencies:

$ npm install

Start Dev Server and visit ip:3000:

$ npm start

Build Out React App:

$ npm run build

Move static build to web server root:

$ sudo mv -v /home/<USERNAME>/react_otka_auth/build/* /var/www/html

ssh “permission are too open” error

Keys need to be only readable by you:

$ chmod 400 ~/.ssh/id_rsa # set read only for you
$ chmod 600 ~/.ssh/id_rsa # or set read-write only for you

[email protected]: Permission denied (publickey). fatal: Could not read from remote repository. Please make sure you have the correct access rights and the repository exists.

  1. Connecting to GitHub with SSH
  2. Checked for existing SSH keys
  3. Generated a new SSH key and added it to the ssh-agent
  4. Adding a new SSH key to your GitHub account
  5. Testing your SSH connection

Use SSH in place of HTTPS

$ git remote set-url origin [email protected]:username/repo-name-here.git

Where username is the username of the repo owner and repo-name-here is the name of that user's repository.

Using SSH over the HTTPS port

Test if SSH over HTTPS is possible with:

$ ssh -T -p 443 [email protected]
> Hi username! You've successfully authenticated, but GitHub does not provide shell access.

If you get a response then, edit ~/.ssh/config file and add:

Host github.com
  Hostname ssh.github.com
  Port 443

Check that you have a key already:

$ ssh-add -l

# if nothing add in your key
$ ssh-add ~/.ssh/id_rsa

You can test that this works by connecting once more to GitHub:

$ ssh -T [email protected]
> Hi username! You've successfully authenticated, but GitHub does not
> provide shell access.

How to authenticate with GitHub using SSH

Check if there are no rsa files:

$ ls -al ~/.ssh

If there's nothing there then generate a new keygen with:

ssh-keygen -t rsa -b 4096 -C [email protected] # add your email address 👍

Now using ls -al ~/.ssh will show our id_rsa.pub file.

Add the SSH key to the SSH agent:

# for mac and Linux from bash, also from Windows Git Bash
$ eval "$(ssh-agent -s)"

# for Git Bash on Windows
$ eval `ssh-agent -s`

# fir Fish shell
$ eval (ssh-agent -c)

Add RSA key to SSH with:

$ ssh-add ~/.ssh/id_rsa

Copy your key to clipboard with one of the following:

$ clip < ~/.ssh/id_rsa.pub # Windows
$ cat ~/.ssh/id_rsa.pub # Linux
$ pbcopy < ~/.ssh/id_github.pub # Mac

Add a new SSH Key to your GitHub profile from the settings page by clicking the New SSH key button and paste in your key. Save it...

Then authenticate with:

$ ssh -T [email protected]

If you go back to the GitHub setting page and refresh, the key icon should go from black to green.

SSH Keys With Passwords

Add a password to your SSH key you will find yourself entering the password to authenticate on each [pull, push] operation.

Add the following line to your ~/.ssh/config/ file:

AddKeysToAgent yes

The SSH agent will also need to be started on each terminal session now to store the keys in, add the following to your ~/.bashrc file:

[ -z "$SSH_AUTH_SOCK" ] && eval "$(ssh-agent -s)"

Now the SSH agent will start on each terminal session and you will only be prompted for the password on the first pull, push operation.

Use multiple SSH keys

If you have more than one GitHub account or if you have AWS code commit account then you will need to set up a config file, add your SSH key and give it a different name:

$ ls ~/.ssh
~/.ssh/id_rsa_github_1
~/.ssh/id_rsa_github_2
~/.ssh/id_rsa_git_aws

You can delete all cached keys before, with:

$ ssh-add -D

You can check your saved keys, with:

$ ssh-add -l

Set up the SSH config file, check to see if you haven't got a config file already set up with:

$ ls -al ~/.ssh/

If you haven't got a config file there then:

$ cd ~/.ssh/
$ touch config

Add your configuration:

AddKeysToAgent yes

# github_1 account
Host github.com-github_1
	HostName github.com
	User git
	IdentityFile ~/.ssh/id_rsa_github_1

# github_2 account
Host github.com-github_2
	HostName github.com
	User git
	IdentityFile ~/.ssh/id_rsa_github_2

# AWS code commit account
Host git-codecommit.*.amazonaws.com
	User AWSUSERNAME
	IdentityFile ~/.ssh/id_rsa_git_aws

Multiple SSH Keys settings for different github account

create different public key

create different ssh key according the article Set Up Git

$ ssh-keygen -t rsa -C "[email protected]"

for example, 2 keys created at:

~/.ssh/id_rsa_activehacker
~/.ssh/id_rsa_jexchan

then, add these two keys as following:

$ ssh-add ~/.ssh/id_rsa_activehacker
$ ssh-add ~/.ssh/id_rsa_jexchan

you can delete all cached keys before

$ ssh-add -D

finally, you can check your saved keys

$ ssh-add -l

Modify the ssh config

$ cd ~/.ssh/
$ touch config
$ vim -a config

Then added

#activehacker account
Host github.com-activehacker
	HostName github.com
	User git
	IdentityFile ~/.ssh/id_rsa_activehacker
	#IdentitiesOnly yes # SSH config block to force it to only use the `IdentityFile` you specified.

#jexchan account
Host github.com-jexchan
	HostName github.com
	User git
	IdentityFile ~/.ssh/id_rsa_jexchan

Clone your repo and modify your Git config

clone your repo git clone [email protected]:activehacker/gfs.git gfs_jexchan

cd gfs_jexchan and modify git config:

$ git config user.name "jexchan"
$ git config user.email "[email protected]" 

$ git config user.name "activehacker"
$ git config user.email "[email protected]"

or you can have global git config $ git config --global user.name "jexchan" $ git config --global user.email "[email protected]"

then use normal flow to push your code:

$ git add .
$ git commit -m "your comments"
$ git push

Re-use SSH keys, from one machine to another

If you want to avoid creating multiple SSH keys for different environments and move your .ssh folder from one machine to another then you can do the following:

Copy your .ssh and .gitconfig files:

# Copy from Linux to Windows
$ cp ~/.ssh/* /c/Users/Scott.Spence/.linuxFiles/.ssh/
$ cp ~/.gitconfig /c/Users/Scott.Spence/.linuxFiles/

# Copy from Windows to Linux
$ cp /mnt/c/Users/Scott.Spence/.linuxFiles/.ssh/* ~/.ssh/
$ cp /mnt/c/Users/Scott.Spence/.linuxFiles/.* ~/

# Reset the permissions back to default:
$ sudo chmod 600 ~/.ssh/id_rsa
$ sudo chmod 600 ~/.ssh/id_rsa.pub
$ chmod 644 ~/.gitconfig

Start the SSH agent with:

$ eval "$(ssh-agent -s)" # for mac and Linux from bash, also from Windows Git Bash

Add your SSH key to the ssh-agent with:

$ ssh-add ~/.ssh/id_rsa

Then authenticate with:

$ ssh -T [email protected] # GitHub
$ ssh -T [email protected] # Bitbucket

Sharing SSH With WSL

The first step within the WSL is to create an SSH config for your user that will use the Windows user’s files for keys.

$ mkdir -p ~/.ssh/config
$ touch ~/.ssh/config # create a config only if it doesn't exist
$ vim ~/.ssh/config # begin editing the config

Once in the Vim program, enter the following config:

Host * IdentityFile /mnt/c/Users/WINDOWS_USER_NAME/.ssh/NAME_OF_KEY

You must replace WINDOWS_USER_NAME with the name of the account being used in windows. Also, tell the config file the NAME_OF_KEY that you’d like to share. Usually this is id_rsa.
Finally, save the new config file and then we must change it’s permissions so that Linux will allow it to be used.

$ chmod 600 ~/.ssh/config
$ chown $USER ~/.ssh/config

We are also able to share known_hosts so that the servers we are connecting to are in both environments.

$ touch /mnt/c/Users/WINDOWS_USER_NAME/.ssh/known_hosts
$ ln -s /mnt/c/Users/WINDOWS_USER_NAME/.ssh/known_hosts ~/.ssh/known_hosts

This creates a symlink with the Windows known_hosts for better sharing in the system.

Resources