User Tools

Site Tools


linux:utilities:ssh

Table of Contents

SSH

Commands

  • generate a SSH key:1) ssh-keygen -t rsa -b 4096 -C "user@domain"
  • change the private key passphrase: ssh-keygen -p -f ~/.ssh/id_rsa
  • show (own) SSH public key fingerprint: ssh-keygen -l
  • list public key(s) of specific known host/server: ssh-keygen -F <host> -l
  • remove key of host/server from known_hosts file: ssh-keygen -f ~/.ssh/known_hosts -R <host>
  • show certificate information directly from server/host: ssh-keyscan <host>
  • X11 forwarding: ssh -x user@domain
On a SSH server you should add this firewall rule (for example using the Uncomplicated Firewall):
sudo ufw allow proto tcp from 192.168.178.0/24 to any port 22

Files

  • ~/.ssh/config: client configuration (possibly different from server to server, see Linux manual page ssh_config(5))
  • ~/.ssh/known_hosts: known host(s) public key fingerprint (SSH will never ask you again, to accept the associated public key when SSL/TLS is running)
  • ~/.ssh/id_rsa.pub: RSA public key
  • ~/.ssh/id_dsa.pub: DSA public key2)
  • ~/.ssh/id_ecdsa.pub: ECDSA public key
  • ~/.ssh/id_ed25519.pub: (Bernstein) Curve ed25519 public key
  • ~/.ssh/id_rsa: RSA private key

Example

See below for a ~/.ssh/config example, which uses client keep-alive and connection multiplexing (for a particular host).

Host <name>
    HostName <host>
    IdentityFile ~/.ssh/id_rsa
    User <user>
    EscapeChar none
# multiplexing
    ControlPath ~/.ssh/controlmasters/%r@%h:%p
    ControlMaster auto
    ControlPersist 3h
# keep-alive
    TCPKeepAlive yes
    ServerAliveInterval 15
    ServerAliveCountMax 4
1)
This can be performed with seahorse too.
2)
DSA is deprecated.
linux/utilities/ssh.txt · Last modified: 2021/05/27 12:36 by Ralf Hoppe