Managing SSH Logins

We all have use ssh username@ip in our development cycle or some of us start their development by doing it. What our general flow is ?

$ user@local:> ssh username@ip
Please enter your password >
.
.
$ user@ip:>

We have to remember a few things to do this action: username, ip, and password. That’s is a lot. What we if can simply say ssh todev :). Let’s see how we can ease this process.

Using ssh config

We can ssh config file to manage our ssh logins. Our ~/.ssh/config file contains ssh related configurations. We can use this file to hold server ips, our usernames, preferred authentication methods (publickey or password) and some other stuffs.

Let’s see how we can imporove it. Let’s assume that we have following credentials available.

• Server IP: 172.01.01.12 (our server’s ip or hostname)
• Username: my_user_name (our user name for server)
• Password: secretpassword (our password for server)

Let’s setup our basic ssh configuration

1. Create a ~/.ssh/config file if not already present
2. Append following lines to our config file

Host my_server_login_identifier 172.01.01.12
HostName 172.01.01.12
User my_user_name # set PreferredAuthentications to <b>publickey</b> if you have added public/private key authentication
PreferredAuthentications password # uncomment the line bellow if you have setup the public/private keys authentication # IdentityFile ~/.ssh/my_server_rsa
AddKeysToAgent yes

3.Now we can run the following command in the terminal to login into our server. This will ask us for our password. If you get error for invalid AddKeysToAgent key, just remove it.

$ ssh my_server_login_identifier

Setting up public/private key authentication

Now let’s add public/private key authentication method for our server. Some servers may not allow this method of authentication based of configuration but mostly does. So let’s start.

Generating ssh public/private key pair

1. Change your current working directory to ~/.ssh
2. Create a ssh public/private key pair by running ssh-keygen -t rsa -b 4096 -C "myemail@domain.com" -f my_server_rsa into our terminal. We should provide a pass-phrase for better security. And remember it for some time.
3. Here my_server_rsa is the file name (default is id_rsa). We should always provide and email id for better identification of owner as the provided email id is appended to our generated public key.
4. Now let ssh-agent remember out pass-phrase. Start agent by running eval "$(ssh-agent -s)" followed by ssh-add -K ~/.ssh/my_server_rsa. This will ask for pass-phrase.
5. Now lets copy the content of ~/.ssh/my_server_rsa.pub into clipboard
6. cat ~/.ssh/my_server_rsa and copy the output from terminal.

Server side authorization configuration

Now let see how we can let server know we are an authorized user with a public key.

1. Login into our server with ssh my_server_login_identifier along with our password.
2. Create ~/.ssh directory if not already present and cd ~/.ssh
3. Create authorized_keys file if not already present and append the content of clipboard (our public key) to it.
4. Now let’s logout

Update local ssh configuration for ssh keys

Now that we updated our server for authentication, we need to updated our local ssh configuration to use the public/private key authentication and which key to use for authentication.

1. Open our ~/.ssh/config file.
2. Lets add IdentityFile and PreferredAuthentications into our configuration for out server
3. Our final configuration should look like this.

Host my_server_login_identifier 172.01.01.12
HostName 172.01.01.12
User my_user_name
PreferredAuthentications publickey
IdentityFile ~/.ssh/my_server_rsa
AddKeysToAgent yes

4. Now login into server by running ssh my_server_login_identifier. We should be able to directly login into the server. If you get an error for invalid credentials, remove the 172.01.01.12 line from ~/.ssh/known_hosts and you should be good to go.

That’s it. We have completed our ssh setup. Now we can simply login with our ssh identifier.

What we achieved

1. ssh my_server_login_identifier to login into server
2. If server ip changes, update your ~/.ssh/config with new ip and just put your existing publickey to new server as mention above.
3. If your username changes, just update the ~/.ssh/config with new username
4. Share your configuration with your team or put it in CONTRIBUTION or wiki of your project so that any new developer can start easily.