Managing SSH Logins
We all have use ssh username@ip
in our development cycle or some of us start their development by doing it. What our general flow is ?
$ user@local:> ssh username@ip
Please enter your password >
.
.
$ user@ip:>
We have to remember a few things to do this action: username, ip, and password. That’s is a lot. What we if can simply say ssh todev
:). Let’s see how we can ease this process.
Using ssh config
We can ssh config file to manage our ssh logins. Our ~/.ssh/config
file contains ssh
related configurations. We can use this file to hold server ips, our usernames, preferred
authentication methods (publickey or password) and some other stuffs.
Let’s see how we can imporove it. Let’s assume that we have following credentials available.
- Server IP: 172.01.01.12 (our server’s ip or hostname)
- Username: my_user_name (our user name for server)
- Password: secretpassword (our password for server)
Let’s setup our basic ssh configuration
- Create a
~/.ssh/config
file if not already present - Append following lines to our config file
Host my_server_login_identifier 172.01.01.12
HostName 172.01.01.12
User my_user_name # set PreferredAuthentications to <b>publickey</b> if you have added public/private key authentication
PreferredAuthentications password # uncomment the line bellow if you have setup the public/private keys authentication # IdentityFile ~/.ssh/my_server_rsa
AddKeysToAgent yes
3.Now we can run the following command in the terminal to login into our server. This will ask us for our password. If you get error for invalid AddKeysToAgent key, just remove it.
$ ssh my_server_login_identifier
Setting up public/private key authentication
Now let’s add public/private key authentication method for our server. Some servers may not allow this method of authentication based of configuration but mostly does. So let’s start.
Generating ssh public/private key pair
- Change your current working directory to
~/.ssh
- Create a ssh public/private key pair by running
ssh-keygen -t rsa -b 4096 -C "myemail@domain.com" -f my_server_rsa
into our terminal. We should provide a pass-phrase for better security. And remember it for some time. - Here my_server_rsa is the file name (default is id_rsa). We should always provide and email id for better identification of owner as the provided email id is appended to our generated public key.
- Now let ssh-agent remember out pass-phrase. Start agent by running
eval "$(ssh-agent -s)"
followed byssh-add -K ~/.ssh/my_server_rsa
. This will ask for pass-phrase. - Now lets copy the content of ~/.ssh/my_server_rsa.pub into clipboard
cat ~/.ssh/my_server_rsa
and copy the output from terminal.
Server side authorization configuration
Now let see how we can let server know we are an authorized user with a public key.
- Login into our server with
ssh my_server_login_identifier
along with our password. - Create ~/.ssh directory if not already present and cd ~/.ssh
- Create authorized_keys file if not already present and append the content of clipboard (our public key) to it.
- Now let’s logout
Update local ssh configuration for ssh keys
Now that we updated our server for authentication, we need to updated our local ssh configuration to use the public/private key authentication and which key to use for authentication.
- Open our ~/.ssh/config file.
- Lets add IdentityFile and PreferredAuthentications into our configuration for out server
- Our final configuration should look like this.
Host my_server_login_identifier 172.01.01.12
HostName 172.01.01.12
User my_user_name
PreferredAuthentications publickey
IdentityFile ~/.ssh/my_server_rsa
AddKeysToAgent yes
- Now login into server by running
ssh my_server_login_identifier
. We should be able to directly login into the server. If you get an error for invalid credentials, remove the 172.01.01.12 line from ~/.ssh/known_hosts and you should be good to go.
That’s it. We have completed our ssh setup. Now we can simply login with our ssh identifier.
What we achieved
ssh my_server_login_identifier
to login into server- If server ip changes, update your ~/.ssh/config with new ip and just put your existing publickey to new server as mention above.
- If your username changes, just update the ~/.ssh/config with new username
- Share your configuration with your team or put it in CONTRIBUTION or wiki of your project so that any new developer can start easily.