SSH
Secure Shell Protocol. A network protocol that provides a secure channel over an insecure network. Primarily used for connecting to remote servers and executing commands. SSH uses client-server model for communication and public-key cryptography for authentication. The most common implementation is OpenSSH.
❓ Help
Should I have a separate key per server/service? Probably not, as it wouldn't add any security on top of a single key, but would require you to manage multiple keys. The reasonable default is to have a separate key per device, so that if one of them is compromised, you can revoke only the associated key.
💡 Hint
Ed25519
is the recommended public-key algorithm available today.
Learn
Config
Location: ~/.ssh/config
.
An example config that allows connecting to github.com
with just ssh gh
:
Host gh
User git
HostName github.com
IdentityFile ~/.ssh/github.key
Passphrase
If a key is generated with a passphrase, its private part will be encrypted and you'll have to enter the passphrase every time the key is used. This way, even if your device is compromised, an attacker still won't be able to use the key without knowing the passphrase.
💡 Hint
To avoid constantly entering the passphrase, add the key tossh-agent
viassh-add
.
Tools
ssh-keygen
: generate SSH keysssh-copy-id
: copy public keys to a remote machinessh-keyscan
: copy public keys from a remote machinessh-add
: add private keys tossh-agent
(which holds them decrypted in memory)sshd
: run SSH server
File transfer:
scp
: securely copy files between hostsrsync
: transfer files to/from a remote host