SSH

Secure Shell Protocol. A network protocol that provides a secure channel over an insecure network. Primarily used for connecting to remote servers and executing commands. SSH uses client-server model for communication and public-key cryptography for authentication. The most common implementation is OpenSSH.

❓ Help
Should I have a separate key per server/service? Probably not, as it wouldn't add any security on top of a single key, but would require you to manage multiple keys. The reasonable default is to have a separate key per device, so that if one of them is compromised, you can revoke only the associated key.

💡 Hint
Ed25519 is the recommended public-key algorithm available today.

Learn

GitHub guide

Config

Location: ~/.ssh/config.

An example config that allows connecting to github.com with just ssh gh:

Host gh
    User git
    HostName github.com
    IdentityFile ~/.ssh/github.key

Passphrase

If a key is generated with a passphrase, its private part will be encrypted and you'll have to enter the passphrase every time the key is used. This way, even if your device is compromised, an attacker still won't be able to use the key without knowing the passphrase.

💡 Hint
To avoid constantly entering the passphrase, add the key to ssh-agent via ssh-add.

Tools

ssh-keygen: generate SSH keys
ssh-copy-id: copy public keys to a remote machine
ssh-keyscan: copy public keys from a remote machine
ssh-add: add private keys to ssh-agent (which holds them decrypted in memory)
sshd: run SSH server

File transfer:

scp: securely copy files between hosts
rsync: transfer files to/from a remote host