Since I have been using SSH extensively lately, I have discovered a few commands / options that have allowed me to be more efficient while using it. This is nothing really new for command lines gurus, but since I might eventually forget them, I write it down here so that I can get back to it later if needed.
1. Use SSH keys to connect
This is a quite common configuration that allows not to have to enter a password every time a SSH connection is made. To generate a pair of private / public keys, I use ssh-keygen
as follow:
1
ssh-keygen -C "Description of the key"
By default – at least in Ubuntu 12.04 – a interactive script will prompt for where the new key should be saved and what the passphrase for the key should be. A possible output is as follow:
Generating public/private rsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_rsa): /home/user/.ssh/test_rsa
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/user/.ssh/test_rsa.
Your public key has been saved in /home/user/.ssh/test_rsa.pub.
The key fingerprint is:
f1:98:e1:3e:d1:68:2e:78:48:a3:f9:59:59:d2:0c:5f This is a comment
The key's randomart image is:
+--[ RSA 2048]----+
| |
| |
| . o E |
| * X |
| o . S o |
| + + B . |
| o o = + |
| . + . . |
| o |
+-----------------+
For security purposes – and if you are planning to connect to SSH manually as opposed to within a script – it is highly recommended to set a passphrase. The passphrase is different from the usual password as you can decide how you want the OS – Ubuntu in my case – to remember it.
It therefore allows you to introduce the passphrase only the first time you unlock the key during a session for instance.
Once the pair of key is created, the public key can be sent to the remote host where it will be appended to the .ssh/authorized_keys.
1
ssh-copy-id -i /home/user/.ssh/test_rsa.pub username@hostname.com
2. Kill unresponsive SSH connections
Once in a while, a SSH connection might become unresponsive. The terminal in which the connection is opened therefore becomes unusable which is quite annoying. Before I discovered the trick below, I used to shutdown the terminal but this is actually not necessary.
So, in order to disconnect from the SSH connection simply press the <enter>
key followed by ~.
(this is the ~
sign followed by .
).
It is possible to send other commands to the unresponsive session, see the sources below for more information.
3. Use SSH config file
SSH allows to define shortcut for connections. In short this allows to replace a verbose ssh -p 2222 username@hostname.com -i ~/.ssh/identity-file
with something like ssh host
which is not only shorter to type but also easier to remember.
To benefit from this, simply add entries to the ~/.ssh/config
file with the following format:
Host easynametoremember
HostName hostname.com
User username
IdentityFile ~/.ssh/test_rsa
Port 2222
After doing that, you can therefore simply connect with ssh easynametoremember
and it will launch in the background the appropriate ssh username@hostname.com -p 2222 -i ~/.ssh/test_rsa
. A great time saver…
4. Force SSH to prompt password
One of the drawback of having too many identity files / config options is that it can hinder the connection process to a new SSH host. In my case, I sometimes receive disconnect message taking the following form:
Received disconnect from hostname.com: 2: Too many authentication failures for username
One can use the -v
option to try and understand what is wrong but this might not be the clearest log message on earth. In my case, I receive this message when the connection attempts to use a SSH key when actually none is defined for this remote host. I would therefore like to enter a password instead. To force SSH to prompt the password, one can use the option PubKeyAuthentication=no
. The command line is as follow:
1
ssh username@hostname.com -o PubKeyAuthentication=no
For the time being, comments are managed by Disqus, a third-party library. I will eventually replace it with another solution, but the timeline is unclear. Considering the amount of data being loaded, if you would like to view comments or post a comment, click on the button below. For more information about why you see this button, take a look at the following article.