Joshua's Docs - SSH Notes and Cheatsheet

Logging In

For creating key-pairs, see my shell section on generating keys

  • Logging in with a username and password
    • ssh {username}@{ssh_host_address}
  • Logging in with private key
    • ssh -i {path_to_private_key} {username}@{ssh_host_address}
    • If you want this to happen automatically, you need to set up a SSH config file
    • Generally not a good idea to rely on auto-discovery of keys, so either of the above methods is preferred.

You can use -p to specify port, if connecting on something other than port 22.

Managing Keys

If you get an error about UNPROTECTED PRIVATE KEY FILE, use chmod 400 ${KEY_FILEPATH} to set the permissions to the correct value. This is likely to happen if you have downloaded your key file from an online source, as opposed to generating locally with something like ssh-keygen

  • The standard convention for filenames is:
    • Public key: {name}_{alg}.pub
      • Example:
    • Private key:
      • No extension: {name}_{alg}
        • Example: id_rsa
      • Other extensions
        • .key
        • .pem
        • .private
        • Doesn't really matter; just don't use ppk, since that it very specific to putty
  • If you are unsure about what a saved key is (public vs private), just search the file for the string "PUBLIC KEY" or "PRIVATE KEY" - there should be very clear headers for one vs the other

Setting up SSH with a New User Account

If you have just created a new user account, to move away from using root as your login, you will need to provision it for SSH by A) copying existing keys to the user's new .ssh directory (if applicable), and B) granting that user ownership over the .ssh directory.

These steps have multiple paths they can take, depending on your setup:

Before these steps, the user has to actually exist; use adduser or useradd to create them first.

  1. Create the user's .ssh directory under their home directory
    • If you are currently logged in as root and not the user
      • If you want to copy all existing root keys to the user
        • rsync --archive --chown={USERNAME}:{USERNAME} ~/.ssh ~{USERNAME}
      • If you don't want to copy root keys to user
        • mkdir --parents "~{USERNAME}/.ssh"
    • If you are currently logged in as the user itself
      • If you don't want to copy root keys to user
        • mkdir --parents "~/.ssh"
  2. Set file permissions and ownership (where {SSH_DIR} is the directory created above)
    1. Set file permissions
      • chmod 700 {SSH_DIR}
      • chmod 600 {SSH_DIR}/authorized_keys
        • Many guides will recommend 644 instead of 600, but either should work
        • If the file does not exist yet, either copy it from root, or create it with touch, then apply permissions
    2. Give ownership to the new user
      • As root:
        • chown --recursive {USERNAME}:{USERNAME} {SSH_DIR}
          • Example: chown --recursive joshua:joshua ~joshua/.ssh
      • As the user
        • Should be same as above, but prefix with sudo
  3. (OPTIONAL): Add additional keys
    • You can use a text editor:
      • nano ~{USERNAME}/.ssh/authorized_keys
    • You can dump local files, adding their contents to the end of the list
      • Example: echo {PUBLIC_KEY_STRING} >> ~{USERNAME}/.ssh/authorized_keys
      • Example: cat {PULIC_KEY_FILE}.pub >> ~{USERNAME}/.ssh/authorized_keys
    • You can use the ssh-copy-id tool
      • Use -i {PATH_TO_PUB_KEY}.pub for manually specifying the key to upload
      • Extended example: ssh-copy-id -i ~/.ssh/ user@host
      • Make sure to only copy the public key up to the server!

Copying Local Files

If you want to copy local files to a remote location over SSH, there are more than a few options, but the most common is to not use SSH directly, but rather the scp command.

You can also use the rsync command over SSH, which for frequent synchronizations of the same directory, would be preferable given that it optimizes for only syncing what has changed.

Here is a guide for using rsync with a remote destination:

Finally, there is a tool called Magic Wormhole that can help with transferring files.

SSH Port Forwarding

Imagine you are running a server that is responding to requests on port 1234, but only from other services on that server. You want to be able to hit that port from your local computer, as the server process was running locally. You can use SSH to do this, with bind addresses, or, more generally, (local) port forwarding.

Use -L with ssh to specify a bind address, following the syntax of -L {LOCAL_PORT}:{HOST}:{HOST_PORT} or -L {BIND_ADDRESS}:{LOCAL_PORT}:{HOST}:{HOST_PORT}


# Access remote port 1234 via local port 8042
ssh -L 8042:localhost:1234

# You can bind multiple ports at the same time, by using `-L` more than once
ssh -L 3000:localhost:3000 -L 8042:localhost:1234

If you get "zsh: no matches found *___" while using wildcards, you need to escape them with \*

Markdown Source Last Updated:
Fri Sep 22 2023 20:04:26 GMT+0000 (Coordinated Universal Time)
Markdown Source Created:
Thu Jun 03 2021 20:36:14 GMT+0000 (Coordinated Universal Time)
© 2024 Joshua Tzucker, Built with Gatsby