Basic Knowledge Of SSH

Even if you are not an infrastructure engineer that you want to keep this knowledge :)

Introduction

What exactly is SSH ???

SSH authentication method

Password authentication method

Public key authentication method

OpenSSH

OpenSSH commands:

vagrant@vagrant:~$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/vagrant/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/vagrant/.ssh/id_rsa.
Your public key has been saved in /home/vagrant/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:c/9hFymYOr/jvTgL6a3XceUqky5sMdPpoRLxYKRLdFs vagrant@vagrant
The key's randomart image is:
+---[RSA 2048]----+
| |
| . o E |
| . + o |
| o = o o|
| . oS+.+ o +.|
| . .oB.+...o|
| B *oo=..|
| o X+B+.o |
| =+X*=o |
+----[SHA256]-----+
vagrant@vagrant:~$ ssh-copy-id -i /home/vagrant/.ssh/id_rsa vagrant@192.168.123.124
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/vagrant/.ssh/id_rsa.pub"
The authenticity of host '192.168.123.124 (192.168.123.124)' can't be established.
ECDSA key fingerprint is SHA256:noT+k/x3K1OapP+ggWtZ1NR8jiBpg/z9/N/R7ArJo2s.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
vagrant@192.168.123.124's password:
Number of key(s) added: 1Now try logging into the machine, with: "ssh 'vagrant@192.168.123.124'"
and check to make sure that only the key(s) you wanted were added.
vagrant@vagrant:~$ cat /home/vagrant/.ssh/id_rsa.pub | ssh vagrant2 'cat >> /home/vagrant/.ssh/authorized_keys; chmod 600 /home/vagrant/.ssh/authorized_keys'
The authenticity of host 'vagrant2 (192.168.123.124)' can't be established.
ECDSA key fingerprint is SHA256:noT+k/x3K1OapP+ggWtZ1NR8jiBpg/z9/N/R7ArJo2s.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'vagrant2' (ECDSA) to the list of known hosts.
vagrant@vagrant2's password:

Files in ./ssh directory

SSH config

Multi-stage SSH connection

vagrant@vagrant:~/ ssh vagrant@vagrant2
vagrant@vagrant2:~/ ssh vagrant@vagrant3
vagrant@vagrant3:~/
Source: https://giphy.com/

DevOps Consultant. I’m strongly focused on automation, security, and reliability.