Managing SSH Logins
Table of Contents
Using ssh config
We can sshconfig file to manage our ssh logins. Our ~/.ssh/config* file contains our ssh related configurations. We can use this file to hold our server ips, our usernames, preferred authentication methods (publickey or password) and some other stuffs. Let's see how we can imporove it. Let's assume that we have following credentials available.
- Server IP: 172.01.01.12 (our server's ip or hostname)
- Username: my_user_name (our user name for server)
- Password: secretpassword (our password for server)
Let's first setup our basic ssh configuration
- Create a
~/.ssh/config
file if not already present - Append following lines to our config file
Host my_server_login_identifier 172.01.01.12HostName 172.01.01.12User my_user_name # set PreferredAuthentications to <b>publickey</b> if you have added public/private key authenticationPreferredAuthentications password # uncomment the line bellow if you have setup the public/private keys authentication # IdentityFile ~/.ssh/my_server_rsaAddKeysToAgent yes
3.Now we can do ssh my_server_login_identifier
to login to our server. This will
ask us for our password. If you get error for invalid AddKeysToAgent key, just remove it.
Setting up public/private key authentication
Now let's add public/private key authentication method for our server. Some servers may not allow this method of authentication based of configuration but mostly does. So let's start.
Generating ssh public/private key pair
- Change your current working directory to ~/.ssh
- Create a ssh public/private key pair by running
ssh-keygen -t rsa -b 4096 -C "[email protected]" -f my_server_rsa
into our terminal. We should provide a pass-phrase for better security. And remember it for some time. - Here my_server_rsa is the file name (default is id_rsa). We should always provide and email id for better identification of owner as the provided email id is appended to our generated public key.
- Now let ssh-agent remember out pass-phrase. Start agent by running
eval "$(ssh-agent -s)"
followed byssh-add -K ~/.ssh/my_server_rsa
. This will ask for pass-phrase. - Now lets copy the content of ~/.ssh/my_server_rsa.pub into clipboard
cat ~/.ssh/my_server_rsa
and copy the output from terminal.
Server side authorization configuration
Now let see how we can let server know we are an authorized user with a public key.
- Login into our server with
ssh my_server_login_identifier
along with our password. - Create ~/.ssh directory if not already present and cd ~/.ssh
- Create authorized_keys file if not already present and append the content of clipboard (our public key) to it.
- Now let's logout
Update local ssh configuration for ssh keys
Now that we updated our server for authentication, we need to updated our local ssh configuration to use the public/private key authentication and which key to use for authentication.
- Open our ~/.ssh/config file.
- Lets add IdentityFile and PreferredAuthentications into our configuration for out server
- Our final configuration should look like this.
Host my_server_login_identifier 172.01.01.12HostName 172.01.01.12User my_user_namePreferredAuthentications publickeyIdentityFile ~/.ssh/my_server_rsaAddKeysToAgent yes
- Now login into server by running
ssh my_server_login_identifier
. We should be able to directly login into the server. If you get an error for invalid credentials, remove the 172.01.01.12 line from ~/.ssh/known_hosts and you should be good to go.
That's it. We have completed our ssh setup. Now we can simply login with our ssh identifier.
What we achieved
ssh my_server_login_identifier
to login into server- If server ip changes, update your ~/.ssh/config with new ip and just put your existing publickey to new server as mention above.
- If your username changes, just update the ~/.ssh/config with new username
- Share your configuration with your team or put it in CONTRIBUTION or wiki of your project so that any new developer can start easily.