Skip to main content

Managing SSH Logins

12 Aug, 20184 min read

Table of Contents

Using ssh config

We can sshconfig file to manage our ssh logins. Our ~/.ssh/config* file contains our ssh related configurations. We can use this file to hold our server ips, our usernames, preferred authentication methods (publickey or password) and some other stuffs. Let's see how we can imporove it. Let's assume that we have following credentials available.

  • Server IP: 172.01.01.12 (our server's ip or hostname)
  • Username: my_user_name (our user name for server)
  • Password: secretpassword (our password for server)

Let's first setup our basic ssh configuration

  1. Create a ~/.ssh/config file if not already present
  2. Append following lines to our config file
Host my_server_login_identifier 172.01.01.12
HostName 172.01.01.12
User my_user_name # set PreferredAuthentications to <b>publickey</b> if you have added public/private key authentication
PreferredAuthentications password # uncomment the line bellow if you have setup the public/private keys authentication # IdentityFile ~/.ssh/my_server_rsa
AddKeysToAgent yes

3.Now we can do ssh my_server_login_identifier to login to our server. This will ask us for our password. If you get error for invalid AddKeysToAgent key, just remove it.

Setting up public/private key authentication

Now let's add public/private key authentication method for our server. Some servers may not allow this method of authentication based of configuration but mostly does. So let's start.

Generating ssh public/private key pair

  1. Change your current working directory to ~/.ssh
  2. Create a ssh public/private key pair by running ssh-keygen -t rsa -b 4096 -C "[email protected]" -f my_server_rsa into our terminal. We should provide a pass-phrase for better security. And remember it for some time.
  3. Here my_server_rsa is the file name (default is id_rsa). We should always provide and email id for better identification of owner as the provided email id is appended to our generated public key.
  4. Now let ssh-agent remember out pass-phrase. Start agent by running eval "$(ssh-agent -s)" followed by ssh-add -K ~/.ssh/my_server_rsa. This will ask for pass-phrase.
  5. Now lets copy the content of ~/.ssh/my_server_rsa.pub into clipboard
  6. cat ~/.ssh/my_server_rsa and copy the output from terminal.

Server side authorization configuration

Now let see how we can let server know we are an authorized user with a public key.

  1. Login into our server with ssh my_server_login_identifier along with our password.
  2. Create ~/.ssh directory if not already present and cd ~/.ssh
  3. Create authorized_keys file if not already present and append the content of clipboard (our public key) to it.
  4. Now let's logout

Update local ssh configuration for ssh keys

Now that we updated our server for authentication, we need to updated our local ssh configuration to use the public/private key authentication and which key to use for authentication.

  1. Open our ~/.ssh/config file.
  2. Lets add IdentityFile and PreferredAuthentications into our configuration for out server
  3. Our final configuration should look like this.
Host my_server_login_identifier 172.01.01.12
HostName 172.01.01.12
User my_user_name
PreferredAuthentications publickey
IdentityFile ~/.ssh/my_server_rsa
AddKeysToAgent yes
  1. Now login into server by running ssh my_server_login_identifier. We should be able to directly login into the server. If you get an error for invalid credentials, remove the 172.01.01.12 line from ~/.ssh/known_hosts and you should be good to go.

That's it. We have completed our ssh setup. Now we can simply login with our ssh identifier.

What we achieved

  1. ssh my_server_login_identifier to login into server
  2. If server ip changes, update your ~/.ssh/config with new ip and just put your existing publickey to new server as mention above.
  3. If your username changes, just update the ~/.ssh/config with new username
  4. Share your configuration with your team or put it in CONTRIBUTION or wiki of your project so that any new developer can start easily.

Thanks for reading. I would love to hear your thoughts on twitter!

Subscribe to the telegram channel (sudkumar) or add the RSS to your feed aggregator to get updates when a new article is published.