Difference between revisions of "SSH"
(4 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
+ | <span style="background-color: rgb(153, 204, 0); color: rgb(0, 0, 255);" data-mce-style="background-color: #99cc00; color: #0000ff;">'''<big>Now on Wiki.NerdMage.Ca</big>'''</span> | ||
[https://www.rootusers.com/enable-ssh-linux-mint/ How To Enable SSH in Linux Mint] | [https://www.rootusers.com/enable-ssh-linux-mint/ How To Enable SSH in Linux Mint] | ||
Line 7: | Line 8: | ||
==Make it easier to connect== | ==Make it easier to connect== | ||
Don't use password authentication. Use [https://www.ssh.com/academy/ssh/public-key-authentication Public Key Authentication]. | Don't use password authentication. Use [https://www.ssh.com/academy/ssh/public-key-authentication Public Key Authentication]. | ||
− | * <code>ssh-keygen</code> | + | |
− | ** (Note: You only have to do this step once.) | + | *<code>ssh-keygen</code> |
− | ** The passphrase is optional. | + | **(Note: You only have to do this step once on any particular machine.) |
− | * <code>ssh-copy-id '''user@MACHINENAME'''</code> | + | **The passphrase is optional. |
+ | *<code>ssh-copy-id '''user@MACHINENAME'''</code> | ||
+ | **This can be done for as many remote machines as you like. | ||
+ | |||
This will simplify your life. From this point on, any time you SSH into (or SCP to/from etc...) the machine known as '''MACHINENAME''' while working at the machine you've done this on, you'll be automagically authenticated. | This will simplify your life. From this point on, any time you SSH into (or SCP to/from etc...) the machine known as '''MACHINENAME''' while working at the machine you've done this on, you'll be automagically authenticated. | ||
==Signing in to a machine== | ==Signing in to a machine== | ||
Pretty straightforward: | Pretty straightforward: | ||
− | * <code>ssh '''user@MACHINENAME'''</code> | + | |
+ | *<code>ssh '''user@MACHINENAME'''</code> | ||
+ | |||
This will securely give you a terminal session of the remote machine. (Much like good old telnet... But not quite so sketchily insecure.) | This will securely give you a terminal session of the remote machine. (Much like good old telnet... But not quite so sketchily insecure.) | ||
==Executing commands remotely== | ==Executing commands remotely== | ||
Also, pretty straightforward... | Also, pretty straightforward... | ||
− | * <code>ssh '''user@MACHINENAME "Command to be executed"'''</code> | + | |
+ | *<code>ssh '''user@MACHINENAME "Command to be executed"'''</code> | ||
+ | |||
One thing to note... | One thing to note... | ||
If you want to execute a command remotely that requires '''sudo''', you'll have to add a '''-t''' to the command line or else '''sudo''' with tell you where to go. | If you want to execute a command remotely that requires '''sudo''', you'll have to add a '''-t''' to the command line or else '''sudo''' with tell you where to go. | ||
− | * <code>ssh -t '''user@MACHINENAME "Command to be executed"'''</code> | + | |
+ | *<code>ssh -t '''user@MACHINENAME "Command to be executed"'''</code> | ||
+ | |||
This is because '''sudo''' intentionally will NOT run without a local terminal session. | This is because '''sudo''' intentionally will NOT run without a local terminal session. | ||
Line 31: | Line 41: | ||
From the local machine to a remote machine: | From the local machine to a remote machine: | ||
− | * <code>scp '''FileName''''''user@MACHINENAME:Destination'''</code> | + | |
+ | *<code>scp '''FileName''' '''<nowiki>user@MACHINENAME:Destination</nowiki>'''</code> | ||
+ | |||
From a remote machine to the local machine: | From a remote machine to the local machine: | ||
− | * <code>scp'''user@MACHINENAME: | + | |
+ | *<code>scp '''user@MACHINENAME:FileName Destination'''</code> | ||
+ | |||
From a remote machine to another remote machine: | From a remote machine to another remote machine: | ||
− | * <code>scp'''user@MACHINENAME:FileName user@OTHERMACHINENAME:Destination'''</code> | + | |
+ | *<code>scp '''user@MACHINENAME:FileName user@OTHERMACHINENAME:Destination'''</code> | ||
Starting to see a pattern? | Starting to see a pattern? | ||
Line 43: | Line 58: | ||
==Port forwarding (AKA Tunnelling)== | ==Port forwarding (AKA Tunnelling)== | ||
Working on this part... | Working on this part... | ||
+ | |||
+ | [https://help.ubuntu.com/community/SSH/OpenSSH/PortForwarding One description] | ||
[https://www.ssh.com/academy/ssh/tunneling/example An example] | [https://www.ssh.com/academy/ssh/tunneling/example An example] | ||
Line 77: | Line 94: | ||
when you try to ssh to a machine... | when you try to ssh to a machine... | ||
− | * <code>sudo ssh-keygen -f ~/.ssh/known_hosts -R HOSTIP</code> | + | *<code>sudo ssh-keygen -f ~/.ssh/known_hosts -R HOSTIP</code> |
Messages like: | Messages like: | ||
Line 92: | Line 109: | ||
If you see: | If you see: | ||
− | * <code>Failed to add the host to the list of known hosts (/Users/USER/.ssh/known_hosts).</code> | + | *<code>Failed to add the host to the list of known hosts (/Users/USER/.ssh/known_hosts).</code> |
Check permissions & ownership on that file... | Check permissions & ownership on that file... |
Latest revision as of 15:52, 27 December 2021
Now on Wiki.NerdMage.Ca
How To Enable SSH in Linux Mint
Contents
Using SSH to get stuff done
Make it easier to connect
Don't use password authentication. Use Public Key Authentication.
ssh-keygen
- (Note: You only have to do this step once on any particular machine.)
- The passphrase is optional.
ssh-copy-id user@MACHINENAME
- This can be done for as many remote machines as you like.
This will simplify your life. From this point on, any time you SSH into (or SCP to/from etc...) the machine known as MACHINENAME while working at the machine you've done this on, you'll be automagically authenticated.
Signing in to a machine
Pretty straightforward:
ssh user@MACHINENAME
This will securely give you a terminal session of the remote machine. (Much like good old telnet... But not quite so sketchily insecure.)
Executing commands remotely
Also, pretty straightforward...
ssh user@MACHINENAME "Command to be executed"
One thing to note...
If you want to execute a command remotely that requires sudo, you'll have to add a -t to the command line or else sudo with tell you where to go.
ssh -t user@MACHINENAME "Command to be executed"
This is because sudo intentionally will NOT run without a local terminal session.
Transferring files
There are at least 3 ways you can securely transfer files using SSH (via the SCP command)
From the local machine to a remote machine:
scp FileName user@MACHINENAME:Destination
From a remote machine to the local machine:
scp user@MACHINENAME:FileName Destination
From a remote machine to another remote machine:
scp user@MACHINENAME:FileName user@OTHERMACHINENAME:Destination
Starting to see a pattern?
As a bonus, RSYNC will use SSH as a transport layer.
Port forwarding (AKA Tunnelling)
Working on this part...
Troubleshooting
(somebody remind me to clean this crap up & make it easier to follow...)
If you get crap like:
Warning: the ECDSA host key for '<snip>' differs from the key for the IP address '<snip>' Offending key for IP in /home/<snip>/.ssh/known_hosts:14 Matching host key in /home/<snip>/.ssh/known_hosts:12 Are you sure you want to continue connecting (yes/no)?
or maybe:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that a host key has just been changed. The fingerprint for the RSA key sent by the remote host is SHA256:'<snip>' Please contact your system administrator. Add correct host key in /home/user/.ssh/known_hosts to get rid of this message. Offending RSA key in /home/user/.ssh/known_hosts:102 remove with: ssh-keygen -f "/home/user/.ssh/known_hosts" -R '<snip>' RSA host key for '<snip>' has changed and you have requested strict checking. Host key verification failed.
when you try to ssh to a machine...
sudo ssh-keygen -f ~/.ssh/known_hosts -R HOSTIP
Messages like:
Warning: the RSA host key for '<snip>' differs from the key for the IP address '<snip>' Offending key for IP in /home/user/.ssh/known_hosts:102 Matching host key in /home/user/.ssh/known_hosts:103 Are you sure you want to continue connecting (yes/no)?
mean that you have an extra entry in your known_hosts file & indicates the line you want to delete...
If you see:
Failed to add the host to the list of known hosts (/Users/USER/.ssh/known_hosts).
Check permissions & ownership on that file...