Difference between revisions of "SSH"
Jump to navigation
Jump to search
| Line 7: | Line 7: | ||
==Make it easier to connect== | ==Make it easier to connect== | ||
Don't use password authentication. Use [https://www.ssh.com/academy/ssh/public-key-authentication Public Key Authentication]. | Don't use password authentication. Use [https://www.ssh.com/academy/ssh/public-key-authentication Public Key Authentication]. | ||
| − | * <code>ssh-keygen</code> | + | |
| − | ** (Note: You only have to do this step once.) | + | *<code>ssh-keygen</code> |
| − | ** The passphrase is optional. | + | **(Note: You only have to do this step once.) |
| − | * <code>ssh-copy-id '''user@MACHINENAME'''</code> | + | **The passphrase is optional. |
| + | *<code>ssh-copy-id '''user@MACHINENAME'''</code> | ||
| + | |||
This will simplify your life. From this point on, any time you SSH into (or SCP to/from etc...) the machine known as '''MACHINENAME''' while working at the machine you've done this on, you'll be automagically authenticated. | This will simplify your life. From this point on, any time you SSH into (or SCP to/from etc...) the machine known as '''MACHINENAME''' while working at the machine you've done this on, you'll be automagically authenticated. | ||
==Signing in to a machine== | ==Signing in to a machine== | ||
Pretty straightforward: | Pretty straightforward: | ||
| − | * <code>ssh '''user@MACHINENAME'''</code> | + | |
| + | *<code>ssh '''user@MACHINENAME'''</code> | ||
| + | |||
This will securely give you a terminal session of the remote machine. (Much like good old telnet... But not quite so sketchily insecure.) | This will securely give you a terminal session of the remote machine. (Much like good old telnet... But not quite so sketchily insecure.) | ||
==Executing commands remotely== | ==Executing commands remotely== | ||
Also, pretty straightforward... | Also, pretty straightforward... | ||
| − | * <code>ssh '''user@MACHINENAME "Command to be executed"'''</code> | + | |
| + | *<code>ssh '''user@MACHINENAME "Command to be executed"'''</code> | ||
| + | |||
One thing to note... | One thing to note... | ||
If you want to execute a command remotely that requires '''sudo''', you'll have to add a '''-t''' to the command line or else '''sudo''' with tell you where to go. | If you want to execute a command remotely that requires '''sudo''', you'll have to add a '''-t''' to the command line or else '''sudo''' with tell you where to go. | ||
| − | * <code>ssh -t '''user@MACHINENAME "Command to be executed"'''</code> | + | |
| + | *<code>ssh -t '''user@MACHINENAME "Command to be executed"'''</code> | ||
| + | |||
This is because '''sudo''' intentionally will NOT run without a local terminal session. | This is because '''sudo''' intentionally will NOT run without a local terminal session. | ||
| Line 31: | Line 39: | ||
From the local machine to a remote machine: | From the local machine to a remote machine: | ||
| − | * <code>scp '''FileName''''''user@MACHINENAME:Destination'''</code> | + | |
| + | *<code>scp '''FileName'<nowiki/>'''''user@MACHINENAME:Destination'<nowiki/>''</code> | ||
| + | |||
From a remote machine to the local machine: | From a remote machine to the local machine: | ||
| − | * <code>scp'''user@MACHINENAME:FileNameDestination'''</code> | + | |
| + | *<code>scp'''user@MACHINENAME:FileNameDestination'''</code> | ||
| + | |||
From a remote machine to another remote machine: | From a remote machine to another remote machine: | ||
| − | * <code>scp'''user@MACHINENAME:FileName user@OTHERMACHINENAME:Destination'''</code> | + | |
| + | *<code>scp'''user@MACHINENAME:FileName user@OTHERMACHINENAME:Destination'''</code> | ||
Starting to see a pattern? | Starting to see a pattern? | ||
| Line 43: | Line 56: | ||
==Port forwarding (AKA Tunnelling)== | ==Port forwarding (AKA Tunnelling)== | ||
Working on this part... | Working on this part... | ||
| + | |||
| + | [https://help.ubuntu.com/community/SSH/OpenSSH/PortForwarding One description] | ||
[https://www.ssh.com/academy/ssh/tunneling/example An example] | [https://www.ssh.com/academy/ssh/tunneling/example An example] | ||
| Line 77: | Line 92: | ||
when you try to ssh to a machine... | when you try to ssh to a machine... | ||
| − | * <code>sudo ssh-keygen -f ~/.ssh/known_hosts -R HOSTIP</code> | + | *<code>sudo ssh-keygen -f ~/.ssh/known_hosts -R HOSTIP</code> |
Messages like: | Messages like: | ||
| Line 92: | Line 107: | ||
If you see: | If you see: | ||
| − | * <code>Failed to add the host to the list of known hosts (/Users/USER/.ssh/known_hosts).</code> | + | *<code>Failed to add the host to the list of known hosts (/Users/USER/.ssh/known_hosts).</code> |
Check permissions & ownership on that file... | Check permissions & ownership on that file... | ||
Revision as of 01:05, 7 June 2021
How To Enable SSH in Linux Mint
Contents
Using SSH to get stuff done
Make it easier to connect
Don't use password authentication. Use Public Key Authentication.
ssh-keygen- (Note: You only have to do this step once.)
- The passphrase is optional.
ssh-copy-id user@MACHINENAME
This will simplify your life. From this point on, any time you SSH into (or SCP to/from etc...) the machine known as MACHINENAME while working at the machine you've done this on, you'll be automagically authenticated.
Signing in to a machine
Pretty straightforward:
ssh user@MACHINENAME
This will securely give you a terminal session of the remote machine. (Much like good old telnet... But not quite so sketchily insecure.)
Executing commands remotely
Also, pretty straightforward...
ssh user@MACHINENAME "Command to be executed"
One thing to note...
If you want to execute a command remotely that requires sudo, you'll have to add a -t to the command line or else sudo with tell you where to go.
ssh -t user@MACHINENAME "Command to be executed"
This is because sudo intentionally will NOT run without a local terminal session.
Transferring files
There are at least 3 ways you can securely transfer files using SSH (via the SCP command)
From the local machine to a remote machine:
scp FileName'user@MACHINENAME:Destination'
From a remote machine to the local machine:
scpuser@MACHINENAME:FileNameDestination
From a remote machine to another remote machine:
scpuser@MACHINENAME:FileName user@OTHERMACHINENAME:Destination
Starting to see a pattern?
As a bonus, RSYNC will use SSH as a transport layer.
Port forwarding (AKA Tunnelling)
Working on this part...
Troubleshooting
(somebody remind me to clean this crap up & make it easier to follow...)
If you get crap like:
Warning: the ECDSA host key for '<snip>' differs from the key for the IP address '<snip>' Offending key for IP in /home/<snip>/.ssh/known_hosts:14 Matching host key in /home/<snip>/.ssh/known_hosts:12 Are you sure you want to continue connecting (yes/no)?
or maybe:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that a host key has just been changed. The fingerprint for the RSA key sent by the remote host is SHA256:'<snip>' Please contact your system administrator. Add correct host key in /home/user/.ssh/known_hosts to get rid of this message. Offending RSA key in /home/user/.ssh/known_hosts:102 remove with: ssh-keygen -f "/home/user/.ssh/known_hosts" -R '<snip>' RSA host key for '<snip>' has changed and you have requested strict checking. Host key verification failed.
when you try to ssh to a machine...
sudo ssh-keygen -f ~/.ssh/known_hosts -R HOSTIP
Messages like:
Warning: the RSA host key for '<snip>' differs from the key for the IP address '<snip>' Offending key for IP in /home/user/.ssh/known_hosts:102 Matching host key in /home/user/.ssh/known_hosts:103 Are you sure you want to continue connecting (yes/no)?
mean that you have an extra entry in your known_hosts file & indicates the line you want to delete...
If you see:
Failed to add the host to the list of known hosts (/Users/USER/.ssh/known_hosts).
Check permissions & ownership on that file...
