nbalonso.com

SSH Shortcuts and Keys

| Comments

Edit: There is some useful information down in the comments section, make sure you check it out

The shortest distance between two computers is SSH

This article comes after an quick demo I gave to a fellow worker when he saw me ssh’ing into a computer with zero effort. His first comment was “well that looks insecure”

I won’t get into much detail about it’s security because I don’t know enough and will end up saying something that isn’t true but, SSH keys are based on trust and private-public RSA keys between managed computers. The method is the default method used for some big players such as GitHub, Amazon EC2, Red Hat OpenShift…

The main idea is that you generate a key pair of a private and public keys in your computer, and then copy that public key into the remote computer you want to connect to.

This allows you to connect to a remote computer without having to type or even know! the password for a user in that system. One thing you can achieve with this is to disable password authentications and eliminate the option of any brute force attacks to ssh.

Anyway, to set it up is quite simple. Use the ssh-keygen command Generate (if you don’t have it) the RSA key pair in your computer. The default values (that you can change) are:

  • Private key will be created in ~/.ssh/id_rsa
  • Public key will be ~/.ssh/id_rsa.pub
  • No passphrase
  • 2048 bits in length

Once this is done the only thing left is to copy the public key to the remote computer.

Assuming that the remote computer already has SSH enabled you can do

1
bash-3.2$ cat ~/.ssh/id_rsa.pub | ssh [email protected] "cat >> ~/.ssh/authorized_keys"

Keep in mind that the username you specify in the command above is the username that you will be authenticating as. Is also important to know that some distributions do not have the .ssh folder created by default and you might need to create it first.

Edit: as highlighted by Timothy Sutton on Twitter there is a handy tool that you can use instead of concatenating the public key, and appending it to the end of the authorised_keys. The tool is ssh-copy-id which is available is many linux distributions and you can easily install in OS X with Homebrew.

And you are done! just type [email protected] and enjoy not typing a password, if you did not specify a passphrase, or using your passphrase instead of the user’s password if you did.

Wait a second?! The title of this article says ssh shortcuts!

Yes it does, and one thing I did not include in my previous post is an ssh function that I have in my ~/.bash_profile to save me from typing too much. I use functions instead of alias to be able to use multiple word combinations. Here is a very simple sample that you can read to understand how it works.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
# SSH paths
ssh() {
case "$1" in
  "munki")
      ssh [email protected]
      ;;
  "sus1")
      ssh [email protected]
      ;;
  "sus2")
      ssh [email protected]
      ;;
  *)
      command ssh "[email protected]"
      ;;
esac
}

With this two things combined you can very quickly and secure connect to your commonly managed servers and/or workstations.

1
2
3
bash-3.2$ ssh munki
Last login: Mon Feb 24 08:15:53 2014 from 192.168.99.1
munkiserver:~ nbalonso$

Two short words+return and I’m in :)

Comments