Simple SSH config file and rsa keys to manage multiple remote server connections

SSH config file and RSA keys

I’m a biologist… and computer should remain simple because most of my time is spent behind a keybord, over network, working with several remote server. At the beginning, it was quite confusing to remember every couple of login@IpAdress as well as spicy passwords. But Open-Source community helped me to gain efficiency, providing me good advices and saving a lot of my time.
This post is about ssh configuration between your laptop and a remote server (both running under GNU/linux distros).

SSH config file

Since I discovered the ~/.ssh/config file, my work became easier : it works exactly like an alias.
You can type ssh Alias to connect directly on the right remote server (remote-serverA). Amazing, isn’t it ?

me@laptop:~$ nano .ssh/config
Host Alias
    HostName remote-serverA
    User login
    Port 22
    ForwardX11 yes

Instead of typing « ssh login@remote-serverA -p 22« , you just have to type « ssh Alias« , followed by your password.

RSA keys

The second very useful things is a complementary trick, the rsa key. Briefly, it consist of a private key (stored on your laptop for the example) and a public key (stored on a remote server). When initiating the ssh connection, the remote server will send a random message to your laptop, waiting the same message returned encrypted by your private key. If the return-message while decrypted by the public key, corresponds to the initial random message, the ssh connection is allowed (without any password !!!) Nice, right ?
So you need to generate a private and a public keys for identifying the two machines.
On your laptop and give them to each machine (I’m using Debian jessie) just type :

me@laptop:~$ cd ~/.ssh/
me@laptop:~/.ssh$ ssh-keygen -t rsa -b 4096 -f remote-serverA

You will be asked for passphrase, you can let it empty. If not, you will have to type you passphrase during each connection (instead of your password… which is initialy what we want avoid).
In you ~/.ssh/ directory, you should see

me@laptop:~/.ssh$ ls
config remote-serverA remote-serverA.pub

You should copy the content on the remote server in a file named ~/.ssh/authorized_keys. There is two possibility,

do it manually :

First print using cat to conserve the one-line structure. More will split the string, adding newline character (« \n ») to fit the size of your screen.

me@laptop:~/.ssh$ cat remote-serverA.pub

It should look

AAZcjdE45jhf[long character string]SHFJJ45djkSFF== login@laptop

Copy it in your clipboard or whereever you want and open an ssh connection to the remote-serverA :

me@laptop:~/.ssh$ ssh login@remote-serverA -p 22 [enter your password] Welcome on Server A :) 
login@remote-serverA:~$ 

Edit the « authorized_keys » file :

login@remote-serverA:~$ nano ~/.ssh/authorized_keys

Careful : the content of your key should remain on one line !!!

the lazy way:

All this step can be done in a one-ligner syntax by adding the content of the public key directly on the « authorized_keys » file using the pipe symbol (« | »), all of this encapsulated by an ssh connection.

me@laptop:~$ cat ~/.ssh/remote-serverA.pub | ssh login@remote-serverA "cat - >> .ssh/authorized_keys"

It should work !

Just try it, and feel you free to ask, comment or correct me :

me@laptop:~$ ssh Alias
Welcome on Server A !
login@remote-serverA:~$

Ressources :

https://www.digitalocean.com/community/tutorials/how-to-configure-ssh-key-based-authentication-on-a-linux-server
https://www.cyberciti.biz/faq/linux-generating-rsa-keys/
 

Laisser un commentaire

Votre adresse e-mail ne sera pas publiée.