SSH

Basics

To log into a system with your current username, just call ssh hostname:

georg@erde:~$ ssh sonne
Passwort: ***********
georg@sonne~$

Note: the password will not be displayed (not even stars). If you have a different account on the other system, prepend your user name like in an e-mail address: ssh gw@sonne.

With the command line option -X (upper case X), the X11 session will be forwarded over the SSH connection. When starting a program with GUI, it will be displayed on your local screen and your input will be redirected to the programm running on the remote machine.

Using password-less login

SSH can create a pair of public and private keys to log into systems without everytime entering the password. Additionally, this comes handy for scripts where you would never put your password in.

First, create a key pair:

$ ssh-keygen

It will ask for a name where to store the key files and for a passphrase. The phrase should be taken literally: this will be your master key, don't just provide 8 characters (on none). I will show how to use the ssh-agent, so this passphrase will only be entered once after login. See man ssh-keygen for more options.

Distributing the public key

The private key must be kept secret. By default, it is stored in the hidden directory ~/.ssh/ in the file id_rsa and only readable for the user. (SSH will reject using it if the file is readable for more than the owner.)

The public key has the extension .pub (id_rsa.pub). To be accepted, it must be appended to the file ~/.ssh/authorized_keys. If your home directories are synchronized (e.g. via NFS), just append it to the local file:

~$ cd .ssh
.ssh$ cat id_rsa.pub >> authorized_keys

Otherwise, the public key must be copied to the remote machine. The tool ssh-copy-id helps: just call it with the hostname (or name@hostname, if the account is named differently):

georg@erde~$ ssh-copy-id mond
Password: ***********
Now try loggin into the machine...
georg@erde~$ ssh mond
georg@mond~$

Using the SSH-Agent to avoid the passphrase

If you're following the steps above, so far, you have only replaced the (probably 8 character) password with a (according to my suggestion much longer) passphrase. But as promised, there's help:

$ ssh-agent
$ ssh-add
Passphrase: *************************
$ ssh sonne

The first line starts the SSH-Agent in the background. Then ssh-add registers your private keys with the agent. It will ask for the passphrase. From now on, every subsequent SSH will use the password-less (and passphrase-less) login. If your public key is not on the target system, SSH falls back to asking for the password.

With the command line option -A, you can even forward the agent to a remote machine and then login from there to the next machine without entering a password (of -phrase) again.

More configuration for more convenience

SSH can be configured with the file ~/.ssh/config. Some global settings are:

ForwardAgent yes
ForwardX11 yes

These settings globally activate the command line options -A and -X. Settings for specific target machines can be given:

Host work
    User gw
    Hostname mymachine.example.com

This would set an alias work for gw@mymachine.example.com.

social