SSH everyhwere
Just a couple of notes on why I prefer ssh over other protocols, and how to configure it.
Avoid passwords, use keys
It makes it easier to automate jobs (like copying files in a script) and avoid typing passwords
First, generate the key with ssh-keygen
.
Then, add to ~/.ssh/config
something like
Host <name of remote>
HostName <ip or name of machine>
Port <port to connect>
User <username>
IdentityFile <path to generated key>
#IdentitiesOnly yes
# otherwise ssh tries all keys
Host *
IdentitiesOnly yes
for copying the public key on the remote machine: ssh-copy-id -i ~/.ssh/mykey <name of remote>
.
Notice that because of ~/.ssh/config
, we do not need to specify the actual name of the remote (or its IP address), nor the username or port.
Once the public key has been successfully copied, change ~/.ssh/config
to
Host <name of remote>
HostName <ip or name of machine>
Port <port to connect>
User <username>
IdentityFile <path to generated key>
IdentitiesOnly yes
# otherwise ssh tries all keys
Host *
IdentitiesOnly yes
In other words: uncomment the first IdentitiesOnly yes
.
At last, you should be able to connect with ssh <name of remote>
without typing the password. It is possible to use ssh -v <name of remote>
to see that ssh tries to use the indicated key.
Use tmux
or screen
If the connection is lost, one generally cannot reopen the previous console with the program running.
If all programs are execute from tmux
or screen
, this is a non-issue.
As using nested tmux
or screen
session is unpractical, it is recommended to add at least a second modifier for the nested session.
I currently use a function similar to
ssht () {
ssh -t "$@" "tmux new-session -A -s ssh_session\; set-option -g prefix2 C-a"
}
This way, by typing ssht remote
, when I’m connecting to remote
, I’ll be presented to the already existent or newly created if not existent session ssh_session
. Also tmux
session on the remote will use both Ctrl+a and Ctrl+b as prefix modifier (unless configured otherwise). Thus when using nested tmux session (one on the remote, the other on the host) Ctrl+b is used for controlling the tmux session on the host, Ctrl+a for controlling the session on the remote.
VirtualBox
VirtualBox makes it easy to open a connection between the host and guest operating system.
Under Settings, if the connection is NAT, add something similar to port forwarding
name| protocol | host ip | host port | guest ip | guest port
ssh | tcp | 127.0.0.1 | 2222 | | 22
It is possible to also add those setting from the command line
vboxmanage modifyvm <name of vm> --natpf1 "ssh,tcp,127.0.0.1,2222,,22"
22
is the default port on the guest for ssh
, while 2222
is an unused port on the host. A possible ~/.ssh/config
on the host could then look like
Host vdebian
HostName 127.0.0.1
Port 2222
User debian
IdentityFile ~/.ssh/id_rsa_vdebian
IdentitiesOnly yes
Starting the virtual machine and connecting (omit the first command if the VM is already running) is just vboxmanage startvm vdebian --type headless && ssh vdebian
.
Note that if you want to reach the virtual machine with ssh, then you should leave the host ip empty:
vboxmanage modifyvm <name of vm> --natpf1 "ssh,tcp,,2222,,22"
Windows
Windows uses by default other protocols for connecting to remote machines. ssh
is only recently (since Windows 10) a first-class citizen, thus it is not as ubiquitous as ssh on other systems.
Native ssh
To install and configure ssh, follow the official documentation:
# query if OpenSSH is available, and which versions
Get-WindowsCapability -Online | Where-Object Name -like 'OpenSSH*'
# suppose output is similar top
# Name : OpenSSH.Client~~~~0.0.1.0
# State : Installed
# Name : OpenSSH.Server~~~~0.0.1.0
# State : NotPresent
# install client
Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0
# install server
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0
# Start the sshd service
Start-Service sshd
# start service automatically
Set-Service -Name sshd -StartupType 'Automatic'
Notice that ssh-copy-id
won’t work for deploying keys, so it needs to be done manually
# note: because the default shell is cmd, use \ instead of / for representing a PATH
ssh <win remote> mkdir 'C:\Users\username\.ssh';
scp <public key> <win remote>:'C:\Users\username\.ssh\authorized_keys';
The default shell is cmd, which is… let’s change the default ssh shell at least to PowerShell. I could not find any user-specific settings, only a global one.
ssh <win remote> reg add 'HKLM\SOFTWARE\OpenSSH' /v DefaultShell /t REG_SZ /d 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe'
In case your user is also an administrator, you might want to give a look at this (unfortunately closed) issue. The Windows openssh port has some non-standard behaviour, the TLDR is to comment following lines from C:/ProgramData/ssh/sshd_config
out
Match Group administrators
AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys
cygwin
The main advantage compared to the integrated ssh, is that Cygwin comes with a bash shell, and thus a more familiar environment (tmux
and screen
included).
Download the setup from the Cygwin website, and execute it as administrator. While installing Cygwin, remember to select the openssh
and cygrunsrv
packages.
Once the installation has finished, open a Cygwin terminal as administrator(!), and execute ssh-host-config
. An interactive setup will ask some basic questions about how to configure the service.
Afterward, I needed to add a new firewall rule
New-NetFirewallRule -Name 'Cygwin-sshd' -DisplayName 'Cygwin-sshd' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22
Contrary to the integrated windows ssh package, with Cygwin it is possible to deploy the key with ssh-copy-id
:
ssh-copy-id -i <key> <win remote>
Android
The most profitable way to use ssh
on Android is by using Termux (updated versions are available on F-Droid). For security reasons, connecting with a password is disabled. This is generally a good thing, but also means that ssh-copy-id
will not work for deploying the first public key. It needs to be added manually to ~/.ssh/authorized_keys
.
Do you want to share your opinion? Or is there an error, some parts that are not clear enough?
You can contact me anytime.