Skip to content

SSH

The Secure Shell Protocol (SSH Protocol) is a cryptographic network protocol for operating network services securely over an unsecured network.[1] Its most notable applications are remote login and command-line execution.

Keys

Generate new set of keys
ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519 -N ""

This command works cross-platform

Keys consist of a pair of files - one private and one public. The public key is used for encrypting and the private key is used for decrypting.

Key files in ~/.ssh
.ssh
├── id_ed25519
└── id_ed25519.pub
Example key content

These keys are for example purposes only and aren't real. Never expose or move a private key

ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKqRCNMRFil7IHV/IVfmwQVX5D2BgHlDZfDW/ErC25Cz john@hermes

-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
QyNTUxOQAAACCqkQjTERYpeyB1fyFX5sEFV+Q9gYB5Q2Xw1vxKwtuQswAAAJhGF9GFRhfR
hQAAAAtzc2gtZWQyNTUxOQAAACCqkQjTERYpeyB1fyFX5sEFV+Q9gYB5Q2Xw1vxKwtuQsw
AAAEBlHRz/cOJC/JnYutdfoSYd1umtm/Q2O+GJIj5nIBN8r6qRCNMRFil7IHV/IVfmwQVX
5D2BgHlDZfDW/ErC25CzAAAAE2FwcGRhZW1vbkBhcHBkYWVtb24BAg==
-----END OPENSSH PRIVATE KEY-----

Config

ssh_config(5)

~/.ssh/config
Host docker-lxc
    HostName 192.168.1.87
    User root

Host synology
    HostName john-nas
    User john

Host gitea
    HostName gitea.local
    User git
    Port 222

Host *
    IdentityFile ~/.ssh/id_ed25519

Print view uncommented lines in ssh config

grep -E '^[^#;].*?$' ~/.ssh/config

sshd_config(5)

/etc/ssh/sshd_config
PasswordAuthentication no
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys

PermitTunnel no
AllowTcpForwarding no

PermitRootLogin yes
Match User root
    PasswordAuthentication no
    AllowTcpForwarding yes
Match User backup-tunnel
    AllowTcpForwarding local
    PermitOpen 127.0.0.1:445

View uncommented lines in sshd_config

grep -E '^[^#;].*?$' /etc/ssh/sshd_config

Advanced Usage

SSH Certificates

SSH Tunnel

Good References