Categories
IT-Stuff

easier life with custom ssh config file

Disclaimer:
use this code at your own risk and only if you know what you are doing. no liability from us for the consequences. so leave us alone if things go sideways

I am regularly connecting to multiple remote systems via SSH, and as far as I am concerned I find that remembering all of the remote IPs, the non-standard ssh ports, and various command-line options difficult, annoying, and at some stage or office hour impossible. The option for creating a bash alias file would do the trick, but i guess well not cool, or in other words not the use case I have.

Step 1 located in the /home directory of the user you can find .ssh/config if not, well you have to create the config file. If you want to edit the global config use /etc/ssh/ssh_config (must be readable to all users)

touch /home/user/.ssh/config
sudo chmod 600 home/user/.ssh/config

The config file structure looks something like this, and it is processed from top to bottom. The SSH command from the cli processes its configuration in the following order:

  1. ssh command line-option
  2. /home/user/.ssh/config option
  3. /etc/ssh/ssh_config options

Keep that in mind, if you are using override commands.

Step 2 edit the file for your needs

# comment

Host hostname1
    SSH_OPTION value
    SSH_OPTION value

Host hostname2
    SSH_OPTION value

Use Case to get connected:
ssh userNeeds@ssh.host.exymple.tld -p4422

with config file in /home/userNeeds/.ssh/config that looks something

Host exy
    HostName ssh.host.exymple.tld
    User userNeeds
    Port 4422

I will just need to type this to get connected:
ssh exy

Pretty fly ha?

These are the Config parameters you can use. (I will not get into Wild Cards and ref exp)
HostName: IP address of the remote server
User: Name of the user, you will log in as 9999
Port: The to connect on the remote server
Protocol: The version of protocol SSH should prefer (multi Values separated by comma)
IdentityFile: Location of file that contains RSA, ECDSA, and DSA authentication Identity
ForwardX11: It allows you to forward the remote server display on your machine
Compression: You want to use compression during the remote server connection or not
ServerAliveinterval: Set a timer in seconds for the server connection and in the given time if no response is received from the server, ssh will send a message to request a response
ServerAliveCountMax: Sets the number of messages that should be sent to request a response from the server
LogLevel: Verbosity level used when logging

So a common use case config looks like something like this

Host grommuo
         HostName grommuo.hatesno.plan
         Port 2222
         Forwardx11 no
         User tec-noP1503
         IdentityFile ~/.ssh/id_rsa
         Protocol 2
         Compression yes
         LogLevel Info

so to get connected tech tech guy only has to type ssh grommuo and is good go, fine thing and makes life easier.

Do not forget to include this config in your backup plan (justsaying)
This article can be interesting in combination with
4-step-setup-ssh-login-without-password
disabling-ssh-password-authentication

have Fun !

Categories
IT-Stuff

Disabling SSH password authentication

Disclaimer:
use this code at your own risk and only if you know what you are doing. no liability from us for the consequences. so leave us alone if things go sideways

Sometimes you feel the need of adding an extra layer of security to your server. You can disable the password authentication for SSH on your server. Feel free to do so if you know what you are up to. I strongly recommend that during this whole operation you have a user logged into the remote machine who has a sudo credentials, just in case something goes sideways 😉

Step 1 log into the server

ssh user@remote-server

Step 2 edit the ssh config file /etc/ssh/sshd_config and change these settings, after the save restart the ssh service

PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM no

Step 3 restart the ssh service (depends on your system)

sudo systemctl restart ssh
sudo sudo systemctl restart sshd

Thats all folks !

This blog post can be used with this article 4-step-setup-ssh-login-without-password

Categories
IT-Stuff

4 Step Setup SSH Login without password

A quick and dirty version of how it’s done.

Disclaimer:
use this code at your own risk and only if you know what you are doing. no liability from us for the consequences. so leave us alone if things go sideways

Step 1 (check if there is any existing key)

ls -al ~/.ssh/id_*.pub

Step 2 (if you find nothing) go and generate a new pair of SSH keys (the keys will be stored in the users /home look for something like .ssh/id_rsa If you found some in Step 1 head up to Step 3

ssh-keygen -t rsa -b 4096 -C "your-mail@domain.com"

Thinking of an extra layer of security enter a password, if no use for that in your use case hit enter (2x) after that, check with ls ~/.ssh/id_* if the key is there, this is gonna look something like .ssh/id_rsa.pub and ./ssh/id_rsa in your users home directory

Step 3 Copy the public key (use ssh-copy) to the remote host. While this is gonna happen you will be prompted to enter the password for the remote username (on the remote host) of the ssh key. Once the user is authenticated, the public key will be appended to the remote user authorized_keys file and the connection will be closed. Just a side note you can add the same key to multiple remote serves.

ssh-copy-id remote_username@remote_server_ip_address

Step 4 ssh in the remote server using ssh keys

ssh remote_username@remote_server_ip_address

If that all comes together well, you will be logged in immediately
Enjoy and have Fun !

PS:
If for some reason, ssh-copy is not working, you can try this at your own risk, but its is highly recommended to user ssh-copy.

cat ~/.ssh/id_rsa.pub | ssh remote_user@remote-server "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"

Thats all folks !

This article can be also used with disabling-ssh-password-authentication

Categories
code espresso al banco

espresso code al banco

weil es irgendwie immer vorkommt vor dem Espresso eine große Datei am Server leeren zu müssen. (linux)

truncate -s 0 file

have fun