miscellaneous-slides

SSH Config 101

This is not a good idea!

alias ssh-test="ssh test-server.example.com"
alias ssh-prod="ssh prod-server.example.com"

There is another, much better, and more straightforward solution to this problem.

With SSH you can configure different options for each machine you connect to.

 

~/.ssh/config

Host test
  Hostname test-server.example.com

Host prod
  Hostname prod-server.example.com

 

$ ssh test

 

~/.ssh/config (continued)

Host dev test
  Hostname test-server.example.com
  IdentityFile ~/.ssh/devop_ed25519
  User devop

Host preview stage qa
  Hostname stage-server.example.com
  IdentityFile ~/.ssh/devop_ed25519
  User devop

Host prod production
  Hostname prod-server.example.com
  IdentityFile ~/.ssh/admin_ed25519
  User admin

 

ssh-keygen

ssh-keygen -t ed25519 -f ~/.ssh/admin_ed25519

-t ed25519

Type of the key. Ed25519 is the most recommended public-key algorithm today.

-f ~/.ssh/admin_ed25519

Filename for the keys. Should probably be stored in your default ~/.ssh directory.

 

ssh-copy-id

ssh-copy-id -i ~/.ssh/admin_ed25519.pub prod

-i ~/.ssh/admin_ed25519.pub

The Identity File to copy to the host. Remember to use the public key !

prod

SSH destination [user@]host, in this case configured in the .ssh/config .

 

Benefits

• aliases for hostnames (even multiple)
• additional parameters are still possible
• directly assign username for the host
• exchanged keys enable more features
  • passwordless authentication
  • remote tab-completion
• the config is used for everything ssh
  • ssh-copy-id
  • scp
  • git

 

Links

• Linuxize.com - Using the SSH Config File
• Medium.com - Upgrade Your SSH Key to Ed25519
• Wikipedia - Edwards-curve Digital Signature Algorithm
• YouTube - GPN20 - Leyrer : Besser leben mit SSH