basic ssh

How to create a ssh network

basic ssh
Posted on August 23, 2011 by nadir

1) Connect

ssh server-name
ssh user@servername

At the first time it will say:
user@client:~$ ssh server
The authenticity of host ‘server (’ can’t be established.
RSA key fingerprint is b5:0e:ec:b7:16:06:e6:24:a6:39:18:58:4e:ec:3b:d1.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ‘server’ (RSA) to the list of known hosts.

To check the fingerprint:
ssh-keygen -f /etc/ssh/ -l

It will be stored in
If the key has changed (new installation…), delete it with:
ssh-keygen -R server-name
ssh-keygen -R IP

2) ~/.ssh/config

for example:

host choosen-name
user username
port 2222
#ServerAliveInternal 30
ServerAliveCountMax 100
IdentityFile ~/.ssh/server_rsa

And there is no need to enter port, username or identiy file from the cli:
ssh choosen-name
with server-name being arbitrary.

It will also work for sshfs, rsync and similar programs (gftp):
sshfs choosen-name ~/TempMount

3) /etc/ssh/sshd_config

set a non standard port:
Port 2222

disable root login
PermitRootLogin no

after enabling key-authentication (step 4), disable password-authentication
PasswordAuthentication no

/etc/init.d/ssh restart
to activate the new config

4) public-key authentication

create a public key:
ssh-keygen -t rsa
best might be to give it a uniqe name, else defaults are fine.

Result is a public and a private key:
And the public key needs to be stored at the server:
For example with:
ssh-copy-id -i ~/.ssh/ user@choosen-server

Now disable PasswordAuthentication

5) ssh commands for non standard values without a ~/.ssh/config file

ssh -p 2222 -i ~/.ssh/to-choosen-server_rsa user@choosen-server

rsync -e ‘ssh -p 2222 -i ~/.ssh/to-choosen-server_rsa’ filename user@choosen-server

sshfs user@ /remote_files \

-o IdentityFile=/.ssh/to-choosen-server_rsa \
-o port=2222 \
-o ServerAliveInterval=60 -o allow_other

I am not that sure bout the sshfs version.

6) sftp

sftp server-name or IP
to upload files:
put filename
to download files:
get filename


create a keypair

*_rsa is private, keep it very safe
* is public, copy it to the server[s] you want to access with a key-pair

copy the pub-key to the server[s]
ssh-copy-id -i ~/.ssh/* username@server-ip

Edit the file:
as user, if in doubt search for an example file at the WWW
as root
- change the default port 22 to a port of your liking
- disable Root-login
- disable Password-authentication

Copy all files to all clients and server[s]:
rsync ~/.ssh/config user@other-client-ip:/home/user/.ssh
rsync ~/.ssh/*_rsa user@other-client-ip:/home/user/.ssh
as user

as root:
rsync /etc/ssh/sshd_config root@server:/etc/passwd

The moment of truth. ssh to the server, become root and run
/etc/init.d/ssh restart
exit root and logout from ssh, then reconnect via ssh.
It should read ~/.ssh/config,
connect via port non-default and
ask you for a keypassphrase instead for the user password.

If that failed, you can’t login anymore and need to attach a monitor to the server,
to troubleshoot from there.