basic ssh
Posted on August 23, 2011 by nadir

1) Connect

ssh server-name
ssh user@servername

At the first time it will say:
user@client:~$ ssh server
The authenticity of host ‘server (192.168.1.5)’ can’t be established.
RSA key fingerprint is b5:0e:ec:b7:16:06:e6:24:a6:39:18:58:4e:ec:3b:d1.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ‘server’ (RSA) to the list of known hosts.
Password:

To check the fingerprint:
ssh-keygen -f /etc/ssh/ssh_host_rsa_key.pub -l

It will be stored in
~/.ssh/known_hosts
If the key has changed (new installation…), delete it with:
ssh-keygen -R server-name
or:
ssh-keygen -R IP

2) ~/.ssh/config

for example:

host choosen-name
hostname 192.168.1.42
user username
port 2222
#ServerAliveInternal 30
ServerAliveCountMax 100
IdentityFile ~/.ssh/server_rsa

And there is no need to enter port, username or identiy file from the cli:
ssh choosen-name
with server-name being arbitrary.

It will also work for sshfs, rsync and similar programs (gftp):
sshfs choosen-name ~/TempMount

3) /etc/ssh/sshd_config

set a non standard port:
Port 2222

disable root login
PermitRootLogin no

after enabling key-authentication (step 4), disable password-authentication
PasswordAuthentication no

/etc/init.d/ssh restart
to activate the new config

4) public-key authentication

create a public key:
ssh-keygen -t rsa
best might be to give it a uniqe name, else defaults are fine.

Result is a public and a private key:
~/.ssh/to-choosen-server_rsa.pub
~/.ssh/to-choosen-sever_rsa
And the public key needs to be stored at the server:
~/.ssh/authorized_keys
For example with:
ssh-copy-id -i ~/.ssh/to-choosen-server_rsa.pub user@choosen-server

Now disable PasswordAuthentication

5) ssh commands for non standard values without a ~/.ssh/config file

ssh -p 2222 -i ~/.ssh/to-choosen-server_rsa user@choosen-server

rsync -e ‘ssh -p 2222 -i ~/.ssh/to-choosen-server_rsa’ filename user@choosen-server

sshfs user@10.232.139.234:/mnt/files /remote_files \

-o IdentityFile=/.ssh/to-choosen-server_rsa \
-o port=2222 \
-o ServerAliveInterval=60 -o allow_other

I am not that sure bout the sshfs version.

6) sftp

sftp server-name or IP
to upload files:
put filename
to download files:
get filename