ssh keys - for newbies

Add SSH Key

SSH (Secure Shell) can be set up with public/private key pairs so that you don't have to type the password each time. Because SSH is the transport for other services such as SCP (secure copy), SFTP (secure file transfer), and other services (CVS, etc), this can be very convenient and save you a lot of typing. SSH Version 2Setting up SSH public/private keys

On the local machine, type the BOLD part. The non-bold part is what you might see as output or prompt.

Step 1:

   % ssh-keygen -t dsa
   Generating public/private dsa key pair.
   Enter file in which to save the key (~/.ssh/id_dsa): (just type return)
   Enter passphrase (empty for no passphrase): (just type return)
   Enter same passphrase again: (just type return)
   Your identification has been saved in ~/.ssh/id_dsa
   Your public key has been saved in ~/.ssh/id_dsa.pub
   The key fingerprint is:
   Some really long string
   %

Step 2:

   Then, paste the content of the local ~/.ssh/id_dsa.pub file into the file ~/.ssh/authorized_keys on the remote host.
   RSA instead of DSA
       If you want something strong, you could try
       % ssh-keygen -t rsa -b 4096
       Instead of the names id_dsa and id_dsa.pub, it will be id_rsa and id_rsa.pub, etc.
       The rest of the steps are identical. 
That's it!

FAQ:

   Q: I follow the exact steps, but ssh still ask me for my password!
   A: Check your remote .ssh directory. It should have only your own read/write/access permission (octal 700)
   % chmod 700 ~/.ssh 
   Q: cygwin: chmod 600 does not work as expected?
   A: chgrp -R Users ~/.ssh

SSH Version 1

   Step 1:
   % cd ~/.ssh
   % ssh-keygen -t rsa1
   Generating public/private rsa1 key pair.
   Enter file in which to save the key (~/.ssh/identity): (just type return)
   Enter passphrase (empty for no passphrase): (just type return)
   Enter same passphrase again: (just type return)
   Your identification has been saved in ~/.ssh/identity
   Your public key has been saved in ~/.ssh/identity.pub
   The key fingerprint is:
   Some really long string
   %
   Step 2:
   Then, paste content of the local ~/.ssh/identity.pub file into the file ~/.ssh/authorized_keys on the remote host. 

I'm using Cygwin in the Win8CP, and I had the same issue; it's definitely a cygwin bug, but there's a workaround.
Try running:
   chgrp -R Users ~/.ssh
The longer explanation is for some reason, cygwin's /etc/passwd / /etc/group generation are putting the user's default/main group as None. You cannot change the permission of None, so the chmod for group has no effect. I didn't try repairing the passwd / group files myself, but I did a chgrp -R Users ~/.ssh (or the group "HomeUsers" On Windows8 pre-release). After that, you can do the chmod 0600 and it'll work as expected. The chgrp to the Users group can be done in whichever other similar cases you find; it even works as expected since cygwin puts users in the Users group as a secondary group (instead of primary, which would be the correct behavior).

Adding hosts

One Host

cd into .ssh directory and execute a bash file with these contents
#!/bin/bash
SERVER=$*
echo $SERVER
cat id_dsa.pub | ssh root@$SERVER "cat - >>authorized_keys2"

All Hosts from /etc/hosts

cd into .ssh directory and execute a bash file with these contents
#!/bin/bash
for i in $(sed 's/;.*//;' /etc/hosts | awk ' /^[[:digit:]]/ {$1 = "";print tolower($0)}')
do
:
cat id_dsa.pub | ssh root@$i "cat - >>authorized_keys2"
done

Single Server command line

   cat /root/.ssh/id_dsa.pub | ssh root@(server) 'cat - >>~/.ssh/authorized_keys2'

EXAMPLE __ CHUCK:

   cat /.ssh/id_dsa.pub | ssh root@db4 'cat - >>~/.ssh/authorized_keys2'

general hosts file

 127.0.0.1 localhost
 127.0.1.1 (YOUR PC NAME HERE)
 
#Office
192.168.0.104 admin
10.0.0.202    bendev
10.0.0.58     support
10.0.0.52     office
10.0.0.168    zenddev
10.0.0.227    dev_db1
10.0.0.228    dev_db2
10.0.0.221    dev_db3
10.128.1.28   gltail
 
#Minnetonka
192.168.0.108 web1
192.168.0.109 web2
192.168.0.110 bb3
192.168.0.100 db1
192.168.0.106 db2
192.168.0.113 db4
192.168.0.102 dbnew
192.168.0.107 ein
192.168.0.103 eout
192.168.0.111 services4
192.168.0.112 data1
 
#Dallas
10.20.0.21   da_db1
10.20.0.22   da_db2
10.20.0.23   da_db3
10.20.0.31   da_web1
10.20.0.39   da_web2
74.249.6.120 chat
 
#Hosting
hosting.resellersolutions.com hosting1
hosting2.resellersolutions.com hosting2
 
 # The following lines are desirable for IPv6 capable hosts
 ::1     localhost ip6-localhost ip6-loopback
 fe00::0 ip6-localnet
 ff00::0 ip6-mcastprefix
 ff02::1 ip6-allnodes
 ff02::2 ip6-allrouters
 ff02::3 ip6-allhosts

[edit]sshfs

First install the module:
   sudo apt-get install sshfs
Load it to kernel
   sudo modprobe fuse
Setting permissions
   sudo adduser maythux fuse
   sudo chown root:fuse /dev/fuse
   sudo chmod +x /dev/fusermount
Now we’ll create a directory to mount the remote folder in.
I chose to create it in my home directory and call it remoteDir.
   mkdir ~/remoteDir
Now I ran the command to mount it(mount on home).
   sshfs maythux@192.168.xx.xx:/home/maythuxServ/Mounted ~/remoteDir
Now it should be mounted
   cd ~/Mounted
   ls -l 
To unmount,

   fusermount -u ~/remoteDir
To add it to your /etc/fstab,

   sshfs#$USER@far:/projects /home/$USER/remoteDir fuse defaults,idmap=user 0 0

[edit]suggested .bashrc file

 # /etc/skel/.bashrc
 #
 # This file is sourced by all *interactive* bash shells on startup,
 # including some apparently interactive shells such as scp and rcp
 # that can't tolerate any output.  So make sure this doesn't display
 # anything or bad things will happen !
 
 
 # Test for an interactive shell.  There is no need to set anything
 # past this point for scp and rcp, and it's important to refrain from
 # outputting anything in those cases.
 if [[ $- != *i* ]] ; then
        # Shell is non-interactive.  Be done now!
        return
 fi
 
 if [ -f ~/.bash_aliases ]; then
     . ~/.bash_aliases
 fi
 
 #enable bash AutoComplete from known hosts
 if [ -f /etc/bash_completion ]; then
  . /etc/bash_completion
 fi
 
 export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig
 
 # Put your fun stuff here.
 alias apt='sudo apt-get install'
 alias remove='sudo apt-get remove'
 alias search='apt-cache search'
 alias rar='sudo'

suggested .bash_aliases file

 function benmount {
        server="`echo $@ | tr '[:upper:]' '[:lower:]'`"
        for i in $server; do
                echo -n "Mounting ${i}... "
                if [ ! -d "/www/servers/${i}" ]; then
                        sudo mkdir /www 2> /dev/null && sudo chmod 777 /www
                        mkdir -p /www/servers/${i}
                fi
                [ -d "/www/servers/${i}" ] \
                && sshfs root@${i}:/ /www/servers/${i} -C \
                        -o reconnect \
                        -o workaround=all \
                        -o follow_symlinks \
                        -o transform_symlinks \
                && echo "DONE" && continue
                echo "UNSUCCESSFUL" && continue
        done
        [ -z "$server" ] && echo -e "\nUsage: benmount <SERVER> <SERVER> ...\n" && return 1 || return 0
 }
 
 function benumount {
        [ -z "$@" ] && list="`ls /www/servers | tr '[:upper:]' '[:lower:]'`" || list="`echo "$@" | tr '[:upper:]' '[:lower:]'`"
        for i in $list; do
                fusermount -u /www/servers/${i} && rmdir /www/servers/${i} && continue
                [ -d "/www/servers/${i}" ] && [ -z "$(ls /www/servers/${i})" ] && rmdir /www/servers/${i}
        done
        return 0
 }
 
 function benssh {
        [ -z "$1" ] && echo -e "\nUsage: benssh <SERVER>\n" && return 1
        server="`echo "$1" | tr '[:upper:]' '[:lower:]'`"
        ssh -C root@$server
 }
 
 function benpub {
        uname="$1"
        pword="$2"
        [ -z "$uname" -o -z "$pword" ] && [ ! -f "$HOME/.benpub" ] \
            && echo -e "\nUsage: benpub <USERNAME> <PASSWORD>\n(first time only/or if changing credentials)\n" \
            && return 1
        [ -n "$uname" -a -n "$pword" ] && echo -e "username=${uname}\npassword=${pword}" > $HOME/.benpub && chmod 600 $HOME/.benpub
        [ -n "$(mount | grep 10\.0\.0\.10/Public)" ] && echo "Public already mounted" && return 1
        [ ! -d "/www" ] && sudo mkdir /www 2> /dev/null && sudo chmod 777 /www
        mkdir -p /www/public && sudo mount -t cifs -o cred=$HOME/.benpub //10.0.0.10/Public /www/public/ && return 0 || rmdir /www/public
 }
 
 function benupub {
        [ -z "$(mount | grep 10\.0\.0\.10/Public)" ] && echo "Public not mounted" && return 1
        sudo umount /www/public/ && rmdir /www/public
 }
 
 complete -F _known_hosts benmount
 complete -F _known_hosts benumount
 complete -F _known_hosts benssh

You will need to reload your bash
 source ~/.bashrc

GIT gitlab ssh key for composer install

Example when to use

example when running...
   composer install --dev
you get
     - Installing ben/support (v0.1.5)
       Cloning 506036c184d721d5b82a2f3056e3941759e2ded2
   git@git.usi.ben's password:

Generate RSQ key for user

   ssh-keygen -t rsa -C "chuck@www.com"

add to github / gitlab

test new key

   ssh git@git.usi.ben
DONE!

Popular Posts