- Generate the key with
$ ssh-keygen -t rsa -b 4096 -vand when asked to enter file in which to save the key, typemy-certificateand when asked to enter passphrase, press Enter (empty passphrase) and confirm by Enter. - You will get two files generated, one will be my-certificate and one will be my-certificate.pub, make
my-certificateon your computer read-onlysudo chmod 400 my-certificate - Upload the public certificate to to server:
ssh-copy-id -i my-certificate.pub user@hostname- By default appends user key in ~/.ssh/authorized_keys of the remote machine
- In case of requiring to force password authentication:
-o PreferredAuthentications=password
- OPTIONAL To copy your key to your clipboard:
xclip -selection clipboard < my-certificate.pub
- Launch ssh-agent:
eval $(ssh-agent) - Add identity:
ssh-add my-certificate
ssh [-i my-certificate] [user@]hostname
- You might add the param [-X] for allowing graphical applications
- Hostname can be either a domain name or an ip address
- Without the certificate, you can use the user password(server)
- To use several configurations easily the file
~/.ssh/
ssh-keygen -l [-E md5] -f filename
i.e. ssh-keygen -l -f /etc/ssh/ssh_host_ecdsa_key.pub
- The path /etc/ssh/ssh_host_ecdsa_key.pub contains the key of the user@hostname created when installing the ssh-server
- In old systems like ubuntu 12.04
-E md5could be required (old hash format) - To check already known hosts(servers) use the file ~/.ssh/known_hosts i.e.
ssh-keygen -l -f ~/.ssh/known_hosts - SSH access are stored at
/var/log/auth.log
sshfs USER@ADDRESS:absolute_remote_path absolute_local_path [-o IdentityFile=absolute_path]
- To end cleanly the shared folder:
fusermount -u absolute_local_path