SSH Mastery: The Ultimate Guide

ssh-mastery.md

🔐 SSH Mastery: The Ultimate Guide

🌟 Basic SSH Commands

Command	Description
ssh user@hostname	🔌 Connect to a remote host
ssh -p 2222 user@hostname	🔢 Connect using a specific port
ssh -i ~/.ssh/id_rsa user@hostname	🔑 Connect using a specific identity file
exit or logout	👋 Terminate the SSH session

🔑 Key Management

Command	Description
ssh-keygen -t rsa -b 4096	🛠️ Generate a new RSA key pair
ssh-keygen -t ed25519	🔬 Generate a new Ed25519 key pair (more secure)
ssh-copy-id user@hostname	📤 Copy your public key to a remote host
ssh-add ~/.ssh/id_rsa	🔐 Add your private key to the SSH agent
ssh-add -l	📋 List keys added to the SSH agent
ssh-add -D	🗑️ Remove all keys from the SSH agent

🔒 SSH Config File

Syntax	Description
Host nickname	🏷️ Start a new host section
HostName example.com	🖥️ Specify the actual hostname
User username	👤 Set the username for this host
Port 2222	🔢 Set a custom port
IdentityFile ~/.ssh/id_rsa	🔑 Specify the identity file to use

📂 File Transfer with SCP

Command	Description
scp file.txt user@hostname:/path/to/destination/	📤 Copy a file to a remote host
scp user@hostname:/path/to/file.txt ./	📥 Copy a file from a remote host
scp -r directory/ user@hostname:/path/to/destination/	📁 Copy a directory to a remote host

🔄 Port Forwarding

Command	Description
ssh -L 8080:localhost:80 user@hostname	🌐 Local port forwarding
ssh -R 8080:localhost:80 user@hostname	🔄 Remote port forwarding
ssh -D 9090 user@hostname	🧦 Dynamic port forwarding (SOCKS proxy)

🔍 SSH Debugging

Command	Description
ssh -v user@hostname	🐞 Verbose mode (for debugging)
ssh -vv user@hostname	🐛 Very verbose mode
ssh -vvv user@hostname	🕵️ Extremely verbose mode

🔒 SSH Security Best Practices

Practice	Description
Use key-based authentication	🔑 Disable password authentication
Keep your private key safe	🔐 Never share your private key
Use strong passphrases	🔠 Protect your keys with strong passphrases
Regularly update SSH	🔄 Keep your SSH client and server up to date
Use SSH config file	⚙️ Manage multiple connections efficiently
Limit SSH access	🚫 Use AllowUsers or AllowGroups in sshd_config
Change default port	🔢 Use a non-standard port to reduce automated attacks
Use fail2ban	🛡️ Automatically block IPs with too many failed attempts

🛠️ Advanced SSH Techniques

Technique	Description
~C	📟 Enter the SSH command line
ssh -t user@hostname 'command'	🖥️ Run a command on a remote host and exit
ssh-keygen -y -f ~/.ssh/id_rsa	🔑 Extract public key from private key
ssh-keygen -R hostname	🗑️ Remove a host from known_hosts file
ssh -J user@jump_host user@target_host	🦘 Use a jump host (SSH proxy)

📜 SSH Config File Example

Host github
    HostName github.com
    User git
    IdentityFile ~/.ssh/github_rsa

Host dev-server
    HostName 192.168.1.100
    User developer
    Port 2222
    IdentityFile ~/.ssh/dev_rsa

Host *
    AddKeysToAgent yes
    UseKeychain yes
    IdentitiesOnly yes

🏆 Pro Tips

1. 🔑 Use different SSH keys for different purposes (e.g., work, personal, GitHub)
2. 🔢 Set up SSH key with a passphrase, then use ssh-agent to avoid typing it repeatedly
3. 🔄 Use ControlMaster in SSH config to reuse connections
4. 📝 Create aliases in your shell for frequent SSH connections
5. 🔍 Use ssh-audit tool to check the security of your SSH server
6. 🔐 Implement two-factor authentication for SSH when possible
7. 📊 Use htop over SSH to monitor remote system resources
8. 📂 Use sshfs to mount remote filesystems over SSH
9. 🔄 Set up automatic key rotation for enhanced security
10. 📚 Familiarize yourself with ~/.ssh/authorized_keys file format and options

Remember, SSH is a powerful tool. Use it responsibly and keep your systems secure! 🛡️🔐