Following are some tips to help remind myself how to perform SSH tasks that I do less frequently.
Passwordless SSH login §
Passwordless SSH login is when you run
ssh user@server, and are automatically logged in without being prompted for a password.
There are essentially just two steps for setting up passwordless SSH login:
- Generate a key.
- Install the key on the relevant server(s).
Generate the key §
When prompted for a passphrase, just press enter.
If you do enter a passphrase, you will be prompted for that passphrase when you try to log in to a server with your key.
Install the key (automatically) §
This will install your key to the specified
server. You will be prompted for a password (but hopefully this will be the last time!).
Install the key (manually) §
On some systems, the
ssh-copy-id script may not exist. For example, on Windows 10. Fortunately, the script itself is fairly simple, so you can manually perform it by doing the following:
# Use scp to copy your public key to the target server scp ~/.ssh/id_rsa.pub user@server:my_id_rsa.pub # Log in to the target server ssh user@server # Append your public key to the authorized keys cat my_id_rsa.pub >> ~/.ssh/authorized_keys
Install the key (manually, via Cygwin) §
Same as above, but if using Cygwin it may be necessary to use quotes to handle the Windows path, e.g.:
scp "C:\Users\sam/.ssh/id_rsa" user@server:my_id_rsa.pub
Install the key (manually, on a different port) §
Same as above, but if not using port 22, you can specify the port using the
scp -P 12345 ~/.ssh/id_rsa.pub user@server:my_id_rsa.pub
Note that the position of
-P is important. It must come before the file argument else a
No such file or directory error will occur as the port is misinterpreted as an additional file:
scp ~/.ssh/id_rsa.pub user@server:my_id_rsa.pub -P 12345 12345: No such file or directory
Similarly, don’t let your ssh muscle memory trick you! Using
-p (rather than
-P) actually means “preserve modification times, access times, and modes”. As such, the command is valid, but won’t do what you want:
scp -p 12345 ~/.ssh/id_rsa.pub user@server:my_id_rsa.pub ssh: connect to host server port 22: Connection refused lost connection
SSH tunneling §
Can SSH tunnel through a gateway:
ssh -L local_port:target_ip:target_port user@gateway_ip
Can do SSH tunnels to multiple ports/hosts in one go:
ssh -L local_port_a:target_ip_a:target_port_a -L local_port_b:target_ip_b:target_port_b user@gateway_ip