DEV Community

Things I want to remember about SSH

Aidas Bendoraitis on October 24, 2019

SSH, short for Secure Shell, is a protocol for secure network communications. It is widely used for executing commands on remote servers, and for f...

Read full post

Ben Sinclair • Oct 24 '19

You can also copy your public key to a remote server's authorized_keys file using ssh-copy-id which is available on most systems. I think it didn't used to be installed on MacOS but am pretty sure it's there in the newer versions.

Thomas H Jones II • Oct 24 '19

Suuuuuuuper useful if your in an org that demands keys be rotated frequently (but don't have PKI-enabled SSHDs on the target systems).

Aidas Bendoraitis • Oct 24 '19

Thanks for the note. I didn't know about it.

Aidas Bendoraitis • Oct 24 '19

Just for others to see, the syntax of this tool is as follows:

$ ssh-copy-id -i ~/.ssh/examplecom_id_rsa the_user@example.com

Voggu Manohar Reddy • Oct 25 '19

It's available in MacOS too :)

Jay R. Wren • Oct 31 '19

In addition to ssh-copy-id that is already mentioned is ssh-import-id which copies a key from launchpad.net or github.com.

It is available in ubuntu and maybe elsewhere by default.

It is roughly equivalent to curl -s https://api.github.com/users/$USER/keys | jq -r .[].key >> ~/.ssh/authorized_keys assuming your username is the same on github as it is on the linux system.

Aidas Bendoraitis • Nov 1 '19

Does that mean that Github ir Launchpad gets access to the files on your computer?

Jay R. Wren • Nov 1 '19

No. The ssh-import-id runs on your computer and calls remote API and writes the file on your computer.

Aidas Bendoraitis • Oct 26 '19 • Edited

Here is what would be necessary to enter to the Terminal:

$ ssh-keygen -t ed25519 -b 4096
Generating public/private ed25519 key pair.
Enter file in which to save the key (~/.ssh/id_ed25519): ~/.ssh/examplecom_id_ed25519
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in ~/.ssh/examplecom_id_ed25519.
Your public key has been saved in ~/.ssh/examplecom_id_ed25519.pub.
...
$ ssh-agent /usr/local/bin/bash
$ ssh-add ~/.ssh/examplecom_id_ed25519
$ pbcopy < ~/.ssh/examplecom_id_ed25519.pub

Thomas H Jones II • Oct 24 '19

With respect to rsync:

If you're uploading large data-streams, it's best to override the default cipher to one better-optimized to that use-case (Blowfish used to be a good choice)
If you're needing to transfer a bunch of files in a bunch of directories, you can sometimes (e.g., if you're going over a WAN link that implements session-limits …and annoyingly common configuration problem) get better performance by running rsync in concert with the parallel command

Speaking of performance…

If someone ever complains about network throughput speeds, never use SSH-enabled techniques for bandwidth testing. The encryption-overhead of SSH means that such tests will never really show you your network's actual capabilities (unless your network is so degraded that SSH's encryption is no longer a bottleneck).