ssh

 

Setting Up Server

E.g. linuxize.com/post/how-to-enable-ssh-on-ubuntu-18-04/

1) Installation

$ sudo apt update

$ sudo apt install openssh-server

This enables server and remote users can immediately login using the users already configured on server.

2) Check it’s running

sudo systemctl status ssh

3) Ubuntu comes with a firewall configuration tool called UFW. If the firewall is enabled on your system, make sure to open the SSH port:

sudo ufw allow ssh

More

To stop:

sudo systemctl stop ssh

To start:

sudo systemctl start ssh

To disable the SSH service to start during system boot run:

sudo systemctl disable ssh

To enable it again type:

sudo systemctl enable ssh

Logging In

ssh user@host

enter password

Using Key Pairs

Create Key Pair

ssh-keygen -t rsa

 

Add PUBLIC to Remote Host  (Server)

First, copy (‘install’) PUBLIC key on the remote host

localhost$ ssh-copy-id -i id_rsa.pub <user@host>

EXAMPLE:

bobby$ ssh-copy-id -i id_rsa.pub bobby@172.16.126.134
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
bobby@172.16.126.134's password:

<entering password for user @ host>

Number of key(s) added: 1

Now try logging into the machine, with: "ssh 'user@host'"
and check to make sure that only the key(s) you wanted were added.

$ ssh user@host

 

Using PRIVATE to Connect

ssh -i id_rsa user@host

EXAMPLE

bobby$ ssh -i id_rsa bobby@172.16.126.134
Enter passphrase for key 'id_rsa': 
Welcome to ...
bobby@ubuntu:~$ 

NOTE: Now, it’s NOT the password for the USER (at the host) but the password for the RSA key.

 

Add PRIVATE Key to Local Agent

To avoid having to enter password.

bobby$ ssh-add -l
The agent has no identities.

bobby$ ssh-add id_rsa 
Enter passphrase for id_rsa: 
Identity added: id_rsa (id_rsa)

bobby$ ssh-add -l
2048 SHA256:6baeckDpXBUdnkmbMWqEu5dSVtLMN36/RRYxaxe2a+d id_rsa (RSA)

bobby@172.16.126.134
Welcome to Ubuntu ...
bobby@ubuntu:~

(Now no requesting of password.)

 

Verify Pair Belongs To Each Other

google.com/search?q=verify+ssh+key+pair

techdocs.broadcom.com/…..

bobby$ diff <(ssh-keygen -y -e -f id_rsa.pub) <(ssh-keygen -y -e -f ../bobby-id_rsa )

(empty output, no differences indicated by diff command means pair belongs to each other)

 

NOTE- the below actually ONLY uses the .pub file (…. or….?)

Using -l option:
“-l Show fingerprint of specified public key file. For RSA and DSA keys ssh-keygen tries to find the matching public key file and
prints its fingerprint. If combined with -v, a visual ASCII art representation of the key is supplied with the fingerprint.”

bobby$ ssh-keygen -l  -f id_rsa 

2048 SHA256:1bzgykDpXBUdnkmbMWqEu5dSVtLMN36/RReZhcD1z+s bobby@Bobbis-MacBook-Pro.local (RSA)

bobby$ ssh-keygen -l  -f id_rsa.pub 

2048 SHA256:1bzgykDpXBUdnkmbMWqEu5dSVtLMN36/RReZhcD1z+s bobby@Bobbis-MacBook-Pro.local (RSA)