SSH and SCP

From XennisWiki
Jump to: navigation, search

Secure Shell (SSH) is a cryptographic network protocol for secure data communication, remote command-line login, remote command execution, and other secure network services between two networked computers that connects, via a secure channel over an insecure network, a server and a client [...]. (Wikipedia)

SSH

Basic usage

ssh <user>@example.org

Remote command execution: Run the bash script flash in the directory example/bin

ssh <user>@example.org "cd ~/example/bin; bash flash"

X11 forwarding

On the client side active X11 forwarding by adding the line X11Forwarding yes to the /etc/ssh/sshd_config file. When on the server side X11 forwarding is activated as well use for instance (starts Chromium):

ssh -X <user>@example.org chromium-browser

Verbose

Use the verbose parameter ssh -vvv or add to your SSH config LogLevel DEBUG3.

Configuration

The configuration is stored in the ~/.ssh/config file.

Configure a simple entry

Use ssh example instead of ssh -i ~/.ssh/example.key turing@subdomain.example.org -p 8089 by configure the connection

Host example
    HostName subdomain.example.org
    Port 8089
    User turing
    IdentityFile ~/.ssh/example.key

Configure multiple entries

Host *.example.org
    User turing

Host fuu.example.org
    Port 80

Host bar.example.org
    Port 70

Multi hop

Host example
    HostName example.org
    User turing

Host secondHost
    ProxyCommand ssh -q pool example -q0 second-host.org 22
    User einstein

Now ssh secondHost is like execute a ssh turing@example.org and then (on the example.org server) execute ssh einstein@second-host.org.

SSH Key

Create key

Use the command ssh-keygen to create a new key (Note: The string in quotation marks is merely a description for the key and does not necessarily need to be an e-mail address).

ssh-keygen -t rsa -b 4096 [-C "<my-mail>@example.com"]

The created key you find in the directory ~/.ssh.

Copy public key to server

You can use your key to login on a server instead of using your user password. You have to copy you public key (content of the file id_rsa.pub) into the file ~/.ssh/authorized_keys on the server.

You can use ssh-copy-id

ssh-copy-id <user>@example.com

or alternatively

cat ~/.ssh/id_rsa.pub | ssh <user>@example.com "cat >> ~/.ssh/authorized_keys"

Setup a password for an existing key

Enter the following command and then enter your key (e.g. /home/<user>/.ssh/id_rsa)

ssh-keygen -p

Remove entry from known_hosts file

Remove the entry for the host <host> (e.g. an IP or domain) from the ~/.ssh/known_hosts file

ssh-keygen -f "/home/<user>/.ssh/known_hosts" -R <host>

SCP

Secure copy or SCP is a means of securely transferring computer files between a local host and a remote host or between two remote hosts. It is based on the Secure Shell (SSH) protocol. (Wikipedia)

Copy file(s) to remote host

Copy the file file.txt and file2.txt to the host

scp path/to/file.txt file2.txt <user>@example.com:~/new/folder/

Copy file to host and save it with a new name

scp path/to/file.txt <user>@example.com:~/new/folder/new_file_name.txt

Copy file(s) from remote host

Copy multiple files from host

scp <user>@example.com:"~/path/file1.txt ~/path/file2.txt" ./

Copy directory from host

scp -r <user>@example.com:~path/folder ./

Using rsync instead and keep directory structure

rsync -r --relative example-files.* some-dir path/to/a/dir <user>@example.com:~/target/dir/

Integration

Windows

OpenSSH

  • Download OpenSSH
  • For detailed instructions for the following steps see quickstart.txt (located in the installations folder)
    • Start > cmd.exe
cd TO-BIN-FOLDER-IN-THE-INSTALLATION-FOLDER
mkgroup -l >> ..\etc\group
mkpasswd -l -u USERNAME >> ..\etc\passwd

Cygwin

see Cygwin packets

WinSCP

The program WinSCP provides a graphical interface for SCP, so files can be copied via drag and drop.

Eclipse

see Eclipse Integration von FTP und SCP

Error and problems

Permissions are too open

Error message
Permissions 0777 for '.ssh/id_rsa' are too open.
It is recommended that your private key files are NOT accessible by others.
This private key will be ignored.
Solution
chmod 400 ~/.ssh/id_rsa

Bad owner or permissions on ~/.ssh/config

Error message
Bad owner or permissions on ~/.ssh/config
Solution
chmod 400 ~/.ssh/config

See also

External links