mohamad24xx/ob-vaults
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity
ob-vaults/Phoenix/Programing/Linux commands/ssh.md
mohamad24xx f3a0bdd5fb add gitea config and ssh note
2022-08-05 18:31:06 +04:30

48 lines
2.3 KiB
Markdown
Raw Blame History

# ssh
### Locating ssh keys
```bash
ls ~/.ssh/id*
```
### Generating ssh key pair with rsa
The algorithm is selected using the `-t` option and key size using the `-b` option
```bash
ssh-keygen -t rsa -b 4096
```
##### other algorithms are
- `rsa` - an old algorithm based on the difficulty of factoring large numbers. A key size of at least 2048 bits is recommended for RSA; 4096 bits is better. RSA is getting old and significant advances are being made in factoring. Choosing a different algorithm may be advisable. It is quite possible the RSA algorithm will become practically breakable in the foreseeable future. All SSH clients support this algorithm.
- `dsa` - an old US government Digital Signature Algorithm. It is based on the difficulty of computing discrete logarithms. A key size of 1024 would normally be used with it. DSA in its original form is no longer recommended.
- `ecdsa` - a new Digital Signature Algorithm standarized by the US government, using elliptic curves. This is probably a good algorithm for current applications. Only three key sizes are supported: 256, 384, and 521 (sic!) bits. We would recommend always using it with 521 bits, since the keys are still small and probably more secure than the smaller keys (even though they should be safe as well). Most SSH clients now support this algorithm.
- `ed25519` - this is a new algorithm added in OpenSSH. Support for it in clients is not yet universal. Thus its use in general purpose applications may not yet be advisable.
### Add ssh public key to server
```bash
ssh-copy-id user@remote-host
```
##### add specific key to remote
``` bash
ssh-copy-id -i ~/.ssh/tatu-key-ecdsa user@remote-host
```
### Looking up correct ssh folder file permissions
```bash
stat -c "%a %n" ~/.ssh
stat -c "%a %n" ~/.ssh/*
```
### Fixing the file permissions for .ssh folder
```bash
sudo chown -R $USER:$USER ~/.ssh
sudo chmod 700 ~/.ssh
sudo chmod 600 ~/.ssh/authorized_keys
sudo chmod 400 ~/.ssh/id_rsa
sudo chmod 644 ~/.ssh/id_rsa.pub
sudo chmod 600 ~/.ssh/known_hosts
```
### Prevent `broken pipe` error
make config file in ~/.shh or and add this
```config
Host *
ServerAliveInterval 120
```
or you can set either `ServerAliveInterval` in /etc/ssh/ssh_config of the client machine
or `ClientAliveInterval` in /etc/ssh/ssh_config of the server machine
Reference in a new issue View git blame Copy permalink