I'll give here some tips and tricks I used so far.
Force user and port for certain servers
When you try to login into a server, by default ssh uses your username and port 22 by default.But maybe you need to use always another user name or another port.
You could specify this always as parameters for ssh:
ssh -p 22022 [notme@]server-ip
But it is much easier to configure your ssh client to these by default.
Therefore, you just add the following to your ~/.ssh/config file:
host server-ip another-server-name Port 22022 User notme host * User rootYou can put here as many hosts with different parameters as you want, '*' is also supported for creating regular expressions.
Change order of authentication methods
There's a another very useful parameter that you might want to add to your server configurations:host * User root PreferredAuthentications publickey,password
This would only allow to use keys or passwords and prevents to use other methods which might not work in your setup and slow down connection attempts.
Put this whenever you notice that it take several seconds to log into a server.
Copy your own key to server
This used to be the first step I do, whenever I access a certain server several times.So I don't have to give the password each time I access the server.
# Copy my machines public key to the server (will prompt for password): ssh-copy-id [user@]server-ip # Unfortunately, ssh-copy-id only works with SSH port 22, so if you have to specify another # one, you might use this instruction: ssh-add -L | ssh -p22022 [user@]server-ip "umask 077; test -d ~/.ssh || mkdir ~/.ssh ; cat >> ~/.ssh/authorized_keys" # Verify the granted access (now without password prompt): ssh [user@]server-ip # or when copying scp afile.txt server-ip:test/
Fix non-working ssh public keys
Sometimes, the sshd server doesn't accept a previous copied ssh-key (ssh-copy-id). In that case, make sure you have the following configuration in /etc/ssh/sshd_configRSAAuthentication yes PubkeyAuthentication yes AuthorizedKeysFile .ssh/authorized_keys # If it still doesn't work apply the correct permissions to folders and files: # chmod go-w ~ # chmod 700 ~/.ssh # chmod 600 ~/.ssh/authorized_keys # If it still doesn't work, then disable the permissions checking: StrictModes noRestart the ssh daemon again after applying this new configuration.
Debugging and sorting out further problems
The permissions of files and folders is crucial. You can get debugging information from both the client and server. if you think you have set it up correctly, yet still get asked for the password, try starting the server with debugging output to the terminal. /usr/sbin/sshd -dTo connect and send information to the client terminal ssh -v ( or -vv) username@host's
Remove authorized keys
If you have hundreds of keys in your machines ~/.ssh/authorized_keys and you're to lasy to edit that by hand, these one-line shell commands maybe handy.Just use sed to rip out anything which doesn’t match the regex pattern (for example machine names, part of the hash, whatever:
# rip out anything which doesn’t match the regex pattern sed ‘/your host name/ ! D’ -i.old ~/.ssh/authorized_keys # or something more complicated sed ‘/\(host1\|host2\)/ ! D’ -i.old ~/.ssh/authorized_keys # with many patterns it is easier with this command cp ~/.ssh/authorized_keys{,.old} && for p in pat1 pat2 pat2 ; do sed '/$pat1/ ! D' ~/.ssh/authorized_keys ; done
Just the ones specified will be maintained, a backup file will be created.
If you want to do the opposite, remove some specific keys and let the rest untouched:
sed ‘/\(host1\|host2\)/ D’ -i.old ~/.ssh/authorized_keys
No comments:
Post a Comment