SSH key handling

If you have to work with servers, especially with Linux ones, sooner or later you'll have a confrontation with SSH.

I'll give here some tips and tricks I used so far.

Force user and port for certain servers

When you try to login into a server, by default ssh uses your username and port 22 by default.
But maybe you need to use always another user name or another port.
You could specify this always as parameters for ssh:
ssh -p 22022 [notme@]server-ip

But it is much easier to configure your ssh client to these by default.
Therefore, you just add the following to your ~/.ssh/config file:
host server-ip another-server-name
Port 22022
User notme

host *
User root
You can put here as many hosts with different parameters as you want, '*' is also supported for creating regular expressions.

Change order of authentication methods

There's a another very useful parameter that you might want to add to your server configurations:
host *
User root
PreferredAuthentications publickey,password

This would only allow to use keys or passwords and prevents to use other methods which might not work in your setup and slow down connection attempts.
Put this whenever you notice that it take several seconds to log into a server.

Copy your own key to server

This used to be the first step I do, whenever I access a certain server several times.
So I don't have to give the password each time I access the server.
# Copy my machines public key to the server (will prompt for password):
ssh-copy-id [user@]server-ip

# Unfortunately, ssh-copy-id only works with SSH port 22, so if you have to specify another
# one, you might use this instruction:
ssh-add -L | ssh -p22022 [user@]server-ip "umask 077; test -d ~/.ssh || mkdir ~/.ssh ; cat >> ~/.ssh/authorized_keys"

# Verify the granted access (now without password prompt):
ssh [user@]server-ip
# or when copying
scp afile.txt server-ip:test/ 

Fix non-working ssh public keys

Sometimes, the sshd server doesn't accept a previous copied ssh-key (ssh-copy-id). In that case, make sure you have the following configuration in /etc/ssh/sshd_config
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys

# If it still doesn't work apply the correct permissions to folders and files:
# chmod go-w ~
# chmod 700 ~/.ssh
# chmod 600 ~/.ssh/authorized_keys

# If it still doesn't work, then disable the permissions checking:
StrictModes no
Restart the ssh daemon again after applying this new configuration.

Debugging and sorting out further problems

The permissions of files and folders is crucial. You can get debugging information from both the client and server. if you think you have set it up correctly, yet still get asked for the password, try starting the server with debugging output to the terminal. /usr/sbin/sshd -d
To connect and send information to the client terminal ssh -v ( or -vv) username@host's

Remove authorized keys

If you have hundreds of keys in your machines ~/.ssh/authorized_keys and you're to lasy to edit that by hand, these one-line shell commands maybe handy.
Just use sed to rip out anything which doesn’t match the regex pattern (for example machine names, part of the hash, whatever:
# rip out anything which doesn’t match the regex pattern
sed ‘/your host name/ ! D’ -i.old ~/.ssh/authorized_keys

# or something more complicated
sed ‘/\(host1\|host2\)/ ! D’ -i.old ~/.ssh/authorized_keys

# with many patterns it is easier with this command
cp ~/.ssh/authorized_keys{,.old} && for p in pat1 pat2 pat2 ; do sed '/$pat1/ ! D' ~/.ssh/authorized_keys ; done

Just the ones specified will be maintained, a backup file will be created.
If you want to do the opposite, remove some specific keys and let the rest untouched:
sed ‘/\(host1\|host2\)/ D’ -i.old ~/.ssh/authorized_keys