Simple usage

In [19]:
grep -i ssh /etc/services

# ftp: 20, 21
# telnet: 23
ssh		22/tcp				# SSH Remote Login Protocol
ssh		22/udp
In [ ]:
apt-get install openssh-client
In [7]:
ls -l /usr/bin/slogin
lrwxrwxrwx 1 root root 3 Aug 11 20:55 /usr/bin/slogin -> ssh
In [ ]:
ssh # same user as we logged in with, user@host$
In [13]:
ssh milad@ ls -l .ssh # issue command without connecting into the remote machine
total 4
-rw-------. 1 milad milad 389 Dec 31 21:54 authorized_keys


In [7]:
nano .ssh/config
Host srv1
    User milad
    Port 22

Verify ssh fingerprint

In [6]:
cat .ssh/known_hosts | head -1
|1|xTYhQn7iqwKon6UeUSothBrzMUU=|r295lLgKaYB5L0XT5FOHiPR1xF8= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBA5DJEiZYdLRS5738n9dBZNnfFAUHovnq3061IsgWFwzRHWcdKIa3D4TzfZKQN/5d4gjBSznzawT1LP9GCEeWEE=
In [ ]:
ssh localhost # will give you the fingerprint of localhost
In [5]:
# Gather ssh public keys
ssh-keyscan -t ecdsa localhost
ssh-keyscan -t ecdsa
# SSH-2.0-OpenSSH_6.6.1 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBA5DJEiZYdLRS5738n9dBZNnfFAUHovnq3061IsgWFwzRHWcdKIa3D4TzfZKQN/5d4gjBSznzawT1LP9GCEeWEE=
In [ ]:
cat /etc/ssh/ # same as ssh-keyscan -t ecdsa localhost
In [4]:
ssh-keyscan -t ecdsa localhost > ssh.ecdsa 2> /dev/null
ssh-keygen -lf ssh.ecdsa
256 SHA256:0MY+8jktivMDvak0C1THTqmDbhWYrQBT//AsR1YQoV4 (ECDSA)
In [ ]:
The authenticity of host ' (' can't be established. ECDSA key fingerprint is SHA256:0MY+8jktivMDvak0C1THTqmDbhWYrQBT//AsR1YQoV4. Are you sure you want to continue connecting (yes/no)?
In [ ]:
ssh -o FingerprintHash=md5
The authenticity of host ' (' can't be established. ECDSA key fingerprint is MD5:84:2f:86:b3:6d:86:0b:f3:cf:fe:95:de:20:e6:8d:6b. Are you sure you want to continue connecting (yes/no)?

Create a pair of key

In [ ]:
ssh-keygen -t rsa -b 4096 -C '' -P '1234'
# RSA> min: 1024 - default: 2048
# DSA> 1024 Exact
Enter file in which to save the key (/home/milad/.ssh/id_rsa): Your identification has been saved in id_rsa.

Copy ID in a safe way

In [ ]:
ssh-copy-id root@srv1
ssh-copy-id root@
ssh-copy-id # same as user we logged in
ssh-copy-id -i new_rsa milad@srv1

Default behaviour without -i, is to check if ‘ssh-add -L’

If there was no key in agent then:
The default_ID_file is the most recent file that matches: ~/.ssh/id*.pub
Just use touch(1) on your preferred key's .pub file to rein‐state it as the most recent.

In [15]:
ssh srv1 cat .ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDIj1ydevrYKJ4Kyr5cnD/fRxbNAcsdF83Xog4OXSEBa0tvRN6qYYaJbGMCGN7p1bJBMDep8JVN5mhNu25WoOlq1HLYgpFNlH/E/4+bdhyzqxt+FO3N77w6zJj30jR0NDIf9Z/aRZBYz/feFsKmswU0qn49YyQcl2KfImmKlDS+Vv/9QsKN2BLXTHMHUxlvLs416Ou7hPwYx6Aw7Zal763eUtV144JXQEKrYnjeZalcbVNQ2FghsDFglfFJfS9HD6TTS1U+iQljSMMQ6h4ea4/7pDadOgA24GZybT6KKomJP/756ifYolM29/3DWizHA4k/KKwqQ/JWXuk4/wDaoSDb new_rsa

SSH Agent & SSH Add

  • is a program to hold private keys
  • ssh-agent is usually started in the beginning of an X-session or a login session
  • all other windows or programs are started as clients to the ssh-agent program.
In [ ]:
exec dbus-launch --sh-syntax --exit-with-session ssh-agent openbox-session
# or login managers like lightdm
In [ ]:
ssh-agent bash
In [ ]:
eval "$(ssh-agent -s)"
In [ ]:
ssh-add ~/.ssh/id_rsa


  • -l List fingerprints of all identities.
  • -L List public key parameters of all identities.
  • -d Delete identity.
  • -D Delete all identities.
  • -x Lock agent.
  • -X Unlock agent.

Disable ssh with password

In [6]:
ssh root@srv1 cat /etc/ssh/sshd_config
# PermitRootLogin without-password | yes | no # To disable tunneled clear text passwords, change to no here! # PasswordAuthentication yes
In [ ]:
systemctl restart sshd.service


In [8]:
scp /etc/hosts srv1:/tmp/hosts
hosts                                         100%  201     0.2KB/s   00:00    
In [9]:
scp root@ /tmp
ze                                            100%   10     0.0KB/s   00:00    


In [ ]:
sftp root@srv1
  • cd
  • ls
  • pwd
  • mkdir

  • get -p remoteFile [localPath]

  • put -p localFile [remotePath]

  • lls

  • lcd
  • lpwd
  • lmkdir


The practical effect of this is that the end user can seamlessly interact with remote  
files being securely served over SSH just as if they were local files on his/her computer.

  • mounting
    • sshfs [user@]host:[dir] mountpoint [options]
  • unmounting
    • fusermount -u mountpoint
In [4]:
sshfs pc101:/home/milad/ mnt/
In [5]:
fusermount -u ~/mnt

Lecture notes


Creative Commons License

Linux Notes by Milad As (Ravexina) is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

ravexina's gitlab

ravexina's github