About
The ssh cli is the ssh client of openssh
Management
Installation
Identity File / Private Key
Identify file for public key authentication can be set in the config file.
In the config file, by default, you have this configuration
ssh -G host | grep identityfile
# example
# ssh -G [email protected] | grep identityfile
identityfile ~/.ssh/id_rsa
identityfile ~/.ssh/id_dsa
identityfile ~/.ssh/id_ecdsa
identityfile ~/.ssh/id_ecdsa_sk
identityfile ~/.ssh/id_ed25519
identityfile ~/.ssh/id_ed25519_sk
identityfile ~/.ssh/id_xmss
ssh-agent
ssh-agent is a background process where you can store keys (encrypted by a passphrase or not).
how to get the config for a host
ssh -G [user@]<hostname>
ssh_config
You can check which configuration files loaded with G flag (or the verbose flag). Example
ssh -G [email protected]
# or
ssh -v badDestination # badDestination is a unknown hostname and will force ssh to stop early
OpenSSH_8.4p1 Debian-5+deb11u3, OpenSSL 1.1.1n 15 Mar 2022
debug1: Reading configuration data /Users/YOU/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
As you can see with the above output, there are 2 standard loaded configurations
- a User scoped at ~/.ssh/config
touch ~/.ssh/config
chmod 600 ~/.ssh/config
vim ~/.ssh/config
- a System wide at /etc/ssh/ssh_config
# This is the ssh client system-wide configuration file. See
# ssh_config(5) for more information. This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.
# Configuration data is parsed as follows:
# 1. command line options
# 2. user-specific file
# 3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.
# Site-wide defaults for some commonly used options. For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.
Host *
# ForwardAgent no
# ForwardX11 no
# ForwardX11Trusted yes
# RhostsRSAAuthentication no
# RSAAuthentication yes
# PasswordAuthentication yes
# HostbasedAuthentication no
# GSSAPIAuthentication no
# GSSAPIDelegateCredentials no
# GSSAPIKeyExchange no
# GSSAPITrustDNS no
# BatchMode no
# CheckHostIP yes
# AddressFamily any
# ConnectTimeout 0
# StrictHostKeyChecking ask
# IdentityFile ~/.ssh/identity
# IdentityFile ~/.ssh/id_rsa
# IdentityFile ~/.ssh/id_dsa
# IdentityFile ~/.ssh/id_ecdsa
# IdentityFile ~/.ssh/id_ed25519
# Port 22
# Protocol 2
# Cipher 3des
# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
# MACs hmac-md5,hmac-sha1,[email protected],hmac-ripemd160
# EscapeChar ~
# Tunnel no
# TunnelDevice any:any
# PermitLocalCommand no
# VisualHostKey no
# ProxyCommand ssh -q -W %h:%p gateway.example.com
# RekeyLimit 1G 1h
SendEnv LANG LC_*
HashKnownHosts yes
GSSAPIAuthentication yes
GSSAPIDelegateCredentials no
Connect / Login
ssh domain\username@servername -p 3022
Logging with a private key
- Posix Shell
ssh -i ~/.ssh/private_key.pem user@hostname
- Powsershell
ssh -i $env:USERPROFILE\.ssh\private_key user@hostname
where:
- -i is the private key in pem format
- -p is the eventual port
Executing a remote command
ssh user@host "command -arg1 'arg1value' -arg2 'arg2 value'"
Don't forget the quote to bypass the expansion mechanism
Debug
ssh -vvv hostname