master ssh keys

Use ssh to run scripts on remote servers without entering a password.

Create your ssh key

ssh-keygen -b 4096 -t rsa -f ~/.ssh/keyname.rsa

will produce a keypair. The .rsa file will be the private and the is the one that goes into authorized_keys on the remote server. If you don’t enter a password the key can be used with no user interaction. Do this when you need script operations on a remote server.

Load a key

ssh-add keyname

Upload your ssh key to a server

ssh-copy-id -i username@remotehost

Carry your key with your ssh session

if you need to carry your key somewhere, for instance if you will be chaining through to a host WITHIN the network of your remotehost and there is no direct ssh port forwarded to that host.

ssh -v username@remote -A

using -v (verbose) can help diagnose connectivity issues

Display the ssh keys you have loaded

ssh-add -l

if you forgot to carry a key or you need to add a local key you will get the error:

ssh-add -l
Could not open a connection to your authentication agent.

in this case use

ssh-agent bash
ssh-add keyname

Using alternative ports

Sometimes your remote host is running ssh on another port since 22 on that IP is already used. To reduce brute force attacks on the standard ssh port you can also use alternative ports by setting up the listening port in sshd_config on the server.

Use the -p flag to specify:

ssh -p 41843 user@remotehost

You can use an -i flag to specify a key to use (always needed in bash scripting for using ssh password-less)

ssh -p 41843 -i ~/.ssh/keyfile.rsa user@remotehost

If you manage many servers you may want to use ~/.ssh/config to alias the connections.

vim ~/.ssh/config
Host remotehost
IdentityFile ~/.ssh/keyname.rsa
Port 41843
ServerAliveInterval 240

In the case above you can simply use ssh user@remotehost to get in using keyfile.rsa on port 41843