master ssh keys

Use ssh to run scripts on remote servers without entering a password.

Create your ssh key


ssh-keygen -b 4096 -t rsa -f ~/.ssh/keyname.rsa


will produce a keypair. The .rsa file will be the private and the .rsa.pub is the one that goes into authorized_keys on the remote server. If you don’t enter a password the key can be used with no user interaction. Do this when you need script operations on a remote server.

Load a key


ssh-add keyname


Upload your ssh key to a server


ssh-copy-id -i keyname.rsa.pub username@remotehost


Carry your key with your ssh session

if you need to carry your key somewhere, for instance if you will be chaining through to a host WITHIN the network of your remotehost and there is no direct ssh port forwarded to that host.


ssh -v username@remote -A


using -v (verbose) can help diagnose connectivity issues

Display the ssh keys you have loaded


ssh-add -l


if you forgot to carry a key or you need to add a local key you will get the error:


ssh-add -l
Could not open a connection to your authentication agent.


in this case use


ssh-agent bash
ssh-add keyname


Using alternative ports

Sometimes your remote host is running ssh on another port since 22 on that IP is already used. To reduce brute force attacks on the standard ssh port you can also use alternative ports by setting up the listening port in sshd_config on the server.

Use the -p flag to specify:


ssh -p 41843 user@remotehost


You can use an -i flag to specify a key to use (always needed in bash scripting for using ssh password-less)


ssh -p 41843 -i ~/.ssh/keyfile.rsa user@remotehost


If you manage many servers you may want to use ~/.ssh/config to alias the connections.


vim ~/.ssh/config
Host remotehost
IdentityFile ~/.ssh/keyname.rsa
Port 41843
ServerAliveInterval 240


In the case above you can simply use ssh user@remotehost to get in using keyfile.rsa on port 41843