SSH - Max Fang's Notes

# SSH ## General ### Lifecycle management Check if `ssh-agent` is running ```bash $ echo $SSH_AGENT_PID 17826 ``` Start/stop `ssh-agent` ```bash # Start $ eval "$(ssh-agent -s)" # Stop $ eval "$(ssh-agent -k)" ``` ### Generating a new SSH key and adding it to the `ssh-agent` Adapted from [GitHub's guide on generating new ssh keys](https://docs.github.com/en/authentication/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent) #### Generate a password-protected [[Ed25519]] SSH key Generate an ed25519 keypair. Substitute the email below with the email you want associated with the keypair. - When you're prompted to "Enter a file in which to save the key," press Enter. This accepts the default file location. ```bash ssh-keygen -t ed25519 -C "[email protected]" ``` At the prompt, type a secure passphrase. Now you should have a new keypair at: - `~/.ssh/id_ed25519` (private key) - `~/.ssh/id_ed25519.pub` (public key) #### Add the SSH key to the `ssh-agent` Start the `ssh-agent` in the background ```shell eval "$(ssh-agent -s)" ``` If you're using macOS Sierra 10.12.2 or later, you will need to modify your `~/.ssh/config` file to automatically load keys into the ssh-agent and store passphrases in your keychain. Open `~/.ssh/config` ```bash vim ~/.ssh/config ``` Add the following lines if they don't already exist. Make sure the `IdentityFile` points to the private key of the newly generated keypair. ```config Host * AddKeysToAgent yes UseKeychain yes IdentityFile ~/.ssh/id_ed25519 ``` Add your SSH private key to the ssh-agent and store your passphrase in the keychain. Modify if your private key is stored with a different name / location ```shell ssh-add -K ~/.ssh/id_ed25519 ``` ### Adding an SSH key to your GitHub account Adapted from [GitHub's article](https://docs.github.com/en/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account) (fantastic) Copy the public key (e.g. `id_ed25519.pub`) to clipboard ```bash pbcopy < ~/.ssh/id_ed25519.pub ``` In the GitHub UI, click or `Profile > Settings > SSH and GPG keys > SSH keys > New SSH key` Paste the key into the `Key` field Add a descriptive name like `2021 MBP 16in generated in 2022` Confirm with `Add SSH key` ### Changing your SSH key passphrase Adapted from [GitHub article](https://docs.github.com/en/authentication/connecting-to-github-with-ssh/working-with-ssh-key-passphrases#adding-or-changing-a-passphrase) on this topic Assuming the SSH private key is located at `~/.ssh/id_ed25519`: ```bash $ ssh-keygen -p -f ~/.ssh/id_ed25519 > Enter old passphrase: [Type old passphrase] > Key has comment '[email protected]' > Enter new passphrase (empty for no passphrase): [Type new passphrase] > Enter same passphrase again: [Repeat the new passphrase] > Your identification has been saved with the new passphrase. ``` ### Configure remote host to accept your [[SSH]] key https://apple.stackexchange.com/questions/210109/how-to-store-ssh-credentials-in-terminal Assuming your ssh key exists on your Mac as `~/.ssh/id_rsa.pub`, you can install it on a remote machine by running: ```bash cat ~/.ssh/id_rsa.pub | ssh [email protected] "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys" ``` ### Set up SSH public keys on a fresh instance from public [[GitHub]] keys e.g. for my SSH keys `maxfangx` ```bash curl -o ~/.ssh/authorized_keys https://github.com/maxfangx.keys ``` ### Better [[SSH]] key: elliptic curves - Also password protect it ### [[Vim]] over [[SSH]] ```bash vim scp://user@myserver[:port]//path/to/file.txt ``` "Notice the two slashes `//` between server and path, which is needed to correctly resolve the absolute path. (The first slash is syntactic, while the second slash specifies the remote user's root directory, as usual. To start at the home directory, you'd do `[:port]/~/path/to/file.txt`.) `[:port]`is optional." https://unix.stackexchange.com/questions/202918/how-do-i-remotely-edit-files-via-ssh ### [Mount a remote folder as a filesystem onto macOS using sshfs](https://unix.stackexchange.com/a/202919) (for remote vim) #### Install [[sshfs]] ![[sshfs#Install on macOS https github com telepresenceio telepresence issues 1654 issuecomment-873538291 using gromgit's FUSE tap https github com gromgit homebrew-fuse]] #### Mount the remote folder ```bash # Mount the remote folder mkdir -p ~/dev/remote sshfs -o idmap=user <username>@<ipaddress>:/remotepath ~/dev/remote ``` ### [[SSH]] into your Mac https://support.apple.com/guide/mac-help/allow-a-remote-computer-to-access-your-mac-mchlp1066/mac - System Preferences > Sharing - Enable Remote Login - This also enables the secure FTP (sftp) service - Now you can ssh from another device on the network 1. On your Mac, choose Apple menu ![](https://help.apple.com/assets/605932B4A1B7A93F492858E8/605932C0A1B7A93F492858FF/en_US/2f77cc85238452e25cb517130188bf99.png) > System Preferences, click Sharing, then select Remote Login. 2. Select the Remote Login checkbox. - Selecting Remote Login also enables the secure FTP (sftp) service. 3. Specify which users can log in: - _All users:_ Any of your computer’s users and anyone on your network can log in. - _Only these users:_ Click the Add button ![](https://help.apple.com/assets/605932B4A1B7A93F492858E8/605932C0A1B7A93F492858FF/en_US/a2ef32e34a5573d192b10d340a4f46b1.png), then choose who can log in remotely. Users & Groups includes all the users of your Mac. Network Users and Network Groups include people on your network. ## Security ![[PGP#Securing your PGP key ## [[SSH]] over [[Tor]] Mac guide: https://medium.com/@tzhenghao/how-to-ssh-over-tor-onion-service-c6d06194147