Skip to main content

SSH Client

SSH Key Based Authentication

SSH Key Setup and Usage

Typing in passwords to login every time is rather annoying. The security tradeoffs are often debated between passwords and SSH keys.

To setup SSH keys, start by generating a SSH keypair of public and private key as a client.

Generate a ED25519 keypair:

ssh-keygen -t ed25519 -o -a 100 -C "email@example.com" -f ~/.ssh/example_network_id_ed25519

Or generate a RSA 4096 bits keypair:

ssh-keygen -t rsa -b 4096 -C "email@example.com" -f ~/.ssh/example_network_id_rsa

Add a passphrase for extra security; it should be cached by an SSH agent.

eval "$(ssh-agent -s)"

(Optional) Add your SSH key to the ssh agent.

ssh-add ~/.ssh/example_network_id_ed25519

The SSH convention for keys is that the private key file has no extensions while the public key file has a .pub extension.

Configuring SSH Keys in Linux

Most SSH client configurations are under /home/<username>/.ssh/ folder, this includes the configuration file (ex. /home/<username>/.ssh/config) and various ssh keypairs generated.

The public key (file ending in .pub) should be added to /home/<username>/.ssh/authorized_keys on the server side with the permission of the username:username.

Configuring SSH Keys in Windows

The location of the SSH configurations and the various keys are under the current user's profile - %USERPROFILE%. For example, this would be c:\users\<username>\.ssh. The login credential for this SSH user is the username above, and the Windows login password.

Autossh

We can setup autossh to auto re-establish the SSH connection from the SSH client to the SSH server upon a connection reset. Given a Host called home-network in the /home/<username>/.ssh/config configuration file that we're targeting, we can run the following command:

autossh -M 0 -f -T -N home-network

  • -M 0: specifies the monitoring port for autossh. In this case, 0 is used, which means autossh will not use a monitoring port. Monitoring ports are used to detect if the SSH tunnel is still alive. Setting it to 0 disables this feature.

  • -f: tells autossh to run in the background as a daemon after establishing the SSH connection. It forks the process into the background.

  • -T: disables pseudo-terminal allocation. Pseudo-terminals are typically allocated for interactive sessions, but since this is just a tunneling operation, it's not needed.

  • -N: tells SSH not to execute any remote commands after establishing the connection. It's often used for port forwarding or tunneling purposes where no commands need to be executed on the remote server.

  • home-network: This is the name of the SSH tunnel or the hostname to connect to. In this case, it is a hostname or an alias for the remote SSH server.

Practical Guides