SSH Keygen & Multiplexing
Author: Samuel Williams When: Monday, 22 February 2010April 2009
May 2009
August 2009
September 2009
October 2009
- Building a Concrete Bath
- LED Lighting Comparison
- Thinking about Programming Languages
- How To Be A Consultant
- Lucid Programming Dojo
- Exim4 + ClamAV + SpamAssassin
- Secure login using AJAX
- Ramaze And Rack
- ActiveMerchant
- Concurrency And Immutability
- Floating Point Numbers
- Programming And Debugging
- Useful jQuery Plugins
- Loading Anonymous Ruby Classes
- 尺八 (Shakuhachi)
- Card Trick
- Object Oriented C
- Gemcutter
- Writing Clearly
- Richard Stallman In Christchurch
- Magnatune
- Client Side Graphing
- Zena CMS
November 2009
February 2010
March 2010
April 2010
May 2010
June 2010
July 2010
August 2010
September 2010
December 2010
January 2011
March 2011
May 2011
August 2011
September 2011
To connect from the client to the server without using a password, you need to generate a key on the client. This key is then installed into the server's authorized_keys file, and then the client can connect without standard password authentication.
On the client as the user who will run ssh to the remote host:
# ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx [local-user]@[local-host]
Once you have done this, you need to append it to the authorized_keys file for the user you will be logging in as on the remote server:
# cat ~/.ssh/id_rsa.pub | ssh [remote-user]@[remote-host] "cat >> ~/.ssh/authorized_keys"
N.B. Replace [remote-user] and [remote-host] with appropriate values. You might need to change it to ~/.ssh/authorized_keys2 depending on your sshd config file, which can be found in /etc/ssh/sshd_config on the server. Check for the AuthorizedKeysFile config parameter.
SSH Multiplexing
SSH can allow multiple virtual connections via the same single network connection. This is called SSH multiplexing, and can make it faster to connect to a server after establishing the initial connection.
Add the following into ~/.ssh/config or /etc/ssh/ssh_config:
Host * ControlMaster auto ControlPath ~/.ssh/socket-%r@%h:%p
This will create a socket for each set (user, machine, port) when the first SSH session is opened. Further sessions will see the socket and use it instead of opening a new connection, multiplexing all concurrent connections via the same connection. The same goes for SCP and SFTP.
Nice side-effects of this:
- No functionality is lost at all.
- SSH sessions will open faster, as there is no need to establish a connection.
- You will not need to enter you password everytime (but note that maybe you should be using public-key authentication).
- You can open several sessions to servers which put a limit on the number of simultaneous connections.
- If you are a sysadmin, you can limit the number of SSH connections to exactly one per user.
Further Information
OpenSSH is a fantastic tool and every system administrator should learn how to use it. There are many resources out there, but here are some which I think is great:
Comments
Please note, you can leave a comment that uses (limited) XHTML and Textile syntax.