SSH / SCP / rsync
Usage of SSH, SCP and rsync
Generate key
From Create ed25519 key
ssh-keygen -t ed25519 -b 4096 -C "user@mail"
ssh-keygen -t ed25519
ssh-keygen -t rsa -b 2048
Add to server
Connect to your remote server and add your public key to ~/.ssh/authorized_keys
.
vim ~/.ssh/authorized_keys
ssh-ed25519 AAAAC3Nza...
And add your id_ed25519.pub
or id_rsa.pub
.
Exit your remote server and try SSH connection.
Usage
INFO
To find your IP address, you can use:
ip a | grep glo | awk '{print $2}' | head -1 | cut -f1 -d/
Here, user
is your username, hostname
is your server hostname or IP address.
ssh <user>@<hostname>
If it works, you can disable password authentication.
Disable password authentication
You can disable password authentication by editing the /etc/ssh/sshd_config
file on your server.
vim /etc/ssh/sshd_config
Change the PasswordAuthentication
option:
PasswordAuthentication yes
PasswordAuthentication no
Restart the SSH service:
systemctl restart sshd
Use different port
By default, SSH uses port 22. You can change it by editing the /etc/ssh/sshd_config
file on your server.
vim /etc/ssh/sshd_config
Change the port number:
Port 22
Port 23
Restart the SSH service:
systemctl restart sshd
Firewall
Don't forget to open the port in your server firewall. If you use UFW, you can use:
ufw allow <port>
And check the status:
ufw status
You can delete old port:
ufw delete allow <old port>
fail2ban
If you use fail2ban, you need to add the new port to the configuration.
vim /etc/fail2ban/jail.local
[sshd]
port = <port>
And restart the service:
systemctl restart fail2ban
To use SSH on a different port, you need to specify the port number when connecting.
ssh -p <port> <user>@<hostname>
Use different private key
By default, SSH uses ~/.ssh/id_ed25519
or ~/.ssh/id_rsa
as private key. You can use different private key by using -i
option.
ssh -i <private key filename> <user>@<hostname>
You can use -o
option to specify IdentitiesOnly
to prevent SSH from trying other authentication methods.
ssh -o "IdentitiesOnly=yes" -i <private key filename> <user>@<hostname>
SSH config
You can create a ~/.ssh/config
file to store your SSH configuration.
vim ~/.ssh/config
Host
is the alias you want to use to connect to your server.HostName
is the IP address or hostname of your server.User
is your username.Port
is the port number.IdentityFile
is the path to your private key.IdentitiesOnly
is set toyes
to prevent SSH from trying other authentication methods.
Host <myserver>
HostName <hostname_or_ip_address>
User <username>
Port <port>
IdentityFile <private key filename path>
IdentitiesOnly yes
Now you can connect to your server using the alias.
ssh <myserver>
SSH config example
Host my-wonderful-server
HostName 123.456.789.0
User unicorn_admin
Port 22
IdentityFile ~/.ssh/id_ed25519
IdentitiesOnly yes
Host my-other-wonderful-server
HostName 123.456.789.1
User panda_admin
Port 23
IdentityFile ~/.ssh/id_rsa
IdentitiesOnly yes
ssh my-wonderful-server
SCP
SCP is a command-line utility that allows you to securely copy files and directories between two locations. This command use same authentication method as SSH.
From server to personal computer
scp username@from_host:file.txt /local/directory/
From personal computer to server
scp file.txt username@to_host:/remote/directory/
Use different SSH port
From server to personal computer
scp -P <port> username@from_host:file.txt /local/directory/
From personal computer to server
scp -P <port> file.txt username@to_host:/remote/directory/
rsync
Good alternative to SCP, rsync is a fast and versatile command-line utility for synchronizing files and directories between two locations over a remote shell, or from/to a remote rsync daemon. It uses an algorithm that minimizes the amount of data copied by only moving the portions of files that have changed.
rsync -Phhr username@server:/home/path/to/dir ./
- -P for progress
- -hh for human human readible
- -r for recursive
Use different SSH port
rsync -Phhr -e 'ssh -p <port>' username@server:/home/path/to/dir ./