Once you have set up your ssh keys on the remote host (the server), and also on the local client (your PC), you can connect without (necessarily) having to input a password. To make this secure, the 2 connecting machines need to establish that you’re an OK person on both sides by exchanging keys which are setup in advance (by you and/or your sysadmin).
- You need to ensure you’re at the right server
- via ~/.ssh/known_hosts
- The server needs to establish that you’re allowed in
- via ~/.ssh/authorised_keys
SSH doesn’t like it if your home or ~/.ssh directories have group write permissions. If this is the case, you might get chucked out even though everything looks like it is OK.
- IP address: 192.168.1.111
- username: USER001
- sshd running on (non-standard) port 11122
- RSA 2048 keys (You should have this info (from the server/sysadmin) to verify/ensure that you’re connecting to the right place. If they don’t match – something is WRONG!)
At the intended server console, logged in as
root or a
sudo privileged user….
Now… at YOUR workstation…[You should have your system set up for PKIs already (ie. you SHOULD have ~/.ssh/id_rsa.pub on YOUR system) or this entire process will fail].
The shell prompt should look something like this
which means (roughly)
:current subdir (/home/USER001 in this case – verify by typing “pwd”)
$privilege ($ is normal, # indicates root – it is UNWISE (to say the very least) to login as root directly)
Secure FileSystem mount:
IF you’re on a LAN, and/or speed is not a major issue, you can also mount the remote filesystem (“locally”) via SSH to make file copying/viewing/editing easier (using sshfs). Obviously you need to have appropriate permissions to see/edit the files.