Linux - Optimize your SSH login workflow
Posted on October 6, 2016 by Paul
This is a short article, triggered by an email question, on how to optimize your SSH login on Linux, specifically on a Raspberry Pi machine.
Many people use Linux as a headless server (no display and keyboard attached). However, from time to you need to connect to the server and do some changes or update the system. Typically, you will use SSH for this. If your local machine runs macOS or Linux this is done by writing in a Terminal:
1 ssh user_name@your_remote_ip_addressIf you are on Windows, you can get a complete SSH client and the Bash shell by installing Git.
Writing ssh user_name@your_remote_ip_address and your password doesn’t seem like a big deal when you have a single remote server. However, once you have more than one server this becomes a tedious process.
A recommended practice is to create a SSH key pair, basically two text files, one public and one private. The private key stays on your local computer, while the public key needs to be copied on the remote machine. The advantage is that you could use the same public key on more than one remote machine.
Let’s start by generating a pair of SSH keys:
1 ssh-keygenYou can keep the default, by pressing Enter, when asked for the file name. For convenience, and if you are the only user of your local computer, you can leave the pass phrase empty. If you chose to use a pass phrase, you will need to enter this every time you will use the key to log in on a remote machine.
The above command will generate two files named id_rsa and id_rsa.pub in your .ssh folder. You can verify if the two files where created with:
1 cd ~/.ssh
2 lsNow, if your local machine has the ssh-copy-id utility installed, you can copy the public key to the remote machine with:
1 ssh-copy-id user_name@your_remote_ip_addressThe above will copy the content of id_rsa.pub to the remote machine in the .ssh/authorized_keys on the remote machine.
If you are using a Mac, ssh-copy-id is not usually installed, so you will need to manually copy the content from id_rsa.pub to .ssh/authorized_keys on the remote machine. You could use something like this:
1 cd ~/.ssh
2 cat id_rsa.pub | pbcopyNow, the content pf id_rsa.pub is in your clipboard. Log in on the remote machine:
1 ssh user_name@your_remote_ip_address
2 cd .ssh
3 nano authorized_keysJust paste the content of your clipboard on a new line, CMD + V, and save the file by pressing CTRL+X and when asked if you want to save the file write Y.
At this point, you should be able to log in directly with:
1 ssh user_name@your_remote_ip_addresswithout the password associated with user_name on the remote machine. If you’ve used a pass phrase when you’ve created the SSH keys you will be asked for this pass phrase.
If you have a second remote machine, just copy the id_rsa.pub using ssh-copy-id or the manual procedure.
Another small improvement to the login procedure is to create an alias that will allow you, for example, to simply write:
1 ssh myserverNo need to write every time your user name and the IP address. On your local machine open or create the ~/.ssh/config file. You can add an alias with an entry like this one:
1 Host myserver
2 HostName YOUR_IP_ADDRESS
3 User YOUR_USER_NAMEWARNING: As an added security measure you can disable the password SSH login to your server. With this, the only way in which someone can log in to your server is by using your SSH key. If you lose your SSH key you won’t be able to log in anymore on your remote server! Also, don’t store your SSH keys on Github!!!
If you want to learn more about SSH, I would recommend reading SSH, The Secure Shell The Definitive Guide by D. J. Barrett:
If you want to learn more modern Linux, you could read How Linux Works What Every Superuser Should Know by B. Ward:
