# The Comprehensive SSH Guide
Hey guys, it's Laziem and Fahreza (mostly Laziem). This is guide that we wrote, especially since a lot of it is new to Fahreza and hopefully can be useful to you too.
We've often heard or perhaps even used SSH in our tasks, ie access Konsole via SSH. But you might also want to setup your own SSH, say from your windows bash terminal to WSL or maybe setting up a Hadoop server - this guide is for you.
If you would like to reproduce this tutorial, you can try the setup on a Virtual Box. The Windows version is [here](https://www.extremetech.com/computing/198427-how-to-install-windows-10-in-a-virtual-machine).
Ensure that you have both openssh-client and openssh-server installed.
## Soft Introduction to SSH
~insert simple explaination on SSH~
Now, there's multiple ways of SSHing. Once you have openssh-server and openssh-client on both devices, you can simply SSH to each other by using
```
$ ssh username@ip-address
```
You will then be prompted to enter the username's password. This however isn't secure and hackers can easily break in by supplying common commands. The best way is to use public and private keys.
~insert diagrams about public and private keys~
To generate your keys, use:
```
$ ssh-keygen -t rsa
```
Where -t is the type of encryption, here we choose rsa.
You then will be prompted to choose where you would like to save your keys (default: /home/username/.ssh/id_rsa) and whether you would like to set a passphrase. I'd usually keep the default and leave it without a passphrase.
Two files will be generated, your private key "id_rsa" and your public key "id_rsa.pub". This public key is what you send over to the server so they can authenticate your access. To send it over, use:
```
ssh-copy-id root@ip-address
```
## Linux / Mac / Windows
### Basic
Preferably use bash for windows user.
```
ssh username@IP_ADDR -p PORT
```
- Edit `~/.ssh/config` to simplify it.
- In windows config file is in `c:\Program Files\Git\etc\ssh\ssh_config` if you are using [Git for windows](https://git-scm.com/download/win).
- The default should be in `c:\Users\myname\.ssh\config`
For example this config:
```
Host trainingMachine
HostName ip_addr
IdentityFile ~/path/to/key
IdentitiesOnly yes
User muhdlaziem
Port 22
```
- `IdentityFile` and `IdentitiesOnly` are optional in most cases depending on the machine's config.
- If needed make sure private key and public key are kept in same place.
- Generate keys using this command `ssh-keygen -t rsa -b 2048`. `-b` is depending on machine's config.
---
After editing config file. We can easily ssh using this command:
```
ssh trainingMachine
```
### Install OpenSSH client and server in Windows using Powershell
To Install: [microsoft docs](https://docs.microsoft.com/en-us/windows-server/administration/openssh/openssh_install_firstuse)
### Powershell Host Key Generation <WIP>
So a server admin asked you to pass your sshkey and you have no idea how to do it. Here's the steps you need to do:
Make sure you've installed openSSH. Then you might want to set the openSSH server to be started automatically. In powershell, run:
```
# Set the sshd service to be started automatically
Get-Service -Name sshd | Set-Service -StartupType Automatic
# Now start the sshd service
Start-Service sshd
```
Generate your SSH by
```
ssh-keygen
```
```
ssh-add -l
```
Source [microsoft docs](https://docs.microsoft.com/en-us/windows-server/administration/openssh/openssh_keymanagement)
### Port Forwarding
From local to remote. `ssh host -L local_port:ip_addr/host:remote_port`
```
ssh trainingMachine -L 8080:localhost:8080
```
- This is useful when we need to access / monitor some resources from the remote. Example: Kubernetes Dashboard (10443) or Hadoop Dashboard (8088)
From remote to local. `ssh host -R remote_port:localhost:local_port`
```
ssh trainingMachine -R 8088:localhost:8080
```
- This is useful when we need to give access some of local resources to the remote.
- Take note that not all ports can be used. For hadoop, you can try 8088, 4040.
- For more complex operations such as connecting to a Jupyterlab instance created in a Konsole environment, you might want to consider using VSCode. It can automatically connect the remote env to your local browser.
## Working remotely using VS code
1. Download **Remote-SSH** extension
2. Open Remote Explorer
3. Add New SSH Targets
4. Enter your command:
5. Select your config file
6. New SSH Target will appear here. Click the folder icon. A prompt will likely to appear to enter a password
7. This means your ssh is working. You can now open folder as you like.
8. You can port forwarding easily in vscode. Click the antenna icon
9. Click `Forward a Port button` and Enter your port.
---
## Passwordless SSH (Linux & MacOS)
This is where we use keys instead of password.
1. First, we need to generate our keys. Run `ssh-keygen -t rsa -b 2048`. Here, you will need to enter keys path (by default it will be stored in `~/.ssh/id_rsa`) and passphrase.
2. Assume, we use `trainingMachine` as our remote host. Run `ssh trainingMachine mkdir -p .ssh`.
3. Run `cat ~/.ssh/id_rsa.pub | ssh trainingMachine 'cat >> .ssh/authorized_keys'`.
4. We probably need to ensure permission is correct by running `ssh trainingMachine "chmod 700 .ssh; chmod 640 .ssh/authorized_keys"`.
5. Finally, we can SSH without entering password: `ssh trainingMachine`.
6. If we import keys from somewhere else, we might need to run `ssh-add -K ~/.ssh/keyname` to add our key to local Keychain. For some reasons in different OS like macOS. They did not add our Keys by default in Keychain. By running the same command, mostly, it will solve the problem.
- In MacOS, I added config below in `~/.ssh/config` after adding keys to Keychain to make sure the keys will persist.
```
Host *
UseKeychain yes
AddKeysToAgent yes
IdentityFile ~/.ssh/machine1
IdentityFile ~/.ssh/machine2
IdentityFile ~/.ssh/machine3
```
Source: [Click this link](https://www.tecmint.com/ssh-passwordless-login-using-ssh-keygen-in-5-easy-steps/)
Google Drive
Gist
Clipboard
Sign in with Wallet
