Luca's System Engineer Learning Path

Linux - SSH

  • Mar 02, 2023

Secure Shell (SSH) processes commands in a sequential order. It can’t connect to multiple servers to run commands simultaneously.

Most of the time that’s not an issue. Individual commands can be run with ssh -c and, when run in a loop, will cycle through a series of servers sequentially.

However, there are times when an admin needs to run multiple commands simultaneously across multiple servers.

PSSH is a parallel SSH client. It uses SSH but wraps it in a Python script to enable simultaneous connections to multiple servers. It includes features for sending input to all of the SSH processes, facilitating multiple logins, saving output to a file, and timing out connections.

See also: PSSH overview and tutorial

SSH Configuration Files

/etc/ssh/sshd_config                # Main configuration file for the ssh daemon - sshd
/etc/ssh/ssh_host_rsa_key           # Specific encryption private keys with permissions 600
/etc/ssh/ssh_host_rsa_key.pub       # Specific encryption public keys with permissions 644
/etc/ssh/known_hosts                # Checks public keys of known/trusted hosts (does not exist by default)
~/.ssh/known_hosts                  # Checks public key of known/trusted hosts accessed by the user who owns the directory
~/.ssh/authorized_keys              # Stores public keys for logging in as the user that owns the directory

# Secure shell:
ssh

-c                                  # Run individual commands                  
-l [user] [host]                    # Logs in as the specified user to the host
[user]@[host]                       # Logs in as the specified user to the host
-X                                  # Enable SSH X Window System forwarding    
-x                                  # Disable SSH X Window System forwarding   

# Creates a public/private key pair for use with SSH:
ssh-keygen

-b [#]                              # Encryption key size (i.e., 1024, 2048, etc.) 
-t [type]                           # Encryption key type (DSA or RSA - default)

Will prompt for a password:

  • Blank: use the key passwordless
  • Entering a passphrase: 2FA (key + passphrase)

Note: File permissions on keys should be either 644 (older) or 600 (newer).

# Copies your public key to the user and host as indicated:
ssh-copy-id

[user]@[host]                       # Copies the key to the specified user to the host

Next connection will either work (no passphrase setup) or prompt just for passphrase.

Note: Manual method, copy/paste the contents of your public key into the remote user’s authorized_keys file and set the permissions at 600.```console

# Wrapper for SSH that allows you to pass items (keys) into the SSH shell for connectivity:
ssh-agent

[shell]                             # Starts the agent on the indicated shell
Search