Use SSH Like a PRO!

Рет қаралды 3,189

Күн бұрын

SSH is a tool Linux users rely on every day. But setting up public/private keypairs for authentication can be confusing. Especially when you add the option of using passphrases or not.
In this video we learn to create and install keypairs, plus learn our options when it comes to protecting our private key while STILL being able to use it in scripts and tools that can't prompt for passwords.
If you want to learn more about SSH, Linux, and Open Source in general -- you're on the right channel! If you want to find me elsewhere on the Internet, including my webcomic, etc. -- shawnp0wers.com
#linux #SSH #security
For regular info on what I'm doing, sign up for my newsletter!
snar.co/newsletter
All My Online Homes are Here:
shawnp0wers.com
Check out my comic!
/ mybigroundworld

Пікірлер: 37

@disperatorul 2 жыл бұрын

Very enjoyable to watch and learn, thanks! Another idea: how to enable https for home lab lan without having a public domain.

@teamvigod 2 жыл бұрын

Great stuff. Better understand SSH-AGENT now. Never saw the backtick trick. Nice 🙂

@MrMehi-hw3mq 2 жыл бұрын

good to get that notification, awesome tutorial. The weird thing is even though I know all of it, it is really exciting to watch the entire videos :D

@shawnp0wers 2 жыл бұрын

That’s great to hear! It’s funny, I still learn little things I didn’t know when I’m making “entry level” videos. Like I had to actually figure out why/how eval was required, etc. It’s been muscle memory for so long, that the details get fuzzy. :)

@MrMehi-hw3mq 2 жыл бұрын

@@shawnp0wers yeah this is absolutely correct. I recently did a little research about SSH key management and logging in with those, this is why I said "all of it" 😂

@steele_ntwrk 2 жыл бұрын

Great video Shaun! I am setting up NAPALM for netbox and was struggling to understand a article on how to setup the SSH part... but it makes sense now :D

@shawnp0wers 2 жыл бұрын

Oh sweet! I'm glad it helped! (the passphrase/no_passphrase/agent stuff can be mind bending!!!)

@pigra24 2 жыл бұрын

You make learning fun. Thank you!

@shawnp0wers 2 жыл бұрын

Thank you!

@JosephNetworld-wi5by 9 ай бұрын

Thank you so much for this video tutorial

@ihsansaleem6228 2 жыл бұрын

Excellent!

@armantahery8432 Жыл бұрын

it was a great video for beginners like me

@lumavey7828 2 жыл бұрын

Finally found the time to digest this video, thanks Shaun.... Just implemented this on my proxmox server 🙂 moving between servers is now a breeze

@shawnp0wers 2 жыл бұрын

Sweet!!!

@dewbiedew 2 жыл бұрын

I knew you can do the eval to set this up, but it never occurred to me that I can copy and paste the export statements to all my terminals. Now I am not "stuck" with that specific terminal. Thanks for this video!

@shawnp0wers 2 жыл бұрын

Good point! I hadn’t considered that, even after making the video. Nice!

@jonathanbarker8079 2 жыл бұрын

Yeah, that definitely filled in gaps in my knowledge about SSH-Agent. I've been meaning to setup keypairs for my proxmox server.

@shawnp0wers 2 жыл бұрын

Nice! I need to get certs installed on my proxmox servers... Since they're internal, I've been lazy about it...

@jonathanbarker8079 2 жыл бұрын

@@shawnp0wers Haha same! That's been in the back of my mind for several months.

@ahmedw5 2 жыл бұрын

In the recent interview i had for a junior linux sysadmin position one of the tests they gave me was configure ssh rsa login for a user in linux. They allowed me to google so i managed but it took time. I wish i had watched this before.

@shawnp0wers 2 жыл бұрын

Ok... I have to say, them letting you use google was incredible. I know I say it a lot, but that's how sysadmins do things. We can't remember everything all the time. Being able to google in an interview, and showing your ability to figure stuff out? GREAT interviewing process. That company impresses me. Also, sorry you didn't see the video first! Glad you're here now. :)

@ahmedw5 2 жыл бұрын

@@shawnp0wers Yes i was also very impressed with them! After the interview they invited me to lunch at a nice Ramen shop. It was definitely the best interview process i have been to.

@mustafa.2024 2 ай бұрын

Hello Shawn, thank you for this amazing video first, i just had an issue when i try to connect to to the remote(tast2) so when i typed ssh test2 it gave me this error "ssh : could not resolve hostname rocky: name or service not know" but if i use "test@x.x.x.x" it will work fine what i think is that i must edit the host file so i can define ip=machine so i can reference it with user only instead of ip if am correct in this how i can manage to do that? sorry in advance if my English is so bad (it's my second language) كل الحب ❤

@Money2themax 10 ай бұрын

Can you disable the password function for accounts that have a key pair or force the system to only allow a key pair log in for all user accounts?

@shawnp0wers 9 ай бұрын

Yes - you can specify key only for certain accounts, or you can disable password logins altogether. :) Also - this isn’t the official thanks from me, but thank you for becoming a Patron!!! You’re part of the reason I’m not home!

@YasharImanlou 2 жыл бұрын

A few years ago I was hand overing a windows network with an only one Linux server to a new administrator that had no experience with Linux. Poor guy was in shock the whole day when he asked for SSH password and I told him that it doesn't have any & you should use a key to login, cause he though it was a security flaw! 😅

@shawnp0wers 2 жыл бұрын

Oof! In his defense, the learning curve is pretty steep. (Which, honestly is why I am so passionate about teaching it!)

@YasharImanlou 2 жыл бұрын

@@shawnp0wers and you're the best at it! 🙌🏻❤️

@theevil24a Жыл бұрын

Is there any way to protect the ssh port using an internal vpn on the server that only the ssh is local and through the vpn one is the only one that has access to that port

@shawnp0wers Жыл бұрын

This addresses the situation (pin not intended, but lol) - serverfault.com/questions/605446/make-sshd-listen-to-a-specific-interface And while I didn’t read the entire thread, you could probably limit access with the local firewall too, if not with the ssh daemon directly. Hope that helps!

@damianpodgorski6977 Жыл бұрын

Hi Shawn, I am following along with you, does it work with a virtual machine installed on top of my linux mint computer? It errors out when I try to copy the key ERRORL ssh: connect to host (hostname) port 22: Connection refused

@shawnp0wers Жыл бұрын

It should work, assuming the virtual machine networking can connect to wherever you're trying to connect -- but connection refused might mean the computer you're connecting to doesn't have the ssh server installed... "sudo apt install openssh-server" on the computer you're trying to ssh into will make sure the service is running on the remote machine. (you have to do that *on* the remote machine, to be clear) If that doesn't help, give me some more details. :)

@damianpodgorski6977 Жыл бұрын

@@shawnp0wers will do and it makes a lot of sense now ! Thank you for quick response

@rlocone 2 жыл бұрын

Or you can have an encrypted home folder.

@shawnp0wers 2 жыл бұрын

That's true. It means another set of authentication issues to deal with if you're trying to automate things, but indeed it can add a layer of security on to SSH keys. :)