Tip of the Trade: OpenSSH Speed Tips and Tricks
February 25, 2008
Although using public key authentication instead of passwords is a great method for increasing the security of SSH transfers, transferring SSH identity keys can be a royal pain. First, you create your key pairs; then, you copy the public key into the correct locations on all the machines you want to log into. The keys must be in a particular format, and you must go into the correct directory with the correct permissions. Fortunately, ssh-copy-id, a slick utility included with OpenSSH, makes it easy.
SSH is a secure remote administration utility with a seemingly endless variety of clever shortcuts and capabilities. For example, you can log in and execute a remote command with a single command, rather than first logging in and then typing the command:
This is a fun example that also demonstrates a little gotcha- ls ~ will list Carla's home directory, not Terry's. If you want to see Terry's home directory you must specify ls /home/terry. You can do this with any one-off command, such as starting a backup script, viewing running processes or printing a document.
ssh-copy-id copies identity keys in the correct format, makes sure file permissions and ownership are correct, and ensures a private key is not accidentally copied.
$ ssh-copy-id -i id_rsa.pub terry@host2
Using key-based authentication instead of passwords means you don't have to give away system passwords. To make it easier to manage multiple remote systems, you can give your keys any arbitrary names you want when you create them, like this:
When you connect, you simply name the correct key:
$ ssh-keygen -t rsa -f id_apacheserver
Finally, don't forget the wonderful sshfs command for mounting an entire remote filesystem. It's much faster and easier than setting up a Samba or NFS server. First, create a local directory for the mountpoint, then fetch your remote filesystem:
$ ssh -i id_apacheserver firstname.lastname@example.org
Now, you can operate on the remote files as if they were local.
$ sshfs hostname:/remotedir localdir/