SSH

Learn how to use SSH client commands for secure remote access, verify connections, and manage SSH agent settings. Essential SSH commands for developers.

SSH Client Commands

SSH Client Basics

The Secure Shell (SSH) protocol is a fundamental tool for secure remote access to servers and other network devices. This guide covers essential SSH client commands and configurations for developers.

SSH Version Check

To check the installed SSH client version, use the following command:

ssh -V

Verify SSH Connection

You can verify your SSH connection, especially for services like Git, with a simple test command:

ssh -T git@github.com

This command attempts to establish a connection to GitHub's Git service and should return a success message if your authentication is set up correctly.


Configuring SSH Agent for Profile

To streamline SSH authentication and avoid repeatedly entering passphrases, you can configure your shell profile to manage the SSH agent. Add the following lines to your .profile (preferred for POSIX compatibility) or .bash_profile:

# SSH Agent Configuration
eval $(ssh-agent -s)
ssh-add ~/.ssh/your_private_key # Replace with your actual private key file
trap $(kill $SSH_AGENT_PID) EXIT

Explanation:

  • eval $(ssh-agent -s): Starts the SSH agent in the background and sets environment variables for the current shell session.
  • ssh-add ~/.ssh/your_private_key: Adds your private SSH key to the agent. You will be prompted for the passphrase if your key is protected.
  • trap $(kill $SSH_AGENT_PID) EXIT: Ensures that the SSH agent is terminated when you log out of your shell session, enhancing security.

.bash_profile is specific to bash, while .profile is a more generic POSIX-compliant shell configuration file. Bash typically looks for .bash_profile first, and if it doesn't exist, it falls back to .profile.

The correct way to spawn ssh-agent for a standard POSIX-compatible shell is eval $(ssh-agent -s). It's also crucial to ensure the agent is properly cleaned up upon logout by including trap 'kill $SSH_AGENT_PID' EXIT after starting the agent.

A more comprehensive approach for managing SSH agent environment variables, especially in environments like Cygwin, is provided below:

SSH_ENV="$HOME/.ssh/environment"

function start_agent {
     echo "Initialising new SSH agent..."
     /usr/bin/ssh-agent | sed 's/^echo/#echo/' > "${SSH_ENV}"
     echo succeeded
     chmod 600 "${SSH_ENV}"
     . "${SSH_ENV}" > /dev/null
     /usr/bin/ssh-add;
}

# Source SSH settings, if applicable

if [ -f "${SSH_ENV}" ]; then
     . "${SSH_ENV}" > /dev/null
     # ps ${SSH_AGENT_PID} doesn't work under cygwin
     ps -ef | grep ${SSH_AGENT_PID} | grep ssh-agent$ > /dev/null || {
         start_agent;
     }
else
     start_agent;
fi

Key SSH Concepts

SSH provides a secure channel over an unsecured network, enabling secure file transfers (SCP, SFTP) and remote command execution. Understanding how to manage your SSH keys and agent is vital for efficient and secure development workflows.

References

  1. Using ssh-agent with ssh - A detailed guide on SSH agent usage.
  2. Start ssh-agent on login - Stack Overflow discussion on automating SSH agent startup.
  3. How can I run ssh-add automatically, without a password prompt? - Unix Stack Exchange for managing SSH keys securely.
  4. MDN Web Docs: SSH - General information on SSH from Mozilla Developer Network.