SSH key pairs and getting it onto the server

cat ~/.ssh/ | ssh someuser@someserver "mkdir -p ~/.ssh && cat >>  ~/.ssh/authorized_keys"

usual assumptions:

  • change `someuser` and `someserver` as appropriate
  • usual public key file and location on the client
  • usual authorisation file location on the server

SSH Server in Ubuntu

To securely administer your Ubuntu Server remotely, you need to install SSH server. SSH provides you with a secure connection to your server and allows you to run commands all as if you were logged in at the terminal itself.

To install SSH server in Ubuntu
$ sudo apt-get install openssh-server

All going well, your install is complete. your RSA and DSA keys have been created and you have a default config file.

Connecting to the server
To connect to the server from other machines use ssh (on *nix computers or putty on windows systems). You log into the machine by typing:

$ ssh or c:\>putty
(this is an example IP address, use whatever IP address is assigned to the server)

Configuring SSH
There is a default config already with the SSH Server, you can chop and change it to suit your needs. For security you may want to disable root logins and X11Forwarding. If you don’t know what they are, then you probably do want to disable them anyway. The configuration file you want to edit is /etc/ssh/sshd_config

Disable remorte root logins
Search for and edit the following line in the /etc/ssh/sshd_config file:

PermitRootLogin yes
and change it to:
PermitRootLogin no

Disable X11 forwarding
Same file as above, search for and change the following line:

X11Forwarding yes
X11Forwarding no

Restart the SSH Server
After you have made these changes, you will need to restart the SSH server. At the command prompt type:
$ sudo /etc/init.d/ssh restart

More on X11 Forwarding
If you want to use X11 Forwarding option so that you can connect your remote machine desktop using Xterm if you want to connect the X11 session you need to use the following command

ssh -X serveripaddress

Copy Files Securely using SCP
Another common need is to be able to copy files between servers you are administering. While you could set up FTP on all of the servers, this is a less-than-ideal and potentially insecure solution. SSH includes within it the capability to copy files using the scp command. This has the added benefit of copying the files over a secure channel along with taking advantage of any key-based authentication you might have already set up.

To copy a file to a remote machine use the following command

scp /path/to/file user@remotehost:/path/to/destination

If you need to copy from the remote host to the local host, reverse the above command

scp user@remotehost:/path/to/file /path/to/destination

if you need to copy an entire directory full of files to a remote location, use the -r argument

scp -r /path/to/directory/ user@remotehost:/path/to/destination/

If you are transferring logfiles or other highly compressible files, you might benefit from the -C argument. This turns on compression, which, while it will increase the CPU usage during the copy, should also increase the speed in which the file transfers.

Use the -l argument to limit how much bandwidth is used. Follow -l with the bandwidth you want to use in kilobits per second. So, to transfer a file and limit it to 256 Kbps use the following command

scp -l 256 /path/to/file user@remotehost:/path/to/destination