Silky Smooth Hopping: How to SSH with ease
“Silky Smooth Hopping” is a term coined by Paul Irish at the HTML5DevConf held by marakana on November 5th, 2012. It’s a way to login via SSH painlessly and with ease. You’ll need to know what the Terminal is before you begin, and have some knowledge of basic commands (e.g. listing directories, viewing file contents, etcetera). You’ll also need to know how to create a public SSH key with a service such as Github. What we’re gonna do is really not that difficult –and honestly, I’m no Terminal whiz either so I’ll make sure to hold your hand every step of the way.
Workflow and workspace setup can be one of those things easily forgotten and often under–estimated in its value. I’ve never been too crazy when it comes to my workflow, but over time I’ve grown to appreciate its effectiveness.
What is SSH and what does it do?
Secure Shell (a.k.a SSH is a cryptographic network protocol for secure data communication, remote shell services or command execution and other secure network services between two networked computers that connects, via a secure channel over an insecure network, a server and a client (running SSH server and SSH client programs, respectively). The protocol specification distinguishes two major versions that are referred to as SSH–1 and SSH–2.
– wikipedia
SSH also lets you run terminal commands on another computer out on the internet, like your personal server. That means you could set up version control on your remote server and pull in your changes from the working repo and correlating branch with a service like Github.
The Silky Smooth Setup
Usually when we SSH into a remote server we’ll start by typing out ssh followed by a unique username which will be something like “myname@myhostname.com.” It will look like this in the Terminal:
$ ssh myname@myhostname.com
Password:Notice that it’s requesting a password. Ugh! That’s really annoying, but we can clean this step up and create a silky experience for ourselves. First order of business is to set up a config file in the ~/.ssh directory of your local machine, that contains these lines from the example below:
Host $custom_name
HostName $custom_host_name
Port $custom_port_number
User $custom_username
.ssh config fileYou should replace the variables prefixed with a dollar sign with your own values particular to your project. In my case $custom_name is ‘mt’ so my config contents looks like this…
Host mt
HostName myhost.com
Port 22
User myhost.comThis configuration will let me do the following from my shell…
$ ssh mtThis is cool, but we’re still asked for a password once that command is executed. Let’s go ahead and get rid of that annoying password request by copying the contents of id_rsa.pub from your local machine’s .ssh directory using the following command (I should also note that pb commands are Mac OS X specific).
cat ~/.ssh/id_rsa.pub | pbcopyThis will copy the contents of the public ssh key you’ve created with github / repo service to your local machine’s clipboard. Now all you need to do is create a file called authorized_keys and paste the contents into your authorized_keys file on your remote server. If you’re using MediaTemple then you can’t use pb commands like pbpaste as they are OS X specific as previously mentioned, so I suggest using FTP and gaining access that way –unless you’re good with Vim. For me FTP was quick and painless –did I mention extremely quick?
authorized_keys file on your remote serverSo now you’ll have a file called authorized_keys in the .ssh directory of your remote server. This will remove that annoying password request each time you SSH into your remote server. So in my case, I can execute ssh mt and gain immediate access. No password, no entering annoying email usernames, just quick and painless SSH hopping. It’s a small adjustment, but an adjustment that will make you smile from ear to ear and wonder why you lived without it for so long.
To make SSH configuration for Github easy, secure and optimized, I created a tool: github-keygen.
Very neat. From what I can interpret from your README the tool is primarily for Github SSH keys and unrelated to placing SSH keys on a remote server? Thanks for sharing.
If the screenshot shows the remote
~/.sshfolder then it’s unwise to show a private key as being on there too. There could be legitimate reasons for it, but as this is a good beginners guide, it’s best to avoid the ambiguity or people might be tempted to upload the contents of their local.sshto the server.The idea is that you keep your private key on your local machine, and just your public key, pasted into a
~/.ssh/authorized_keysfile on all the remote machines you want silky smooth access too.If you start storing copies of your house keys at local motels, you increase your chance of getting burgled. Same goes with private SSH keys and shared hosting.
Thanks for the tip olizilla! Just to be clear, you’re saying to remove the
id_rsafiles completely and just use theauthorized_keysfile on your remote server?Yes.
More generally: Never, ever, ever, let the id_[rsa|dsa|woteva] file get out into the wild. It is your private key.
The trade off for not needing to remember a password is you now need to keep a file safe from being copied on a interconnected-machiniverse that is really good at making perfect copies of things and transporting them to other people, really fast.
If you cannot be 100% sure that no-one else has ever had access to the private key then you need to go burn the authorized_keys files on all the remote machines it’s been used on (or carefully delete that key from the list in the file if there are more than one). Then delete the now compromised keys, give yourself a good talking to, and start again.
For completeness, the id_[rsa|dsa|woteva].pub file is your public key, and for as long as you keep the private one safe, you can freely smoosh that around the internet if you like, though, as with all matters of security, it’s better to keep the whole thing quiet.
As for these other ruffians, TJ’s suggested command is the most platform agnostic of the bunch, and worth taking the time to understand, but it it’s the most likely fail in a hard to diagnose way if mistyped.
Gijs’ suggestion is good, but, yes, OSX lacks a lot of helpful tools. If you’re interested in learning more text-foo then it’s worth jumping through the hurdles to install homebrew – http://mxcl.github.com/homebrew/
…The App Store of the command line. Once installed, you can use it to add missing tools like so:
brew install ssh-copy-idInstead of copying the public key to the clipboard and then editing
authorized_keysmanually and pasting it back in, consider usingssh-copy-id mt. This will automagically copy your public key file, append it toauthorized_keysand set the right permissions on the file so that SSH will use it (it can be picky if the file is too accessible to other users). If you used a non-default identity name, you can use the-ioption to select that identity to be copied, rather than the default.Could you describe the steps in greater detail? If I run
within my remote
.sshdirectory I get this warning:I also get this warning locally.
ssh-copy-idis perfect for this, but unfortunately not included in Mac OS X.Both errors are a result of
1. your remote box not having any need to copy its own key
2. your local machine not being able to execute the command (assuming you’re on a mac)
So try as you may – no cigar…Thats why I posted the system agnostic command instead…Hope this helps.
great article! here is the version of the command used to copy the id_rsa.pub file content, regardless of what system you are using…
as in the article above, replace the value of $host with your hostname as set up in the beginning of the article. awesome workflow!!!
Thanks for the great tip TJ! I knew there had to be another way around that.
This is gonna save me like 10 minutes a day, every day. Thanks so much.
You’re welcome Jeffrey! I couldn’t agree with you more on the time saving benefits.
Nice blogpost. It comes in very handy!
You got that right
A huge time saver. Also works well for Windows using Git Bash.
Sweet!
Took roughly about 2 mins to set up.
Rock on!
Thanks Jake \m/
pbcopy? ftp ?
duh:
ssh-copy-id [-i [identity_file]] [user@]machine
So you’re suggesting to use this bash command to paste the SSH public key contents to your remote file? Do we need the [user@]machine portion as well? Explaining this is more helpful than a simple ‘duh.’
Example
ssh-copy-id -i id_rsa.pub