Secure SHell (SSH) Setup¶
SSH to run commands remotely. This section provides a couple
of setup notes which makes it a pleasant experience. Start with setting up
Unprompted Login, without it then each command executed will prompt you for
login which is counter-productive. In case you need to execute commands as
root on your test-target then you need to change your SSH daemon
configuration, see SSH as root for that.
Lastly, if you want to have remote access to your test-target file-system,
then sshfs provides an easy way of doing that using the
setup. You can of course also use it the other way around, e.g. have your
test-target mount your dev box.
The setup instructions provided here is primarily aimed at Linux/FreeBSD/MacOSX like systems. For an equivalent setup-guide and description of using OpenSSH client/server on Windows then see Microsoft Docs - OpenSSH in Windows.
Here is what we will do:
- Generate a
SSHkey-pair (private and public keys)
- Add the private-key to your SSH-agent
- Deploy the public-key to the target
- Create a target configuration
- Check the target configuration
Generate a Key-Pair¶
ssh-keygen -P "" -f $HOME/.ssh/cijoe.key
This will produce the following key-pair:
cijoe.key # This is your private key cijoe.key.pub # This is your public
Add the key to the ssh-agent:
Using an SSH-agent is convenient for keys that have passphrases, as you only have to provide the passphrase once, when you add the key to the agent, instead of each time they key is utilized.
Deploy the public-key¶
Deploy the public-key to remote host
ssh-copy-id -i $HOME/.ssh/cijoe.key.pub hostname
This is the last time you will be prompted for login information when
hostname as your user.
Create a target config¶
Create a file named e.g.
box01_env.sh, with the content:
#!/usr/bin/env bash export SSH_HOST=box01 export SSH_USER=odus
In this example
box01 is the hostname of the target machine, and
is the user to login as.
Check the target config¶
Verify that the ssh setup, and the cijoe target configuration works by running cijoe interactively using the target configuration:
cijoe box01_env.sh cij::cmd "hostname"
This should run the
hostname command on the host
SSH as root¶
The default configuration of
sshd does not permit login using the
root user. Thus, in case you need to ssh into the remote target using
root then you need to change the
ssh daemon configuration.
On the target, edit:
/etc/ssh/sshd_config, changing the
Then reload the
sudo service ssh restart
It should now be ready for running
ssh-copy-id as described above.
The Secure-SHell File-System is a libfuse-based user space file-system which provides a very easy way to mount a remote file-system via SSH. Install it using your package-manager, e.g.:
# Install sshfs sudo apt install sshfs # Change fuse-configuration; enable user_allow_other echo 'user_allow_other' | sudo tee -a /etc/fuse.conf # Create a directory for mountpoints mkdir $HOME/sshfs
For the specific host that you have deployed keys to, create a mountpoint:
Mount it using:
sudo sshfs \ -o allow_other,default_permissions,IdentityFile=$HOME/.ssh/cijoe.key \ user@hostname:/ $HOME/sshfs/testbox
And unmount using:
sudo umount $HOME/sshfs/testbox