How to SSH keys and ProxyJump entries

SSH key pairs

Each SSH key pair includes two keys

A public key that is copied to the SSH server(s). Anyone with a copy of the public key can encrypt data which can then only be read by the person who holds the corresponding private key.

Once an SSH server receives a public key from a user and considers the key trustworthy, the server marks the key as authorized in its authorized_keys file. Such keys are called authorized keys.

A private key that remains (only) with the user. The possession of this key is proof of the user’s identity. Only a user in possession of a private key that corresponds to the public key at the server will be able to authenticate successfully. The private keys need to be stored and handled carefully, and no copies of the private key should be distributed. The private keys used for user authentication are called identity keys.

How to generate SSH keys

The SSH key pair is created using “ssh-keygen”. In the simplest form, just run “ssh-keygen” and answer the questions.$ ssh-keygen

How to copy public key to a server

The “ssh-copy-id” command will append your public ssh key to the “.ssh/authorized_keys” to the user home directory of the server you want to perform passwordless authentication.

change “user” and “host” parameters to match your enviroment.$ ssh-copy-id user@host

“ssh-copy-id” will ask the password of “user” on “host”, if authentication is correct, the next time you will login it will not ask you for a password.

How to SSH servers that are accessible over an SSH proxy

To access servers that are accessible over an SSH proxy you can use the following command.

change “user”, “proxy_server”,”ssh_server” parameters to match your enviroment.$ ssh -J user@proxy_server user@ssh_server

If both “proxy_server” and “ssh_server” have your public key will not ask for your password.

if you have multiple proxies that each proxy can access only a subset of server this can be cumbersome, you have to remember which proxy can access the server you want to login, you can avoid this by appending “ProxyJump” entries to/etc/ssh/ssh_config

on its simplest form the entries look like this.# Host: ssh_server. Jump to via: ssh_proxy_server
Host ssh_server
 HostName ssh_server
 ProxyJump ssh_proxy_server

Now you can ssh a server like this$ ssh user@ssh_server

one big advantage of ProxyJump is that now you can use “ssh-copy-id” to append your public key to a server that is accessible over an proxy.

Join Medium with my referral link - Konstantinos Patronas

Read every story from Konstantinos Patronas (and thousands of other writers on Medium). Your membership fee directly…