SSH¶
Autostart SSH-Agent with Zsh¶
Add Plugin in ~/.zshrc
:
And then reload the zsh session from the config file
Config-Hierarchie¶
- CMD-Line Options
- User-Config (
~/.ssh/config
) - Systemwide-Config (
/etc/ssh/ssh_config
)
Warning
For each parameter, the first obtained value will be used
So more specific config entries should be at the top of the configs
\(\rightarrow\) Defaults at the end
Hostname Alias¶
Simple¶
Multiple¶
Dynamic Hostname¶
SSH Public Key authentication¶
Generate Key¶
WICHTIG
IMMER eine Passphrase definieren!
Result¶
Warning
Nur die .pub Datei darf öffentlich gemacht werden
Best Practice¶
Create one for each server, customer or service you connect to.
Get Key to Server¶
-
Automatic
-
Manual
- copy content of local
~/.ssh/demo.ed25519.pub
- paste it into
~/.ssh/authorized_keys
on
servers
- copy content of local
Enable Key Auth in Config¶
Full Config Example¶
Host demo bastion
HostName ssh.example.com
User demoUser
PreferredAuthentications publickey
IdentityFile ~/.ssh/demo.ed25519
Enable ssh-agent¶
Why? Saves key Passphrase
- ssh-add
- “-c” ask for permission before use
- “-d” removes key from ssh-agent
Sane Defaults¶
~/.ssh/conf.d¶
Multiple files i.E for multiple Customers
Bastion/Jump Hosts¶
Manual¶
Explicit¶
Elegant¶
Host demo bastion
HostName ssh.example.com
User leyrer
PreferredAuthentications publickey
IdentityFile ~/.ssh/demo.ed25519
Host internal
HostName target.local
ProxyJump bastion
User leyrer
PreferredAuthentications publickey
IdentityFile ~/.ssh/demo.ed25519
Fallback¶
Warning
Do not use Agent Forwarding (ssh -A
)
Last update :
April 15, 2025
Created : April 13, 2025
Created : April 13, 2025