SSH
Autostart SSH-Agent with Zsh
Add Plugin in ~/.zshrc
:
plugins(git ssh-agent)
And then reload the zsh session from the config file
Config-Hierarchie
- CMD-Line Options
- User-Config (
~/.ssh/config
) - Systemwide-Config (
/etc/ssh/ssh_config
)
Warning
For each parameter, the first obtained value will be used So more specific config entries should be at the top of the configs Defaults at the end
Hostname Alias
Simple
Multiple
Dynamic Hostname
SSH Public Key authentication
Generate Key
WICHTIG
IMMER eine Passphrase definieren!
Result
Warning
Nur die .pub Datei darf öffentlich gemacht werden
Best Practice
Create one for each server, customer or service you connect to.
Get Key to Server
-
Automatic
-
Manual
- copy content of local
~/.ssh/demo.ed25519.pub
- paste it into
~/.ssh/authorized_keys
on servers
- copy content of local
Enable Key Auth in Config
Full Config Example
Enable ssh-agent
Why? Saves key Passphrase
- ssh-add
- “-c” ask for permission before use
- “-d” removes key from ssh-agent
Sane Defaults
~/.ssh/conf.d
Multiple files i.E for multiple Customers
Bastion/Jump Hosts
Manual
Explicit
Elegant
Fallback
Warning
Do not use Agent Forwarding (
ssh -A
)