sshd/ssh/ssh-agent

1. Take in account
2.  
3. ssh is the ssh client
4. sshd is the ssh server
5.  
6. then, you should notice where you need to configure
7.  
8. ======================================================
9. To configure ssh with Forwarding
10. ======================================================
11. https://help.ubuntu.com/community/SSH/OpenSSH/Configuring#Forwarding
12. https://help.ubuntu.com/community/SSH/OpenSSH/PortForwarding
13. ======================================================
14. To configure ~/.ssh/config with ServerAliveInterval
15. ======================================================
16. http://stackoverflow.com/questions/13228425/write-failed-broken-pipe
17. http://raspberrypi.stackexchange.com/questions/26916/broken-pipe-when-ssh-using-mac-os-x
18. http://kb.mediatemple.net/questions/1625/Using+an+SSH+Config+File
19. http://www.cyberciti.biz/faq/force-ssh-client-to-use-given-private-key-identity-file/
20. http://nerderati.com/2011/03/17/simplify-your-life-with-an-ssh-config-file/
21. http://docs.rapidminer.com/radoop/installation/cluster-security.html
22. http://www.vanemery.com/Linux/XoverSSH/X-over-SSH2.html
23. http://linux.about.com/od/commands/l/blcmdl1_ssh.htm
24. ======================================================
25. To configure SSH over Mac
26. ======================================================
27. To manage apps over Mac
28. http://serverfault.com/questions/194832/how-to-start-stop-restart-launchd-services-from-the-command-line
29. http://superuser.com/questions/478035/command-line-ssh-restart-mac-osx-mountain-lion
30. https://www.peterborgapps.com/lingon/
31.  
32. ======================================================
33. To add a key
34. ======================================================
35. ps | grep ssh-agent
36. eval ssh-agent $SHELL
37. ssh-add /root/.ssh/asanchez75.bitbucket
38.  
39. ======================================================
40. https://confluence.atlassian.com/pages/viewpage.action?pageId=271943168
41.  
42. Configuring Multiple SSH Identities for GitBash, Mac OSX, & Linux
43. Skip to end of metadata
44.  
45. Attachments:1
46. Added by Mary Anthony [Atlassian Technical Writer], last edited by Mary Anthony [Atlassian Technical Writer] on Oct 06, 2012 (view change)
47.  
48. Go to start of metadata
49.  
50. Typically, if you are working with multiple accounts and/or multiple machines, you benefit from creating multiple SSH identities. In Mac OSX, GitBash, and Linux you can use the three ssh- commands to create and manage your identities.
51. SSH Command
52.  
53. Purpose
54. ssh-keygen Creates key pairs.
55. ssh-agent Agent for providing keys to remote servers. The agent holds loaded keys in memory.
56. ssh-add Loads a private key into the agent.
57.  
58. To support multiple SSH identities in Bitbucket, do the following:
59.  
60. Create multiple identities for Mac OSX, GitBash, and Linux
61.  
62. My thanks to the codingbadger and to Charles on the Bitbucket team who helped me get my head around this technique. Any errors here are of my own making of course.
63.  
64.  
65. Create multiple identities for Mac OSX, GitBash, and Linux
66.  
67. You should at this point already have created at least a single default identity. To see if you have a default identity already, list the contents of your .ssh directory. Default identity files appear as a id_encrypt and id_encrypt.pub pair. The encrypt value is either rsa or dsa. Use the ssh-keygen command to create a new identity. In the example below, the identity is named personalid.
68.  
69. $ ssh-keygen -f ~/.ssh/personalid -C "personalid"
70. Generating public/private rsa key pair.
71. Enter passphrase (empty for no passphrase):
72. Enter same passphrase again:
73. Your identification has been saved in /Users/manthony/.ssh/personalid.
74. Your public key has been saved in /Users/manthony/.ssh/personalid.pub.
75. The key fingerprint is:
76. 7a:9c:b2:9c:8e:4e:f4:af:de:70:77:b9:52:fd:44:97 personalid
77. The key's randomart image is:
78. +--[ RSA 2048]----+
79. | |
80. | |
81. | .|
82. | Eo|
83. | . S . ..|
84. | . . o . ... .|
85. | . = = ..o o |
86. | . o X ... . .|
87. | .ooB.o .. |
88. +-----------------+
89.  
90. If you have multiple Bitbucket accounts, you need to generate a new public/private key pair for each account.
91. Create a SSH config file
92.  
93. When you have multiple identity files, create a SSH config file mechanisms to create aliases for your various identities. You can construct a SSH config file using many parameters and different approaches. The format for the alias entries use in this example is:
94.  
95. Host alias
96. HostName bitbucket.org
97. IdentityFile ~/.ssh/identity
98.  
99. To create a config file for two identities (workid and personalid), you would do the following:
100.  
101. Open a terminal window.
102. Edit the ~/.ssh/config file.
103. If you don't have a config file, create one.
104.  
105. Add an alias for each identity combination for example:
106.  
107. Host workdid
108. HostName bitbucket.org
109. IdentityFile ~/.ssh/workdid
110. Host personalid
111. HostName bitbucket.org
112. IdentityFile ~/.ssh/personalid
113.  
114. Close and save the file.
115.  
116. Now, you can substitute the alias for portions of the repository URL address as illustrated in the following table:
117. DVCS Default address Address with alias
118. Git
119.  
120. [email protected]:accountname/reponame.git
121.  
122.  
123.  
124. git@alias:accountname/reponame.git
125. Mercurial ssh://[email protected]/username/reponame/ ssh://[email protected] /username/reponame/
126.  
127. There are lots of ways to use SSH aliasing. Another common use case may be the situation where you are using Bitbucket and GitHub on the same machine. The codingbadger suggested the following configuration for that use case:
128.  
129. # Default GitHub user
130. Host github.com
131. HostName github.com
132. PreferredAuthentications publickey
133. IdentityFile ~/.ssh/personalid
134.  
135. # Work user account
136. Host bitbucket.org
137. HostName bitbucket.org
138. PreferredAuthentications publickey
139. IdentityFile ~/.ssh/workid
140.  
141. If you google for "ssh aliases" or "ssh aliasing" you may find examples that suit you needs better.
142. Configure compression for Mercurial
143.  
144. When sending or retrieving data using SSH, Git does compression for you. Mercurial does not automatically do compression. You should enable SSH compression as it can speed up things drastically, in some cases. To enable compression for Mercurial, do the following:
145.  
146. Open a terminal window.
147. Edit the Mercurial global configuration file (~/.hgrc).
148.  
149. Add the following line to the UI section:
150.  
151. ssh = ssh -C
152.  
153. When you are done the file should look similar to the following:
154.  
155. [ui]
156. # Name data to appear in commits
157. username = Mary Anthony <[email protected]>
158. ssh = ssh -C
159.  
160. Save and close the file.
161.  
162. Load each key into the appropriate Bitbucket account
163.  
164. You load each identities public key into corresponding account. If you have multiple Bitbucket accounts, you load each account with the corresponding public key you created. If you have an account with a repository you access from two identities, you can load two keys into that account – one for each identity. Use the following procedure to load each key into your Bitbucket accounts:
165.  
166. Open a browser and log into Bitbucket.
167. Choose avatar > Manage Account from the application menu.
168. The system displays the Account settings page.
169. Click SSH keys.
170. The SSH Keys page displays. It shows a list of any existing keys. Then, below that, a dialog for labeling and entering a new key.
171.  
172. Back in your terminal window, copy the contents of your public key file.
173. For example, in Linux you can cat the contents.
174.  
175. cat ~/.ssh/id_rsa.pub
176.  
177. In Mac OSX the following command copies the output to the clipboard:
178.  
179. pbcopy < ~/.ssh/id_rsa.pub
180.  
181. Back in your browser, enter a Label for your new key, for example, Default public key.
182. Paste the copied public key into the SSH Key field:
183. Press Add key.
184. The system adds the key to your account.
185.  
186. Ensure the ssh-agent is running and all your keys are loaded
187.  
188. Most modern operating systems (and GitBash) start a ssh-agent running for you. However, it is important you know how to check for a running agent and start one if necessary.
189.  
190. Open a terminal window and enter the appropriate command for your operating system.
191.  
192. GitBash
193.  
194. Mac OSX andLinux
195.  
196. $ ps | grep ssh-agent
197. 5192 1 5192 5192 ? 500 19:23:34 /bin/ssh-agent
198.  
199. If for some reason the agent isn't running, start it by entering eval ssh-agent at the command line. You should only be running a single instance of ssh-agent. If you have multiple instances running, use the kill PID command to stop each of them. Then, restart a single instance.
200.  
201.  
202. $ ps -e | grep [s]sh-agent
203. 9060 ?? 0:00.28 /usr/bin/ssh-agent -l
204.  
205. If the agent isn't running, start it by hand. The format for starting the command manually is:
206.  
207. $ eval ssh-agent $SHELL
208.  
209. $SHELL is the environment variable for your login shell.
210.  
211. List the currently loaded keys:
212. $ ssh-add -l
213. 2048 68:ef:d6:1e:4b:3b:a3:52:6f:b0:c3:4b:da:e8:d1:9f /c/Documents and Settings/manthony/.ssh/personalid (RSA)
214.  
215. If necessary, add your new key to the list:
216. $ ssh-add ~/.ssh/workid
217. Enter passphrase for /c/Documents and Settings/manthony/.ssh/workid:
218. Identity added: /c/Documents and Settings/manthony/.ssh/workid (/c/Documents and Settings/manthony/.ssh/workid)
219.  
220. List the keys again to verify the add was successful:
221. $ ssh-add -l
222. 2048 68:ef:d6:1e:4b:3b:a3:52:6f:b0:c3:4b:da:e8:d1:9f /c/Documents and Settings/manthony/.ssh/personalid (RSA)
223. 2048 1b:24:fe:75:4d:d2:31:a9:d5:4e:65:60:7c:60:7a:a3 /c/Documents and Settings/manthony/.ssh/workid (RSA)
224.  
225. Clone a repository using SSH
226.  
227. To clone a repository with one of multiple SSH identities that you have added to an SSH config, you would log into Bitbucket and do the following:
228.  
229. Navigate to the repository Overview.
230. Display the SSH URL.
231. For example, Bitbucket displays its tutorial URL as:
232.  
233. hg clone ssh://[email protected]/tutorials/tutorials.bitbucket.org
234.  
235. Open a terminal window on your system.
236.  
237. Navigate to the directory where you store your repositories.
238.  
239. Enter the command but substitute your config alias appropriately:
240.  
241. hg clone ssh://[email protected]/tutorials/tutorials.bitbucket.org
242.  
243.  
244. The system clones the repository for you.
245.  
246. Change directory to the repository.
247.  
248. Display the contents of the repository's configuration.
249.  
250. $ cat .hg/hgrc
251. [paths]
252. default = ssh://[email protected]/tutorials/tutorials.bitbucket.org
253.  
254. Notice that the DVCS stored the URL you used for the clone. Now, moving forward for this repository, the DVCS uses the URL that includes the SSH alias.
255.  
256. Change existing repositories to from HTTPS to SSH (optional)
257.  
258. You can change existing repository configurations to use a SSH configuration that makes use of your multiple identities. You'll only need to do this for repositories that you have already cloned with HTTPS or for repositories where you want to change an existing SSH specification. For example, if you used SSH to clone a repository in the past and now want to set it up to use another SSH key.
259. Git configuration
260.  
261. Open a terminal window.
262.  
263. Navigate to the repository configuration file (REPO_INSTALLDIR/.git).
264.  
265. Open the config file with your favorite editor.
266.  
267. Locate the url value in the [remote "origin"] section
268.  
269. [remote "origin"]
270. fetch = +refs/heads/*:refs/remotes/origin/*
271. url = https://[email protected]/newuserme/bb101repo.git
272.  
273. In this example, the url is using the HTTPS protocol.
274.  
275. Change the url value to use the SSH format for your repository.
276. When you are done you should see something similar to the following:
277.  
278. [remote "origin"]
279. fetch = +refs/heads/*:refs/remotes/origin/*
280. url = git@personalid:newuserme/bb101repo.git
281.  
282. Mercurial Configuration
283.  
284. Open a terminal window.
285.  
286. Navigate to the repository configuration file (REPO_INSTALLDIR/.hg).
287.  
288. Open the hgrc file with your favorite editor.
289.  
290. [paths]
291. default = https://[email protected]/newuserme/bb101repo
292.  
293. Change the [paths] default to:
294.  
295. [paths]
296. default = ssh://[email protected]/newuserme/bb101repo
297.  
298. Save and close the file.
299.  
300. None
301.  
302. 10 Comments
303. Hide/Show Comments
304.  
305. User icon: Anonymous
306.  
307. Apr 02, 2012
308. Anonymous
309.  
310. How do I use the script as described within "Step 5. Update your .bashrc profile file" from Set up SSH for Git in case of automatically loading multiple SSH identities? Ever since I have to enter the appropriate passphrase on every single access to remote repository...
311. Permalink
312. Reply
313.  
314. User icon: Anonymous
315.  
316. Aug 26, 2012
317. Anonymous
318.  
319. I think there is a small error in the default address for mercurial.
320.  
321. ssh://hg@alias/username/reponame/
322.  
323. I think it should be:
324.  
325. ssh://[email protected]/username/reponame/
326. Permalink
327. Reply
328.  
329. User icon: manthony
330.  
331. Aug 26, 2012
332. Mary Anthony [Atlassian Technical Writer]
333.  
334. Thank you for the catch. Fixed.
335. Permalink
336. Reply
337.  
338. User icon: Anonymous
339.  
340. Oct 04, 2012
341. Anonymous
342.  
343. ssh://hg@alias/username/reponame/
344.  
345. works for me, the current entry does not.
346. Permalink
347. Reply
348.  
349. User icon: Anonymous
350.  
351. Nov 05, 2012
352. Anonymous
353.  
354. Me too
355. Permalink
356. Reply
357.  
358. User icon: Anonymous
359.  
360. Dec 17, 2012
361. Anonymous
362.  
363. That was a mis-correction and should be changed back
364. Permalink
365. Reply
366.  
367. User icon: dimpase
368.  
369. Sep 17, 2012
370. Dima Pasechnik
371.  
372. I beg to differ - this way ssh would not know about the customization in .ssh/config which is associated to the alias.
373.  
374. Why do you think there was an error?
375. Permalink
376. Reply
377.  
378. User icon: Anonymous
379.  
380. Dec 18, 2012
381. Anonymous
382.  
383. I think it's important to show multiple accounts in the example - this is kinda dropped after step one. I believe this is where the difference of opinion might lie -> it would make sense to clone from an alias if you, indeed, have an alias set up in the .ssh/config file
384. Permalink
385. Reply
386.  
387. User icon: Anonymous
388.  
389. Jan 26, 2013
390. Anonymous
391.  
392. Address with alias git@alias:accountname/reponame.git did not worked for me (osx).
393.  
394. After googling around i did that in : ~/.ssh/config
395.  
396. Host somename.bitbucket.org
397. HostName bitbucket.org
398. User git
399. IdentityFile ~/.ssh/keyname
400.  
401. and used in .git/config:
402.  
403. [remote "origin"]
404. url = ssh://somename.bitbucket.org/myUserName/myRepoName.git
405.  
406. Permalink
407. Reply
408.  
409. User icon: Anonymous
410.  
411. Feb 01, 2013
412. Anonymous
413.  
414. The minimal usable format for the SSH config file on the Mac is
415.  
416. Host bitbucket.org
417.  
418. IdentityFile ~/.ssh/youridentityfile
419.  
420. Works fine.lked