SSH Keygen & Multiplexing

Author: Samuel Williams When: Monday, 22 February 2010

To connect from the client to the server without using a password, you need to generate a key on the client. This key is then installed into the server's authorized_keys file, and then the client can connect without standard password authentication.

On the client as the user who will run ssh to the remote host:

# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx [local-user]@[local-host]

Once you have done this, you need to append it to the authorized_keys file for the user you will be logging in as on the remote server:

# cat ~/.ssh/id_rsa.pub | ssh [remote-user]@[remote-host] "cat >> ~/.ssh/authorized_keys"

N.B. Replace [remote-user] and [remote-host] with appropriate values. You might need to change it to ~/.ssh/authorized_keys2 depending on your sshd config file, which can be found in /etc/ssh/sshd_config on the server. Check for the AuthorizedKeysFile config parameter.

SSH Multiplexing

SSH can allow multiple virtual connections via the same single network connection. This is called SSH multiplexing, and can make it faster to connect to a server after establishing the initial connection.

Add the following into ~/.ssh/config or /etc/ssh/ssh_config:

Host *
   ControlMaster auto
   ControlPath ~/.ssh/socket-%r@%h:%p

This will create a socket for each set (user, machine, port) when the first SSH session is opened. Further sessions will see the socket and use it instead of opening a new connection, multiplexing all concurrent connections via the same connection. The same goes for SCP and SFTP.

Nice side-effects of this:

Further Information

OpenSSH is a fantastic tool and every system administrator should learn how to use it. There are many resources out there, but here are some which I think is great:

Comments

Nice article :)

Note that rather than using:

$ cat ~/.ssh/id_rsa.pub | ssh [remote-user]@[remote-host] "cat >> ~/.ssh/authorized_keys"

On many machines you can just use:

$ ssh-copy-id -i ~/.ssh/id_rsa.pub [remote-user]@[remote-host]

Leave a comment

Please note, comments must be formatted using Markdown. Links can be enclosed in angle brackets, e.g. <www.codeotaku.com>.