# ssh
**ssh** (secure shell) is a program that lets you work with remote unix boxes.


# Usage
Use keypair authentication whenever possible.
Generate a keypair with `ssh-keygen -t rsa`. Copy your public key to a server with `ssh-copy-id -i ~/.ssh/id_rsa.pub adm@server.org`


# Configuration
System-wide at `/etc/ssh/ssh_config` and per user at `~/.ssh/config`


To quickly connect to a system using its domain name instead, add an entry for your host in the config:
``Host server server.coolnet.org``
	``Hostname 221.140.72.18``
	``User opc``

This way you can ``ssh server`` and you login as the ``opc`` user.

To specify a keyfile use ``IdentityFile ~/.ssh/key``. The ``IdentitiesOnly yes`` option forces the use of the specific keyfile.


# TCP Forwarding (SSH tunnels)
SSH Tunnels can be used to access a local port from a remote machine.
For example, if you have Syncthing's Web GUI running on port 8384 you can forward it to port 9384 on your local machine to access it securely.

To open a SSH tunnel use ``ssh -L [LOCAL_IP:]LOCAL_PORT:DESTINATION:DESTINATION_PORT [USER@]SSH_SERVER``
For example ``ssh -L 9384:localhost:8384 debian@orion``

TCP Forwarding can be specified in a config file with the LocalForward option.


# SSH Agents
SSH Agents let you cache your private keys temporarily after first use. This way you don't need to enter the same passwords over and over again.

By default, your ssh config doesn't use any agent. To make use of openSSH's built in one (ssh-agent), include ``AddKeysToAgent yes`` at the top of your config.



See also
--------
* [OpenSSH - ArchWiki](https://wiki.archlinux.org/title/OpenSSH)

* [SSH tips and tricks - Trickster Dev](https://www.trickster.dev/post/ssh-tips-and-tricks/)