How to SSH keys and ProxyJump entries
SSH key pairs
Each SSH key pair includes two keys
A public key that is copied to the SSH server(s). Anyone with a copy of the public key can encrypt data which can then only be read by the person who holds the corresponding private key.
Once an SSH server receives a public key from a user and considers the key trustworthy, the server marks the key as authorized in its authorized_keys file. Such keys are called authorized keys.
A private key that remains (only) with the user. The possession of this key is proof of the user’s identity. Only a user in possession of a private key that corresponds to the public key at the server will be able to authenticate successfully. The private keys need to be stored and handled carefully, and no copies of the private key should be distributed. The private keys used for user authentication are called identity keys.
How to generate SSH keys
The SSH key pair is created using “ssh-keygen”. In the simplest form, just run “ssh-keygen” and answer the questions.
$ ssh-keygenHow to copy public key to a server
The “ssh-copy-id” command will append your public ssh key to the “.ssh/authorized_keys” to the user home directory of the server you want to perform passwordless authentication.
change “user” and “host” parameters to match your enviroment.
$ ssh-copy-id user@host“ssh-copy-id” will ask the password of “user” on “host”, if authentication is correct, the next time you will login it will not ask you for a password.
How to SSH servers that are accessible over an SSH proxy
To access servers that are accessible over an SSH proxy you can use the following command.
change “user”, “proxy_server”,”ssh_server” parameters to match your enviroment.
$ ssh -J user@proxy_server user@ssh_serverIf both “proxy_server” and “ssh_server” have your public key will not ask for your password.
if you have multiple proxies that each proxy can access only a subset of server this can be cumbersome, you have to remember which proxy can access the server you want to login, you can avoid this by appending “ProxyJump” entries to
/etc/ssh/ssh_configon its simplest form the entries look like this.
# Host: ssh_server. Jump to via: ssh_proxy_server
Host ssh_server
HostName ssh_server
ProxyJump ssh_proxy_serverNow you can ssh a server like this
$ ssh user@ssh_serverone big advantage of ProxyJump is that now you can use “ssh-copy-id” to append your public key to a server that is accessible over an proxy.
