SSHKeys &mdash; Paul Sutton https://personaljournal.ca/paulsutton/tag:SSHKeys Personal Blog Tue, 05 May 2026 15:00:49 +0000 ssh - secure shell https://personaljournal.ca/paulsutton/ssh-secure-shell <![CDATA[ssh - secure shell Secure shell is a remote login client. The following is from the man page DESCRIPTION ssh (SSH client) is a program for logging into a remote machine and for executing commands on a remote machine. It is intended to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections, arbitrary TCP ports and Unix-domain sockets can also be forwarded over the secure channel. So as mentioned before, vfsync can't do everything, so if you do need a full Linux system to log in to and install what you want. By this, I am saying you also need to at least have sudo access to that remote system, even if this is a Raspberry Pi. While being able to log in with ssh user@host Is useful, you still need a password, which is fine. If you want to use some services provided by [vern.cc] then you need to be able to log in with an authentication key. This can be generated with ssh-keygen DESCRIPTION ssh-keygen generates, manages and converts authentication keys for ssh(1). ssh-keygen can create keys for use by SSH protocol version 2. Which will generate a public / private key pair man ssh-copy-id NAME ssh-copy-id — use locally available keys to authorise logins on a re‐mote machine DESCRIPTION ssh-copy-id is a script that uses ssh(1) to log into a remote machine (presumably using a login password, so password authentication should be enabled, unless you've done some clever use of multiple identities). It assembles a list of one or more fingerprints (as described below) and tries to log in with each key, to see if any of them are already installed (of course, if you are not using ssh-agent(1) this may result in you being repeatedly prompted for pass-phrases). It then assembles a list of those that failed to log in and, using ssh(1), enables logins with those keys on the remote server. By default it adds the keys by appending them to the remote user's ~/.ssh/authorized_keys (creating the file, and directory, if necessary). It is also capable of detecting if the remote system is a NetScreen, and using its ‘set ssh pka-dsa key ...’ command instead. There is some good information here too ssh cheat sheet The following allowed me to remote login to my Raspberry Pi from my desktop cd .ssh (I did this so I was in the right place to generate the key) ssh-keygen ssh-copy-id -i ~/.ssh/Pi4.pub paul@xxx.xxx.xxx.xxx ssh paul@xxx.xxx.xxx.xxx Login with password, and you will be asked for the passphrase the first time you do this. After which, you will be able to just ssh in without the password. Replace the x's with your IPv4 address. While using vern, I had to use ssh-keygen -lf ./key.pub To address an error, it came up with about keyboard authentication. This worked for me, but should not 'just' be used in every situation. Graphical ssh With Linux mint, it is also possible to connect the file manager nemo to a remote server. File - Connect to server, then fill in the credentials. Remote with nemo With folder, it is probably a good idea to enter the path to your home directory on the remote server, so for a Raspberry Pi with a default username of pi, this is:- /home/pi Chat I am on the Devon and Cornwall Linux user group mailing list and also their matrix channel as zleap, it is better to ask there, that way others can answer too. Tags #Bash,#Linux,#ssh,#RemoteAccess,#Security,#SSHKeys,#SecureShell hr table thead trtda rel="me" href="https://qoto.org/@zleap"Mastodon/a/td tda href="https://wiki.ircnow.org/?n=Shelllabs.Intro"ShellLabs/td tda href="https://joinmastodon.org/"Join Mastodon/a/td/tr/thead/table center AI statement : b Consent is NOT granted to use the content of this blog for the purposes of AI training or similar activity. Consent CANNOT be assumed, it has to be granted. /b /center a href="https://liberapay.com/PaulSutton/donate"img alt="Donate using Liberapay" src="https://liberapay.com/assets/widgets/donate.svg"/a ]]> ssh – secure shell

Secure shell is a remote login client. The following is from the man page

DESCRIPTION
       ssh (SSH client) is a program for logging into a remote machine and for executing  commands on a remote machine.  It is intended to provide secure encrypted communications between two untrusted hosts over an insecure network.  X11 connections, arbitrary  TCP  ports  and  Unix-domain sockets can also be forwarded over the secure channel.

So as mentioned before, vfsync can't do everything, so if you do need a full Linux system to log in to and install what you want. By this, I am saying you also need to at least have sudo access to that remote system, even if this is a Raspberry Pi.

While being able to log in with

ssh user@host

Is useful, you still need a password, which is fine. If you want to use some services provided by [vern.cc] then you need to be able to log in with an authentication key. This can be generated with

ssh-keygen

DESCRIPTION
       ssh-keygen generates, manages  and  converts  authentication  keys  for  ssh(1).  ssh-keygen can create keys for use by SSH protocol version 2.

Which will generate a public / private key pair

man ssh-copy-id 

NAME
       ssh-copy-id  —  use locally available keys to authorise logins on a re‐mote machine

DESCRIPTION
       ssh-copy-id  is  a script that uses ssh(1) to log into a remote machine  (presumably using a login password, so password  authentication  should be enabled, unless you've done some clever use of multiple identities).  It  assembles  a  list of one or more fingerprints (as described below) and tries to log in with each key, to see if any of  them  are  already installed (of course, if you are not using ssh-agent(1) this may result  in  you being repeatedly prompted for pass-phrases).  It then assembles a list of those that failed to log in and, using ssh(1), enables logins with those keys on the remote server.  By default it adds the  keys  by appending  them  to  the remote user's ~/.ssh/authorized_keys (creating  the file, and directory, if necessary).  It is also capable of  detecting if the remote system is a NetScreen, and using its ‘set ssh pka-dsa
       key ...’ command instead.

There is some good information here too

The following allowed me to remote login to my Raspberry Pi from my desktop

cd .ssh (I did this so I was in the right place to generate the key)
ssh-keygen
ssh-copy-id -i ~/.ssh/Pi4.pub paul@xxx.xxx.xxx.xxx
ssh paul@xxx.xxx.xxx.xxx

Login with password, and you will be asked for the passphrase the first time you do this. After which, you will be able to just ssh in without the password.

Replace the x's with your IPv4 address.

While using vern, I had to use

ssh-keygen -lf ./key.pub

To address an error, it came up with about keyboard authentication. This worked for me, but should not 'just' be used in every situation.

Graphical ssh

With Linux mint, it is also possible to connect the file manager nemo to a remote server.

File –> Connect to server, then fill in the credentials.

Remote with nemo

With folder, it is probably a good idea to enter the path to your home directory on the remote server, so for a Raspberry Pi with a default username of pi, this is:-

/home/pi

Chat

I am on the Devon and Cornwall Linux user group mailing list and also their matrix channel as zleap, it is better to ask there, that way others can answer too.

Tags

#Bash,#Linux,#ssh,#RemoteAccess,#Security,#SSHKeys,#SecureShell

Mastodon ShellLabs Join Mastodon
AI statement : Consent is NOT granted to use the content of this blog for the purposes of AI training or similar activity. Consent CANNOT be assumed, it has to be granted.

Donate using Liberapay

]]> https://personaljournal.ca/paulsutton/ssh-secure-shell Tue, 20 May 2025 14:56:10 +0000