I’m slightly embarrassed to admit this, but it was a long time before I figured out how amazing this little file is and how exactly to put it to good use. The file I’m talking about is the SSH config file. By default, when you first connect to a server via SSH, you need to provide 3 things:
- destination (domain name or IP address)
And typically, if you don’t have a custom SSH config file set up, you’ll be prompted for a password. And depending on the administrator or owner of the server, that password can be pretty complex and annoying to enter every single time you want to connect. This is especially annoying if the server kicks you for inactivity every 10 minutes or so (because I’m writing code or researching while I have an open SSH connection). In some special scenarios that annoyance can compound to the point of impracticality. For example, in situations where you need to push a codebase to multiple destinations.
Generate SSH Key PairIn order to alliviate our password pain point, we’re essentially going to automate step 3, authentication. And instead of providing a password, we’re going to use an SSH key pair. But before we can do that, we’ll need to generate one. To do this, we’ll be using a command line tool called
ssh-keygen uses a few cryptographic algorithms in order to generate your key pairs. Entire college courses can be written and taken on the subject of cryptography, but for the sake of brevity,
rsa is one you’ll see around a lot, it’s pretty common, but becoming less recommended. If your server supports it, from what I understand, it’s best to go with something like
ed25519. To generate your SSH key pair, run the following:
ssh-keygen -t ed25519 -f ~/.ssh/filename
-t flag allows you to choose the type of key to be generated, while the
-f flag allows you to set the filename of the resulting key.
Upload Public KeyDepending on your hosting provider, the upload procedure may be different for different hosts, but the important thing is to only upload your public key. Typically, in various technical documentations, they’ll suggest
cating out the contents of your public key with something like
cat ~/.ssh/filename.pub. And yes, if it’s in your hosting providers official documentation, I’d recommend going with that. However, I did want to make note of a pretty cool tool I discovered while researching this.
authorized_keys. This is a special authorization file that stores login credentials for specific users. So in this case, an easier technique than copy/pasting from your public key into the
authorized_keys file (which you can still do) is use the
ssh-copy-id command like so:
ssh-copy-id -i ~/.ssh/filename.pub user@remoteserver
-i flag designates an input file (public key) and the final argument is the ssh connection you want to set up, so
user@host. This will automatically copy the contents of the public key and paste it into the
authorized_keys file! Be sure to connect after running this command and confirm the correct key is in
Create or Edit your SSH Config File
While, yes, technically you can call it quits after your public key is server-side, and you can connect without using a password. But this is still kinda annoying if your hostname is super long. How wants to type
ssh firstname.lastname@example.org just to connect without a password? Who can even remember that? This is where the config file becomes your best friend.
If you don’t have an SSH config file (you’ll probably know if you do or not. If you have one, you likely created it yourself). Either way, you can check if a config file exists by listing the contents of your
.ssh directory like
ls ~/.ssh. If you see a file named
config, then you have one. Otherwise, you can create one with
touch ~/.ssh/config and open it with your favorite text editor.
Using our example above, let’s create a config for
ssh email@example.com and let’s assume we generated an ssh key for this host that’s called
ssh firstname.lastname@example.org, all we have to do is type
ssh hostname-staging and boom. That’s it. You’re connected. No passwords. No hassle. One-time setup that makes future connections easy and fast.