How to create an SSH connection

And so, we generated ssh keys and it's time to connect to the server. The first thing to do is to forward the public keys to the server.

 ssh-copy-id -i ~/.ssh/id_rsa.pub user@server

Instead of user, you substitute the login of your user, and instead of server, you indicate the host or ip address of the remote server to which you want to connect. If your ssh does not work on the standard port, then you need to additionally specify the port.

 ssh-copy-id -i ~/.ssh/id_rsa.pub '-p port user@server'

Where port is the port your ssh server is listening on

The second thing to do before connecting is to check that the ssh agent knows about your keys. To do this, you can use the following command:

 ssh-add -l
 2048 SHA256:FrcsHSW/ATlQzIhOGdU8oT/CqNJGeWZWgWYY0XA0yag igor-sverdlov@mail.ru (RSA)

If the required private ssh key is not available or you transferred the keys to another server, then you can add the key to the agent by running this command:

 ssh-add ~/.ssh/id_rsa
 Identity added: ~/.ssh/id_rsa (~/.ssh/id_rsa)

In this case, you will be asked to enter the password for the key. Also, when debugging, you need to understand what fingerprint a given ssh key has. To do this, you can use the following command:

 ssh-keygen -lf ~/.ssh/id_rsa.pub
 2048 SHA256:FrcsHSW/ATlQzIhOGdU8oT/CqNJGeWZWgWYY0XA0yag igor-sverdlov@mail.ru (RSA)

In most cases, it is convenient to upload ssh keys automatically to the server. To do this, you need to create a configuration file on the client.

 touch ~/.ssh/config
 printf "Compression yes\nForwardAgent yes">> ~/.ssh/config

To see all the available config options, you can run the command:

 man ssh_config

Finally, we are ready to execute the ssh connect command. It looks like this:

 ssh user@server

If the port of the ssh connection differs from the standard one, then it can be set using the option -p.

 ssh -p port user@server

To forward the graphical interface, you can use the option -X.

 ssh -X user@server

It is often convenient to configure aliases through the config. The content of the config ~/.ssh/config looks like this:

 Host dev
 Hostname server
 User user
 ForwardX11 yes
 Compression yes
 ForwardAgent yes

Now you can connect to the server server under the user user using the following command

 ssh dev

You can run a command on a remote server like this:

 ssh user@server command
 Thu 06 Jan 2022 03:11:12 PM UTC

In this example, the date command was used
To forward the tunnel, use the following command:

 ssh -f -N -L local_port:endpoint_ip:endpoint_port user@server -p ssh_port
 # example
 ssh -f -N -L 3031:127.0.0.1:8080 217.14.247.114 -p 522

Where:
– local_port - local port, requests to which will go to the server server
– endpoint_ip - ip address or host of the end target server
– endpoint_port - endpoint port
– user - the user under which the ssh connection will occur
– server - the server through which the tunnel will be run
– ssh_port - ssh connection port. If the default 22 is used, then you do not need to specify

Thus, in our example, all requests to localhost:3031 go to server 217.14.247.114 on port 522 and are then redirected to 127.0.0.1 (that is, remain on server 217.14.247.114) on port 8080. If you specify another host instead of 127.0.0.1, then the request will go to the corresponding server.