Linux desktop with tiled terminal windows

Getting Started with SSH

Ditch Remote Desktop. Secure Shell (SSH) offers a mechanism to access remote systems from the comfort of your terminal. It works very well and predictable "out of the box", but also allows custom configuration to make your workflow within complex networks seamless and intuitive.

Installation

Connections requires SSH on both the local and remote hosts. SSH is usually installed by default on most Linux distros (including Windows Subsystem for Linux and MacOS), but may need additional steps to enable accepting connections from other hosts.

Enabling SSH Server

Connecting to remote hosts only requires the ssh command available and doesn't require accepting remote connections. However, to allow connections from other hosts, the sshd daemon needs to be started (and optionally enabled on startup).

For systemd (Linux)

sudo systemctl start sshd
# OR to start now and automatically when the system starts:
sudo systemctl enable --now sshd

For MacOS

To enable the SSH server to accept connections on MacOS, go to System Preferences -> Sharing, and enable the option for Remote Login. The SSH daemon will start on every boot.

Use Encryption keys instead of Passwords

Using a password to establish a connection with a remote server is inconvenient and prone to insecurity, even when best-practices are followed. Alternatively: a public and private keypair offers a very convenient and secure mechanism to authenticate, as long as the contents of the private key file are kept a secret. Whenever possible, install your public key on the remote server and avoid typing your password into the terminal to authenticate afterwards.

Create a public and private keypair

# ECDSA - current standard (recommended)
# (supports 256, 384, 521 bit keys)
ssh-keygen -t ecdsa -b 521 -f ~/.ssh/id_ecdsa

# RSA - legacy but still in use for some systems
# (supports 2048, 4096 bit keys)
ssh-keygen -t rsa -b 4096 -f ~/.ssh/id_rsa

# General form
ssh-keygen -t &lt;algorithm&gt; -b &lt;key-size&gt; -f &lt;filename&gt;

Install a public key on a remote server

If you can connect to the remote with a password and write to the ~/.ssh/ directory yourself, then OpenSSH provides a convenient utility for installing your key:

ssh-copy-id -i ~/.ssh/&lt;pubkey&gt; &lt;user&gt;@&lt;remote-host&gt;

Otherwise, just append the contents of your public key file to <remote-host>:~/.ssh/authorized_keys.

Configuration

The behavior of SSH can be configured on a per-host basis in ~/.ssh/config. If this file doesn't exist, you can create it using this example:

# Connect to any host at example.com
# using a specific username and keypair
Host *.example.com
  User example-user
  IdentityFile ~/.ssh/example-keypair

# Shortcut to a host used frequently
# Running `ssh work` will connect to the following
# on a non-standard port
Host work
  HostName ken.dev.example.com
  Port 1337

Troubleshooting

As a general step to troubleshoot ssh connections, try connecting with the -v[v[v]] flag.

Config or Keys aren't being used

The ~/.ssh directory and contents should not be readable or writable by other users on the system. Fix the permissions, and retry the connection.

# Remove read,write,execute from group and others recursively
chmod go-rwx -R ~/.ssh

Using RSA key: `debug1: No more authentication methods to try`

The RSA algorithm has been deprecated in OpenSSH 8.2. You can re-enable it by adding an option to your ~/.ssh/config file:

Host example.com
  PubkeyAcceptedKeyTypes +ssh-rsa

Alternatively, switch to ECDSA if possible.