Want to see the full-length video right now for free?Sign In with GitHub for Free Access
SSH is a foundational topic for anyone working on the web, and at a minimum it's important to understand how SSH is used for authentication with Git and similar tools. In this episode we'll cover these basics as well as some of the more interesting tricks we can pull off using SSH.
SSH uses public-key cryptography, which involves generating a key pair, made up of one private and one public key. The public key is shared openly, for instance uploading to GitHub, while the private key is kept... private.
When you attempt to connect to GitHub (using
address), your local SSH command will encrypt the message using your public
key, and GitHub can use the public key to confirm that the message was sent by
Note, Git & GitHub can operate over https using a username and password, but we recommend using SSH for Git operations, and we require it on the Upcase exercises repositories.
If you don't already have an SSH key-pair, or if you want to generate a new one, we recommend following the steps outlined in GitHub's documentation on Generating an SSH key.
In order to upload your key to a service like GitHub or the Upcase exercises
system, you'll need to copy the contents of the
~/.ssh/id_rsa.pub file. The
most reliable way to do this is via the command line, but each OS has a
slightly different command for this. Borrowing from GitHub's great Adding a
new SSH key to your GitHub account article, you can copy your public key
# Mac $ pbcopy < ~/.ssh/id_rsa.pub # Windows $ clip < ~/.ssh/id_rsa.pub # Linux $ sudo apt-get install xclip $ xclip -sel clip < ~/.ssh/id_rsa.pub
Note: On Upcase, you can upload your SSH key, or even multiple keys, by visiting the Clone Help Page.
Pretty Good Privacy (PGP) is another technology that uses public key cryptography to authenticate and secure communications (emails, chats, etc). If you're interested in learning more, check out the Giant Robots post PGP and You to learn how to get started with PGP.
Thus far we've focused on SSH as used to authenticate a user, especially in the context of Git, but it turns out we can go much further with SSH and use it to securely connect and run a shell session on a remote system.
To start exploring broader uses of SSH, we can first look in the
directory where SSH configuration files are stored. This directory can contain
configuration files like
known_hosts which we cover below, but
mostly what you'll find here are one or more public + private key pairs.
~/.ssh/known_hosts file is where SSH will save off the SSH identity of
servers you've connected with in the past. If you've ever run a git command or
attempted to connect to a server and seen the following:
$ ssh firstname.lastname@example.org The authenticity of host 'server.example.com (126.96.36.199)' can't be established. RSA key fingerprint is 8c:a1:91:f4:b9:dc:84:7f:0f:a9:db:21:a7:1d:27:e2. Are you sure you want to continue connecting (yes/no)?
Then it means that you have not connected to that particular server before, but typically this should not be a concern unless you're sure you've connected to the host before.
~/.ssh/config is a very useful file if you find yourself regularly
connecting to remote servers, especially if you need to specify the user,
identity file, etc. The structure of the file looks something like the
Host * Compression yes Host client-x-server IdentityFile ~/.ssh/ardrone.pem UserKnownHostsFile /dev/null HostName nightly.example.com User ec2-user Host whetstone-gitolite-server HostName git.upcase.com User root Host staging-whetstone-gitolite-server HostName 188.8.131.52 User root
Here we can see that each server gets a configuration block where we can
specify a short / memorable name for the server (via the
Host setting), the
HostName / IP address, the
User, and even the specific key to use via the
With this configuration in place, rather than needing to type all of:
$ ssh -i ~/.ssh/ardrone.pem email@example.com
we can simply SSH via the alias
$ ssh client-x-server
We can even get tab completion of these short names making our lives that much better!
scp is a command for securely copying files, using SSH for authentication
and encryption. With scp, we can use all the configurations we have in the
~/.ssh/config file, and make it very easy to copy a remote file:
$ scp whetstone-gitolite-server:/path/to/file ./local-filename
Depending on the speed of your connection, you can even tab complete out the
files and directories on the remote server as you build up an
all without having to type a password!
In some cases we just want a bit of data from a remote server, and thankfully
we can use
ssh to run a one-off command and print out the results. For
instance, the following will lists the contents of the remote directory,
opening and closing the SSH connection as needed:
$ ssh whetstone-gitolite-server ls /var/lib/gitolite3/repositories/christoomey
This can be extremely handy if you're building a script locally that you need to incorporate some data into from a remote server.