= SSH KEY GEN = 1. Create ssh key at localhost [[br]] {{{ ssh-keygen -t rsa -b 4096 -C user@remotehost.com }}} Then they will ask to enter default .ssh path {{{ Enter file in which to save the key (/home/yourusername/.ssh/id_rsa): }}} We can key in any passphrase to make extra security but just press enter with empty key it will automate gen-key for you {{{ Enter passphrase (empty for no passphrase): }}} Now the public and private key will be kept in {{{ ls -al /home/yourusername/.ssh/id_rsa /home/yourusername/.ssh/id_rsa.pub }}} 2. In your local host copy public key (id_rsa.pub) to remote host {{{ ssh-copy-id remote_username@server_ip_address }}} or with manual ssh with {{{ cat ~/.ssh/id_rsa.pub | ssh remote_username@server_ip_address "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys" }}} 3. Now you can ssh with out prompt for password == Tunnel ssh == Ref [https://linuxize.com/post/how-to-setup-passwordless-ssh-login ref] [[br]] Remote to local [[br]] At localhost user create tunnel to remote host with following {{{ ssh -R 8022:localhost:22 remoteUser@remotehost.com }}} Then, at remote host, user can '''ssh -p 8022 localUser@127.0.0.1''' to localhost If we want to bind to specific interface (NICs), we use {{{ ssh -R 128.199.96.250:8022:localhost:22 krit@128.199.96.250 }}} and at 128.199.96.250 server on /etc/ssh/sshd_config file add this line {{{ GatewayPorts clientspecified }}} Then user can access ssh -p 8022 128.199.96.250 will forward to client on this tunnel Local to Remote At localhost user create tunnel to remote host with following {{{ [krit@mini ~]$ ssh -L 2000:localhost:22 remoteUser@remotehost.com }}} Then, at localhost, user can ''' ssh -p 2000 krit@127.0.0.1''' at localhost it will tunnel to remote host [[br]] == ssh rsync == rsync from local to remote server via ssh we need to install '''apt install sshpass''' {{{ #!sh [omd@local Test]$ sshpass -p "password" /usr/bin/rsync -a ~/var/log/Rsync/out.txt krit@172.17.0.1:Tmp/Test }}} == ssh tunnel == At remote server that we would like to ssh in used following config with ssh_public key place at local server. {{{ root@dwdm:/etc/systemd/system# more sshtunnel.service [Unit] Description=SSH Tunnel After=network.target [Service] Restart=always RestartSec=20 User=root ExecStart=/usr/bin/ssh -NT -o ServerAliveInterval=60 -o ExitOnForwardFailure=yes -R 32022:l ocalhost:22 vodka@18x.1xx.217.xx [Install] WantedBy=multi-user.target }}}