JDPFu.com 2024

Create the public and private keys, then push them to the remote system:

ssh-keygen -t ed25519

ssh-copy-id -i ~/.ssh/id_ed25519.pub userid@remote

That is a 1-time effort per client machine and is good for every remote machine. If you stay with the default RSA keys, just run:

$ ssh-copy-id {remote-server}

You’ll be prompted for the password … for the last time. Now, you remote into that machine without being bothered for a password. Try it. You can run programs directly on the other machine – any program – without being hassled for a password. Try it.

$ ssh {remote-server}

or if you want to run a GUI program and your desktop is running X/Windows (most Linux desktops do), use:

$ ssh  -X {remote-server}

Pretty cool. Best of all, you are more secure this way. If you really want to up your security, disable remote connections based on a password on the server side in the /etc/ssh/sshd_config . That’s a different tip. Don’t worry, you can always login on the console with a password. Be certain that you backup your ~/.ssh/ directory on the client now if you haven’t been doing that.

~/.ssh/config

host short-name

 user jdpfu

 hostname remote-server.dyndns.org

 port 62280

Drop as many of those stanzas into the ~/.ssh/config file and use the short-name to call it with any ssh-based tool. The userid, hostname, port will all be automatically provided to the ssh library and you’ll be logged in. You can setup internal and external stanzas. Internally, the servers all listen on port 22, the default. From external locations, each server has an odd port assigned and the firewall/router handles the port translation. To connect, you don’t need to know the port, just the “short-name”. ssh short-name is all you or any script under your userid needs.

If you are stuck on Windows, you can set up something similar using PuTTY. A little googling will explain how.