SSH on Rickyhttps://linzeyan.github.io/categories/ssh/Recent content in SSH on RickyHugo -- gohugo.ioenTue, 11 Feb 2025 15:06:00 +0800Configuring SSH Keys for Multiple GitHub Accountshttps://linzeyan.github.io/posts/2025/20250211-configure-ssh-keys-for-multiple-github-accounts/Tue, 11 Feb 2025 15:06:00 +0800https://linzeyan.github.io/posts/2025/20250211-configure-ssh-keys-for-multiple-github-accounts/<ul> <li><a href="https://stevenharman.net/configure-ssh-keys-for-multiple-github-accounts" target="_blank" rel="noopener">Configuring SSH Keys for Multiple GitHub Accounts</a></li> </ul> <h3 id="use-different-host-values">Use Different Host values</h3> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>Host github.com </span></span><span style="display:flex;"><span> HostName github.com </span></span><span style="display:flex;"><span> User git </span></span><span style="display:flex;"><span> IdentityFile ~/.ssh/id_fry_ed25519 </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>Host github-plnx </span></span><span style="display:flex;"><span> HostName github.com </span></span><span style="display:flex;"><span> User git </span></span><span style="display:flex;"><span> IdentityFile ~/.ssh/id_fry_plnx_ed25519 </span></span></code></pre></div><div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#75715e"># Instead of the actual URL</span> </span></span><span style="display:flex;"><span>$ git clone git@github.com:planet-express/delivery_service.git </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># Substitue in our custom Host value for the `github.com` part</span> </span></span><span style="display:flex;"><span>$ git clone git@github-plnx:planet-express/delivery_service.git </span></span></code></pre></div><h3 id="automate-substituting-the-host">Automate Substituting the Host</h3> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#f92672">[</span>include<span style="color:#f92672">]</span> </span></span><span style="display:flex;"><span> path <span style="color:#f92672">=</span> ~/.gitconfig_custom </span></span></code></pre></div><div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#75715e"># See custom `Host github-plnx` in ~/.ssh/config</span> </span></span><span style="display:flex;"><span><span style="color:#f92672">[</span>url <span style="color:#e6db74">&#34;github-plnx:planet-express&#34;</span><span style="color:#f92672">]</span> </span></span><span style="display:flex;"><span> insteadOf <span style="color:#f92672">=</span> git@github.com:planet-express </span></span></code></pre></div>Add SFTP user and share directoryhttps://linzeyan.github.io/posts/2023/20231130-sftp/Thu, 30 Nov 2023 17:22:00 +0800https://linzeyan.github.io/posts/2023/20231130-sftp/<h1 id="add-sftp-user-and-share-directory">Add SFTP user and share directory</h1> <p>dev_test_user, qa_test_user 同權限 dev_user, qa_user 同權限</p> <h2 id="1-建立共享資料夾sftp-使用的資料夾">1. 建立共享資料夾(SFTP 使用的資料夾)</h2> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo mkdir -p /home/<span style="color:#f92672">{</span>test,prod<span style="color:#f92672">}</span>/<span style="color:#f92672">{</span>exchange,upload<span style="color:#f92672">}</span> </span></span><span style="display:flex;"><span>sudo mkdir -p /home/<span style="color:#f92672">{</span>test,prod<span style="color:#f92672">}</span>/exchange/success </span></span><span style="display:flex;"><span>sudo mkdir -p /home/<span style="color:#f92672">{</span>test,prod<span style="color:#f92672">}</span>/upload/backup </span></span></code></pre></div><h2 id="2-建立使用者群組">2. 建立使用者群組</h2> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo groupadd share01-test </span></span><span style="display:flex;"><span>sudo groupadd share01-prod </span></span></code></pre></div><h2 id="3-創建-qa_test_user-使用者並設定-qa_test_user-使用者的群組為-share01-test">3. 創建 qa_test_user 使用者並設定 qa_test_user 使用者的群組為 share01-test</h2> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo useradd -m -G share01-test qa_test_user </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># 設定 dev_test_user 使用者的群組為 share01-test</span> </span></span><span style="display:flex;"><span>sudo usermod -G share01-test dev_test_user </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># 設定密碼</span> </span></span><span style="display:flex;"><span>sudo passwd qa_test_user </span></span></code></pre></div><h2 id="4-創建-qa_user-使用者並設定-qa_user-使用者的群組為-share01-prod">4. 創建 qa_user 使用者並設定 qa_user 使用者的群組為 share01-prod</h2> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo useradd -m -G share01-prod qa_user </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># 設定 dev_user 使用者的群組為 share01-prod</span> </span></span><span style="display:flex;"><span>sudo usermod -G share01-prod dev_user </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># 設定密碼</span> </span></span><span style="display:flex;"><span>sudo passwd qa_user </span></span></code></pre></div><h2 id="5-設定權限">5. 設定權限</h2> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#75715e"># 設定 /home/test 資料夾(含下級資料夾)的使用者為 qa_test_user,群組為 share01-test</span> </span></span><span style="display:flex;"><span>sudo chown -R qa_test_user:share01-test test/ </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># 設定 /home/prod 資料夾(含下級資料夾)的使用者為 qa_user,群組為 share01-prod</span> </span></span><span style="display:flex;"><span>sudo chown -R qa_user:share01-prod prod/ </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># SFTP 登入資料夾權限要給 root</span> </span></span><span style="display:flex;"><span>sudo chown root:root /home/test </span></span><span style="display:flex;"><span>sudo chown root:root /home/prod </span></span></code></pre></div><h2 id="6-設定-etcsshsshd_config">6. 設定 /etc/ssh/sshd_config</h2> <p><code>/etc/ssh/sshd_config</code></p>Use terminal and SSH to remote hosthttps://linzeyan.github.io/posts/2023/20231124-ssh/Fri, 24 Nov 2023 22:22:00 +0800https://linzeyan.github.io/posts/2023/20231124-ssh/<h1 id="use-terminal-and-ssh-to-remote-host">Use terminal and SSH to remote host</h1> <h2 id="1-modern-terminals">1. Modern Terminals</h2> <ul> <li><a href="https://github.com/vercel/hyper" target="_blank" rel="noopener">Hyper</a></li> <li><a href="https://iterm2.com/" target="_blank" rel="noopener">iTerm2</a></li> <li><a href="https://github.com/Eugeny/tabby" target="_blank" rel="noopener">Tabby</a></li> <li><a href="https://www.warp.dev/" target="_blank" rel="noopener">Warp</a></li> <li><a href="https://github.com/wez/wezterm" target="_blank" rel="noopener">Wez&rsquo;s Terminal</a></li> <li><a href="https://github.com/kingToolbox/WindTerm" target="_blank" rel="noopener">WindTerm</a></li> </ul> <h2 id="2-open-terminal-in-macos">2. Open terminal in macOS</h2> <ol> <li><code>⌘ + space</code> open Spotlight <img src="https://linzeyan.github.io/posts/2023/20231124-ssh/pics/auto_20231124_222253.png" alt=""></li> <li>search terminal.app <img src="https://linzeyan.github.io/posts/2023/20231124-ssh/pics/auto_20231124_222316.png" alt=""></li> <li>press <code>↩</code> <img src="https://linzeyan.github.io/posts/2023/20231124-ssh/pics/auto_20231124_222410.png" alt=""></li> </ol> <h2 id="3-ssh-to-remote-host">3. SSH to remote host</h2> <ol> <li>ensure the private key file path.</li> <li>enter the command in the terminal: <code>ssh -i /path/to/private_key.pem ubuntu@ubuntu.host.com</code></li> </ol>Windows SSH Setuphttps://linzeyan.github.io/posts/2023/20230103-windows-ssh-setup/Tue, 03 Jan 2023 12:36:00 +0800https://linzeyan.github.io/posts/2023/20230103-windows-ssh-setup/<ul> <li><a href="https://ansible.cloudns.pro/post/windows-ssh-setup/" target="_blank" rel="noopener">Windows SSH Setup</a></li> <li><a href="https://learn.microsoft.com/en-us/windows-server/administration/openssh/openssh_install_firstuse" target="_blank" rel="noopener">Install OpenSSH for Windows</a></li> </ul> <ol> <li>The default shell is cmd. The docs say to change the ansible_shell_type variable if needed. This should be set as a host variable in inventory: ansible_shell_type, with value cmd or powershell.</li> <li>Add the ansible_connection host variable in inventory to indicate SSH connections. (<code>192.168.192.11 ansible_user=Administrator ansible_connection=ssh ansible_shell_type=cmd </code>)</li> <li>You may need to add remote_tmp in ansible.cfg and set it to C:\TEMP.</li> <li>In playbooks, use modules prefixed with <code>win_</code>, or use the raw module.</li> </ol>SSH failing with Error : fatal: daemon() failed: No such devicehttps://linzeyan.github.io/posts/2021/20210304-ssh-failing-with-error-fatal-daemon-failed-no-such-device/Thu, 04 Mar 2021 18:48:39 +0800https://linzeyan.github.io/posts/2021/20210304-ssh-failing-with-error-fatal-daemon-failed-no-such-device/<ul> <li><a href="https://admin-ahead.com/forum/general-linux/ssh-failing-with-error-fatal-daemon%28%29-failed-no-such-device/" target="_blank" rel="noopener">SSH failing with Error : fatal: daemon() failed: No such device</a></li> </ul> <p>/var/log/secure</p> <p><code>Oct 10 10:58:05 vps sshd[23799]: fatal: daemon() failed: No such device</code></p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#75715e"># rm -vf /dev/null</span> </span></span><span style="display:flex;"><span>removed <span style="color:#e6db74">`</span>/dev/null<span style="color:#e6db74">`</span> </span></span><span style="display:flex;"><span>-bash-3.2# mknod /dev/null c <span style="color:#ae81ff">1</span> <span style="color:#ae81ff">3</span> </span></span><span style="display:flex;"><span>Started SSH and the SSH started responding: </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># service sshd restart</span> </span></span><span style="display:flex;"><span>Stopping sshd: <span style="color:#f92672">[</span> OK <span style="color:#f92672">]</span> </span></span><span style="display:flex;"><span>Starting sshd: <span style="color:#f92672">[</span> OK <span style="color:#f92672">]</span> </span></span><span style="display:flex;"><span>-bash-3.2# service sshd status </span></span><span style="display:flex;"><span>openssh-daemon <span style="color:#f92672">(</span>pid 30608<span style="color:#f92672">)</span> is running… </span></span></code></pre></div>New LibSSH Connection Plugin for Ansible Network Replaces Paramiko, Adds FIPS Mode Enablementhttps://linzeyan.github.io/posts/2020/20201125-new-libssh-connection-plugin-for-ansible-network/Wed, 25 Nov 2020 21:09:50 +0800https://linzeyan.github.io/posts/2020/20201125-new-libssh-connection-plugin-for-ansible-network/<ul> <li><a href="https://www.ansible.com/blog/new-libssh-connection-plugin-for-ansible-network" target="_blank" rel="noopener">New LibSSH Connection Plugin for Ansible Network Replaces Paramiko, Adds FIPS Mode Enablement</a></li> </ul> <h5 id="switching-ansible-playbooks-to-use-libssh">Switching Ansible Playbooks to use LibSSH</h5> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#75715e"># Installing LibSSH</span> </span></span><span style="display:flex;"><span>pip install ansible-pylibssh </span></span></code></pre></div><p>Using LibSSH in Ansible Playbooks</p> <p>Method 1. The <code>ssh_type</code> configuration parameter can be set to use libssh in the active <code>ansible.cfg</code> file of your project</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-toml" data-lang="toml"><span style="display:flex;"><span>[<span style="color:#a6e22e">persistent_connection</span>] </span></span><span style="display:flex;"><span><span style="color:#a6e22e">ssh_type</span> = <span style="color:#a6e22e">libssh</span> </span></span></code></pre></div><p>Method 2: Set the <code>ANSIBLE_NETWORK_CLI_SSH_TYPE</code> environment variable</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>$ export ANSIBLE_NETWORK_CLI_SSH_TYPE<span style="color:#f92672">=</span>libssh </span></span></code></pre></div><p>Method 3: Set the <code>ansible_network_cli_ssh_type</code> parameter to libssh within your playbook at the play level</p>SSH certificate login guidehttps://linzeyan.github.io/posts/2020/20200708-ssh-certificate/Wed, 08 Jul 2020 13:39:48 +0800https://linzeyan.github.io/posts/2020/20200708-ssh-certificate/<ul> <li><a href="https://www.ruanyifeng.com/blog/2020/07/ssh-certificate.html" target="_blank" rel="noopener">SSH certificate login guide</a></li> </ul> <h3 id="certificate-login-flow">Certificate login flow</h3> <p>Before using SSH certificate login, you need to generate certificates. The steps are:</p> <ol> <li>The user and the server both send their public keys to the CA.</li> <li>The CA uses the server public key to generate a server certificate and sends it to the server.</li> <li>The CA uses the user public key to generate a user certificate and sends it to the user.</li> </ol> <p>Once certificates are in place, the user can log in. SSH handles the whole process automatically.</p>