Connecting Remotely to Linux Servers
Aug 3, 20120 access_time1 min read.
You often see users connecting to a server using ssh remote_username@remote_host. Although
this does the job, there is an alternate method you could employ. This method makes your life easier
if you have different connections. Make sure that the ssh directory is only accessible to you by typing
chmod 700 ~/.ssh.
Identify the Keys
When you generate the ssh key pair, append
the remote server identification to the key. For example, if you have Digital Ocean, Github, and GitLab,
you would identify the keys as id_rsa.do, id_rsa.gh, and
id_rsa_gl respectively. Of course, the public keys would be id_rsa.do.pub,
id_rsa.gh.pub, and id_rsa_gl.pub.
Setting Up Connections
Edit the config file vim ~/.ssh/config
# Digital Ocean web server.
Host do_web
User jsmith
Hostname 133.205.1.1
PreferredAuthentications publickey
IdentityFile ~/.ssh/id_rsa.do
Port 22
# Digital Ocean Postgres database.
Host do_db
User jsmith
Hostname 133.206.1.2
PreferredAuthentications publickey
IdentityFile ~/.ssh/id_rsa.do
Port 22
Connecting to the Server
Once the keys have been configured:
- To connect to the web server, on the terminal type:
- ssh do_web
- When you need to access the database server, type:
- ssh do_db
Note
There are security practitioners who recommend changing port 22 to a different port number (i.e., 24318). Since you are using another port number, you created the administrative task of keeping a reference to that specific number rather than the well known port 22. This is equivalent to using a different port to serve secure web applications rather than the standard port 443.
An attacker targeting ssh login will do a port scan in case port 22 is closed or not responding. You are better off applying the required OS patches, using the appropriate chmod, disabling remote logon, etc. In other words, implement best practices and not security through obscurity.