SSH is a common secure type of remote connection to access to servers or other computers in the same or different network, it's important to remember this few tips for using SSH effectively; you will need it to connect to your Raspberry PI if you don't use a display.
Let's see a few of them:
- The two-factor authentication for SSH.
- Use safe agent-forwarding.
- Exit out of SSH session.
- leave the terminal open on disconnecting.
- share a remote connection with friend mates.
Let's start with the first point, you will see that there are different ways to add a second factor for SSH authentication and ensure in this way your connection.
1.- Use hardware tokens (USB Key).
Around February 2020, support for Universal Second Factor tokens was added to OpenSSH connection. This is a great new feature, but there are thinks that we have to consider before to use it.
Around February 2020, support for Universal Second Factor tokens was added to OpenSSH connection. This is a great new feature, but there are thinks that we have to consider before to use it.Since this update adds new key types to support tokens, it can only be used if you update both the client and server. The current version of the client can be checked with the command ssh -V, for the remote server it depend of the OS, check your OS information to know who to check it.
Two new types of keys were added - ecdsa - skand ed25519 - sk . To create key files, insert your token into your computer and run the command$ ssh -keygen -t ecdsa-sk -f This command will create the public and private keys associated with your token. The private key on the device is used to decrypt the private key file stored on disk.
Also, as a second factor, you can set a password for key files. OpenSSH supports another variant of key generation, a'resident' key. In this case, key files are stored on a token. This way, you will always have your keys with you.
To transfer a key file to a new machine, insert the key media and execute the command ssh-add -k. You will need to activate your token.
More information: https://www.ssh.com/ssh/key/
2.- Safe use of agent forwarding (UNTIL HERE, DRAFT)
SSH key forwarding gives remote host access to your local SSH agent. When your SSH client uses key forwarding, there are 2 channels in the connection:
- Your interactive session.
- The key forwarding channel.
The local SSH agent creates an IPC socket that connects to the remote host through this channel. This is dangerous because a root user on the remote host has access to your local SSH agent and can potentially use it to access network resources on your behalf. With the standard SSH agent that comes with OpenSSH, you will never know what happened. But if you use a U2F key, you will be able to stop any attempts to use your SSH agent.Even with this limitation, periodic use of key forwarding is perfectly acceptable.
Do not use this method for all of your connections. Use it only if you are sure you need it in specific situations.
3.- Exit out of SSH session
SSH sessions often hang due to network interruptions, loss of control of a program being executed, or one of the terminal escape sequences that block keyboard input.
Here are some ways to get out of a frozen session:
Automatic logout in case of network failure.
In your SSH configuration files [.ssh/config] you need to add the next command:
ServerAliveInterval 5
ServerAliveCountMax 1
ssh will test the connection by sending echo requests to the remote host every ServerAliveIntervalseconds. If more than ServerAliveCountMaxsuch requests go unanswered, SSH will close the connection.
In this situation you will have sure about the current situation in your server to avoid that any ssh connection remains open without your control.
Terminate the session.
SSH uses a character ~ as the default escape sequence. The command ~ closes the current connection and returns to the terminal.
(remember that you can enter escape sequences only on a new line).
The command ~? displays a list of commands that can be used in the current session. If you have a keyboard with multiple languages, you may have to press the button ~ twice to send this character.
Leave the terminal open on disconnecting
There are two options for how to save the session when you switch between networks or want to disconnect for a while:
Use Mosh or External Terminal.
If you really need a connection that doesn't drop even if you switch between networks, use Mosh - the mobile shell. Mosh is a secure shell that uses SSH to initialize a session and then switch to its own encrypted channel. This channel is very stable. It can handle a variety of situations, including internet disconnects, changing your laptop's IP address, high network latency, and more.
To use Mosh, you need to install it on both your server and client and open ports for incoming UDP traffic on your remote host. Then just dial mosh user@server connect.
Mosh works at the level of terminal screens and keystrokes, and this gives it many advantages over SSH, which transfers a binary stream of standard I/O between the client and server. If we need to synchronize only the terminal screen and keystrokes, then the interrupted connection can then be restored much faster. SSH would have to buffer and forward whatever happened, while Mosh would only need to store the keystrokes and synchronize the last state of the terminal window with the client.
More information: https://mosh.org/
Use tmux.
If you want to connect and disconnect as you please and keep the same session on the remote host, use the tmux terminal. If your SSH connection drops, just connect again and type tmux attach to return to your session tmux. It has some great additional features in tabs and panels, the same as in the macOS terminal and the ability to share the terminal with friends.Some people improve tmux with Byobu, a package that adds many handy functions and keyboard shortcuts. Byobu ships with Ubuntu and is easy to install on macOS via the Homebrew package manager.
Read more: https://phoenixnap.com/kb/tmux-tutorial-install-commands#:~:text=Tmux%20is%20a%20Linux%20application,reattach%20to%20a%20running%20process.
Share a remote connection with friends:
When solving a complex problem in servers in different task, It would be useful to share the SSH session with someone else who is in a different location.
tmux is the best terminal sharing tool for that. So, you need to do the following:
Make sure it is tmux installed on your server.
You both need to connect to the server via SSH using the same account.
One of you must run tmux for the tmux session to be created .
Another has to execute the command tmux attach.
Source: https://github.com/tmux/tmux/wiki
It's done ! You have shared the terminal.