Carla Schroder Although using public key authentication instead of passwords is a great method for increasing the security of SSH transfers, transferring SSH identity keys can be a royal pain. First, you create your key pairs; then, you copy the public key into the correct locations on all the machines you want to log into. The keys must be in a particular format, and you must go into the correct directory with the correct permissions.

Fortunately, ssh-copy-id, a slick utility included with OpenSSH, makes it easy.

SSH is a secure remote administration utility with a seemingly endless variety of clever shortcuts and capabilities. For example, you can log in and execute a remote command with a single command, rather than first logging in and then typing the command:

carla@host1:~$ ssh terry@host2 ls ~
This is a fun example that also demonstrates a little gotcha- ls ~ will list Carla's home directory, not Terry's. If you want to see Terry's home directory you must specify ls /home/terry. You can do this with any one-off command, such as starting a backup script, viewing running processes or printing a document.

$ ssh-copy-id -i  id_rsa.pub terry@host2
ssh-copy-id copies identity keys in the correct format, makes sure file permissions and ownership are correct, and ensures a private key is not accidentally copied.

Using key-based authentication instead of passwords means you don't have to give away system passwords. To make it easier to manage multiple remote systems, you can give your keys any arbitrary names you want when you create them, like this:

$ ssh-keygen -t rsa -f id_apacheserver

When you connect, you simply name the correct key:

$ ssh -i id_apacheserver carla@host.alrac.net

Finally, don't forget the wonderful sshfs command for mounting an entire remote filesystem. It's much faster and easier than setting up a Samba or NFS server. First, create a local directory for the mountpoint, then fetch your remote filesystem:

$ sshfs hostname:/remotedir localdir/

Now, you can operate on the remote files as if they were local.

This article was first published on ServerWatch.com.