this post was submitted on 20 Oct 2023
31 points (89.7% liked)
Linux
48078 readers
1000 users here now
From Wikipedia, the free encyclopedia
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.
Rules
- Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
- No misinformation
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
Community icon by Alpár-Etele Méder, licensed under CC BY 3.0
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
If your goal is to have a list of synchronized "bookmarks" for all the servers you want to talk to, and you want passwordless access, yes.
The conventional way to set this up is that each client machine (I guess you have three?) has a private ssh key. Each server (you have two rented VPSes, plus apparently some on your home network, based on your other comment) has a list of fingerprints of private keys that it trusts in ~/.ssh/authorized_keys. If a client has a trusted private key, it's permitted passwordless access as thst user. If a client is compromised -- like, you lose your Android phone -- you remove the key fingerprint from the servers, but normally, the authorization is a one-off affair.
If you have a mostly-unchanging and small list of servers, I wouldn't even bother with synchronizing a list of host bookmarks myself, unless you're worried about remembering the names. You've only got three clients and a handful of servers, and if you can remember the names of the servers (like, someone else didn't impose a naming scheme on you with long and elaborate names, which doesn't sound like it's the case), it's not essential to do synchronization at all. I'd just type out the name of the server each time, or if I want to shave off a few taps on Android, manually set up a shortcut in ConnectBot or whatever Android ssh client you use. But it sounds like you want to be able to do that bookmarking. So assuming that that is the case:
Openssh and dropbear don't really have a list of "bookmarks". Well, I guess that in bash, you can tab-complete on entries in /etc/hosts. I don't know if that's what you want. What I mean is that as long as you can have a piece of software that can maintain a list of URLs, including ssh: URLs, and can open them in an external program, you've got a way of keeping a list of hosts. If you have a Markdown or org-mode or text editor that can open ssh URLs with an external program -- like, I can do that in Emacs -- that'd do it. If you have a "bookmark manager" that maintains a synchronized list of URLs -- and it can open ssh URLs in an external program -- across systems, that'd do it. I don't use a bookmark manager, but I know that they exist. So you'd have something like:
So if you don't mind using, say, ConnectBot on Android, which is a free and open-source client but Android-specific, and if it can handle ssh: URLs shared by other programs -- I don't know -- then you can have the other program manage your bookmarks and open them in your SSH client.
But if your only concern is passwordless access for one user on three clients and a handful of servers, like I said, I personally probably wouldn't bother with any synchronization system or bookmarks at all. It'd only buy much if you couldn't remember the server names or they were constantly changing. I've used ssh for many years, sometimes with a bunch of ssh-accessible hosts in labs, and never bothered to set up a bookmarking system to choose servers from a list.
If you've never done passwordless access, and that's the issue, setting up passwordless access is gonna vary, but normally it'll look like this, if both ends are gonna use OpenSSH:
ssh-keygen
on client. Follow directions. Now the client has a pubkey and privkey in ~/.ssh/ at id_rsa.pub and id_rsa.ssh-copy-id me@server1
on client. Log in once with password at prompt. This basically just appends ~/.ssh/id_rsa.pub to ~/.ssh/authorized_keys on the server. Permissions on that file do matter; which is a common gotcha if people manually create the file; I believe that ssh-copy-id will set it up correctly for you.With PuTTY or other ssh clients, there will be a comparable way to generate a pubkey.
You bring some valid points up. Considering the low number of servers and clients I might need to reach, a sync certainly isn't critical. I sought it out because I started distro-hopping when I built my first dedicated Linux PC recently and was annoyed having to set up the password-less logon to the servers I use. Now that I've settled, it's not a concern anymore. And if I do want to try another down the road, I can make sure to back up the config files and import them in the new OS.
I actually lied. I said that OpenSSH doesn't have a "bookmarking" feature. OpenSSH does have a "bookmarking" feature -- the Host entries in ~/.ssh/config, with a Hostname field.
I haven't used that feature much, since normally, I'd rather add a short hostname to /etc/hosts, and then all software on the system can use that short hostname, not just OpenSSH.
The last time I used it was to set up a tunnel that bounced through multiple machines running ssh servers with a single command, over a decade ago, which is something else it can do.
But it is there.
How dare you!
In all seriousness that's good to know. Gives me options to pick from. Thanks!