Guide: SSH: Difference between revisions
No edit summary |
No edit summary |
||
| Line 277: | Line 277: | ||
After cleanup, new SSH connections will automatically establish fresh master sessions. | After cleanup, new SSH connections will automatically establish fresh master sessions. | ||
= Advanced SSH Configuration = | |||
Once you have generated and imported your SSH key pair, you can simplify and improve your SSH experience by creating a personal SSH configuration file. | |||
This file, typically located at `~/.ssh/config`, lets you store connection details, reuse existing connections, and keep sessions stable — all of which are especially useful when managing multiple OpenStack instances. | |||
== 🧩 Organizing and Simplifying SSH Connections == | |||
Instead of remembering long commands, you can define named host entries in your SSH configuration file. | |||
<pre> | |||
Host proxy | |||
HostName 134.155.111.181 | |||
User opensuse | |||
IdentityFile ~/.ssh/myKey | |||
</pre> | |||
You can now connect simply with: | |||
<pre> | |||
ssh proxy | |||
</pre> | |||
'''Explanation:''' | |||
* '''Host''' — a nickname for your connection | |||
* '''HostName''' — the actual IP address or DNS name of the instance | |||
* '''User''' — the default login username | |||
* '''IdentityFile''' — path to your private key (if not the default `id_rsa`) | |||
This approach helps you manage multiple instances with short, readable aliases. | |||
== ⚡ Reusing Existing SSH Connections (ControlMaster) == | |||
If you frequently connect to the same instance, SSH can reuse a single network connection instead of opening new ones each time. | |||
This reduces connection overhead and speeds up subsequent logins. | |||
<pre> | |||
Host proxy | |||
ControlMaster auto | |||
ControlPersist 1h | |||
ControlPath ~/.ssh/master-%C | |||
</pre> | |||
'''Explanation:''' | |||
* '''ControlMaster auto''' — enables connection sharing automatically | |||
* '''ControlPersist 1h''' — keeps the master connection open for one hour after the last session ends | |||
* '''ControlPath''' — specifies the socket file used for multiplexing (the `%C` variable creates a unique hash per connection) | |||
'''Tip:''' | |||
With these options, once you connect to `proxy` once, further SSH or SCP commands to the same host will reuse that connection and start instantly. | |||
== 🌐 Keeping Connections Alive == | |||
Long-running SSH sessions can sometimes time out due to network inactivity. | |||
To prevent this, configure SSH to send periodic keepalive messages. | |||
<pre> | |||
Host * | |||
ServerAliveInterval 60 | |||
ServerAliveCountMax 3 | |||
TCPKeepAlive yes | |||
</pre> | |||
'''Explanation:''' | |||
* '''ServerAliveInterval 60''' — sends a keepalive message every 60 seconds | |||
* '''ServerAliveCountMax 3''' — disconnects only after three unanswered keepalives (≈3 minutes) | |||
* '''TCPKeepAlive yes''' — uses low-level TCP keepalive as an additional safeguard | |||
This ensures stable, long-lasting sessions even over less reliable networks. | |||
== 🧯 Troubleshooting Frozen SSH Sessions == | |||
Occasionally, SSH master connections can freeze or hang, especially after network interruptions. | |||
In such cases, you can manually terminate or clean up the stale connection. | |||
=== a) Identifying and killing master processes === | |||
List all master sockets and their processes: | |||
<pre> | |||
lsof -U 2>/dev/null | grep master- | |||
</pre> | |||
Terminate the corresponding processes: | |||
<pre> | |||
kill -9 <PID> | |||
</pre> | |||
=== b) Removing stale master socket files === | |||
Delete leftover socket files: | |||
<pre> | <pre> | ||
rm ~/.ssh/master-* | rm ~/.ssh/master-* | ||
</pre> | </pre> | ||
After cleanup, new SSH connections will automatically establish fresh master sessions. | |||
== ✅ Summary == | |||
{| class="wikitable" | |||
! Goal | |||
! Key Configuration Options | |||
|- | |||
| Simplify connection commands | |||
| <code>Host</code>, <code>HostName</code>, <code>User</code>, <code>IdentityFile</code> | |||
|- | |||
| Reuse SSH sessions | |||
| <code>ControlMaster</code>, <code>ControlPersist</code>, <code>ControlPath</code> | |||
|- | |||
| Keep sessions alive | |||
| <code>ServerAliveInterval</code>, <code>ServerAliveCountMax</code>, <code>TCPKeepAlive</code> | |||
|- | |||
| Fix frozen sessions | |||
| Kill master processes, remove <code>master-*</code> sockets | |||
|} | |||
Revision as of 19:46, 30 October 2025
Key Pair Generation and Import
Generating an SSH Key Pair Locally
🐧 Linux / 🍎 macOS
Open a terminal and run the following command:
ssh-keygen -t rsa -b 4096 -f ~/.ssh/myKey
When prompted, enter a secure passphrase. Record it safely — without it, you won't be able to use the key pair.
This creates two files:
- Private key:
~/.ssh/myKey - Public key:
~/.ssh/myKey.pub
Note: If you copy the key pair to or from another system, ensure that the private key has correct (restricted) permissions:
chmod 600 ~/.ssh/myKey
Now you can import your public key into the Dashboard.
🪟 Windows
Open Command Prompt (Click the Start menu, type cmd into the search bar and press Enter). Then run the following commands:
mkdir C:\Users\%USERNAME%\.ssh
ssh-keygen -t rsa -b 4096 -f C:\Users\%USERNAME%\.ssh\myKey
When prompted, enter a secure passphrase. Record it safely — without it, you won't be able to use the key pair.
This creates two files:
- Private key:
C:\Users\%USERNAME%\.ssh\myKey
- Public key:
C:\Users\%USERNAME%\.ssh\myKey.pub
Note: If you copy the key pair to or from another system, ensure that the private key has correct (restricted) permissions:
icacls "%USERPROFILE%\.ssh\myKey" /inheritance:r /grant:r "%USERNAME%:(R,W)"
Now you can import your public key into the Dashboard.
Importing an Existing SSH (Public) Key via Dashboard
To use a key you generated on your device:
- Log in to the Dashboard.
- Go to: Project → Compute → Key Pairs.
- Click Import Public Key.
- In the dialog:
- Enter a unique name.
- Make sure SSH Key is selected as the key type.
- Upload your public key file (e.g.,
myKey.pub) or paste the contents of it.
- Click Import Public Key.
Your public key name should now appear in the list and is ready for use.
Creating an SSH Key Pair via Dashboard
If you don’t have a key pair yet or prefer using the Dashboard:
- Log in to the Dashboard.
- Go to: Project → Compute → Key Pairs.
- Click Create Key Pair.
- In the dialog:
- Enter a unique name.
- Make sure SSH Key is selected as the key type.
- Click Create Key Pair.
The public key name should now appear in the list and the private key will be automatically downloaded — save it securely, as you won’t be able to download it again.
Advanced SSH Configuration
Once you have generated and imported your SSH key pair, you can simplify and improve your SSH experience by creating a personal SSH configuration file.
This file, typically located at ~/.ssh/config, lets you store connection details, reuse existing connections, and keep sessions stable — all of which are especially useful when managing multiple OpenStack instances.
1. Organizing and Simplifying SSH Connections
Instead of remembering long commands, you can define named host entries in your SSH configuration file.
<syntaxhighlight lang="bash">
Host proxy
HostName 134.155.111.181 User opensuse IdentityFile ~/.ssh/myKey
</syntaxhighlight>
You can now connect simply with: <syntaxhighlight lang="bash"> ssh proxy </syntaxhighlight>
Explanation:
Host— a nickname for your connectionHostName— the actual IP address or DNS name of the instanceUser— the default login usernameIdentityFile— path to your private key (if not the defaultid_rsa)
This approach helps you manage multiple instances with short, readable aliases.
2. Reusing Existing SSH Connections (ControlMaster)
If you frequently connect to the same instance, SSH can reuse a single network connection instead of opening new ones each time.
This reduces connection overhead and speeds up subsequent logins.
<syntaxhighlight lang="bash"> Host proxy
ControlMaster auto ControlPersist 1h ControlPath ~/.ssh/master-%C
</syntaxhighlight>
Explanation:
ControlMaster auto— enables connection sharing automaticallyControlPersist 1h— keeps the master connection open for one hour after the last session endsControlPath— specifies the socket file used for multiplexing (the%Cvariable creates a unique hash per connection)
Tip:
With these options, once you connect to proxy once, further SSH or SCP commands to the same host will reuse that connection and start instantly.
3. Keeping Connections Alive
Long-running SSH sessions can sometimes time out due to network inactivity.
To prevent this, configure SSH to send periodic keepalive messages.
<syntaxhighlight lang="bash"> Host *
ServerAliveInterval 60 ServerAliveCountMax 3 TCPKeepAlive yes
</syntaxhighlight>
Explanation:
ServerAliveInterval 60— sends a keepalive message every 60 secondsServerAliveCountMax 3— disconnects only after three unanswered keepalives (≈3 minutes)TCPKeepAlive yes— uses low-level TCP keepalive as an additional safeguard
This ensures stable, long-lasting sessions even over less reliable networks.
4. Troubleshooting Frozen SSH Sessions
Occasionally, SSH master connections can freeze or hang, especially after network interruptions.
In such cases, you can manually terminate or clean up the stale connection.
a) Identifying and killing master processes
List all master sockets and their processes:
<syntaxhighlight lang="bash"> lsof -U 2>/dev/null | grep master- </syntaxhighlight>
Terminate the corresponding processes:
<syntaxhighlight lang="bash"> kill -9 <PID> </syntaxhighlight>
b) Removing stale master socket files
Delete leftover socket files:
<syntaxhighlight lang="bash"> rm ~/.ssh/master-* </syntaxhighlight>
After cleanup, new SSH connections will automatically establish fresh master sessions.
Advanced SSH Configuration
Once you have generated and imported your SSH key pair, you can simplify and improve your SSH experience by creating a personal SSH configuration file. This file, typically located at ~/.ssh/config, lets you store connection details, reuse existing connections, and keep sessions stable — all of which are especially useful when managing multiple OpenStack instances.
🧩 Organizing and Simplifying SSH Connections
Instead of remembering long commands, you can define named host entries in your SSH configuration file. <syntaxhighlight lang="bash"> Host proxy HostName 134.155.111.181 User opensuse IdentityFile ~/.ssh/myKey </syntaxhighlight>
You can now connect simply with: <syntaxhighlight lang="bash"> ssh proxy </syntaxhighlight>
Explanation:
Host — a nickname for your connection
HostName — the actual IP address or DNS name of the instance
User — the default login username
IdentityFile — path to your private key (if not the default id_rsa)
This approach helps you manage multiple instances with short, readable aliases.
⚡ Reusing Existing SSH Connections (ControlMaster)
If you frequently connect to the same instance, SSH can reuse a single network connection instead of opening new ones each time. This reduces connection overhead and speeds up subsequent logins. <syntaxhighlight lang="bash"> Host proxy ControlMaster auto ControlPersist 1h ControlPath ~/.ssh/master-%C </syntaxhighlight>
Explanation:
ControlMaster auto — enables connection sharing automatically
ControlPersist 1h — keeps the master connection open for one hour after the last session ends
ControlPath — specifies the socket file used for multiplexing (the %C variable creates a unique hash per connection)
Tip: With these options, once you connect to proxy once, further SSH or SCP commands to the same host will reuse that connection and start instantly.
🌐 Keeping Connections Alive
Long-running SSH sessions can sometimes time out due to network inactivity. To prevent this, configure SSH to send periodic keepalive messages. <syntaxhighlight lang="bash"> Host * ServerAliveInterval 60 ServerAliveCountMax 3 TCPKeepAlive yes </syntaxhighlight>
Explanation:
ServerAliveInterval 60 — sends a keepalive message every 60 seconds
ServerAliveCountMax 3 — disconnects only after three unanswered keepalives (≈3 minutes)
TCPKeepAlive yes — uses low-level TCP keepalive as an additional safeguard
This ensures stable, long-lasting sessions even over less reliable networks.
🧯 Troubleshooting Frozen SSH Sessions
Occasionally, SSH master connections can freeze or hang, especially after network interruptions. In such cases, you can manually terminate or clean up the stale connection.
a) Identifying and killing master processes
List all master sockets and their processes: <syntaxhighlight lang="bash"> lsof -U 2>/dev/null | grep master- </syntaxhighlight>
Terminate the corresponding processes: <syntaxhighlight lang="bash"> kill -9 <PID> </syntaxhighlight>
b) Removing stale master socket files
Delete leftover socket files: <syntaxhighlight lang="bash"> rm ~/.ssh/master-* </syntaxhighlight>
After cleanup, new SSH connections will automatically establish fresh master sessions.
Advanced SSH Configuration
Once you have generated and imported your SSH key pair, you can simplify and improve your SSH experience by creating a personal SSH configuration file. This file, typically located at `~/.ssh/config`, lets you store connection details, reuse existing connections, and keep sessions stable — all of which are especially useful when managing multiple OpenStack instances.
🧩 Organizing and Simplifying SSH Connections
Instead of remembering long commands, you can define named host entries in your SSH configuration file.
Host proxy
HostName 134.155.111.181
User opensuse
IdentityFile ~/.ssh/myKey
You can now connect simply with:
ssh proxy
Explanation:
- Host — a nickname for your connection
- HostName — the actual IP address or DNS name of the instance
- User — the default login username
- IdentityFile — path to your private key (if not the default `id_rsa`)
This approach helps you manage multiple instances with short, readable aliases.
⚡ Reusing Existing SSH Connections (ControlMaster)
If you frequently connect to the same instance, SSH can reuse a single network connection instead of opening new ones each time. This reduces connection overhead and speeds up subsequent logins.
Host proxy
ControlMaster auto
ControlPersist 1h
ControlPath ~/.ssh/master-%C
Explanation:
- ControlMaster auto — enables connection sharing automatically
- ControlPersist 1h — keeps the master connection open for one hour after the last session ends
- ControlPath — specifies the socket file used for multiplexing (the `%C` variable creates a unique hash per connection)
Tip: With these options, once you connect to `proxy` once, further SSH or SCP commands to the same host will reuse that connection and start instantly.
🌐 Keeping Connections Alive
Long-running SSH sessions can sometimes time out due to network inactivity. To prevent this, configure SSH to send periodic keepalive messages.
Host *
ServerAliveInterval 60
ServerAliveCountMax 3
TCPKeepAlive yes
Explanation:
- ServerAliveInterval 60 — sends a keepalive message every 60 seconds
- ServerAliveCountMax 3 — disconnects only after three unanswered keepalives (≈3 minutes)
- TCPKeepAlive yes — uses low-level TCP keepalive as an additional safeguard
This ensures stable, long-lasting sessions even over less reliable networks.
🧯 Troubleshooting Frozen SSH Sessions
Occasionally, SSH master connections can freeze or hang, especially after network interruptions. In such cases, you can manually terminate or clean up the stale connection.
a) Identifying and killing master processes
List all master sockets and their processes:
lsof -U 2>/dev/null | grep master-
Terminate the corresponding processes:
kill -9 <PID>
b) Removing stale master socket files
Delete leftover socket files:
rm ~/.ssh/master-*
After cleanup, new SSH connections will automatically establish fresh master sessions.
✅ Summary
| Goal | Key Configuration Options |
|---|---|
| Simplify connection commands | Host, HostName, User, IdentityFile
|
| Reuse SSH sessions | ControlMaster, ControlPersist, ControlPath
|
| Keep sessions alive | ServerAliveInterval, ServerAliveCountMax, TCPKeepAlive
|
| Fix frozen sessions | Kill master processes, remove master-* sockets
|