- Linux Administration Cookbook
- Adam K. Dean
- 429字
- 2021-07-02 14:24:26
Summary
While I've spent this chapter describing some brilliant things that SSH is capable of and singing its praises throughout, it's worth highlighting that it's still software, and it's also constantly evolving. Because it's software, it can have bugs and unexpected behavior, though the developers behind it are some of the best, what with it being part of the OpenBSD suite of software.
If you take anything away from this chapter, make it the following:
- Use key-based authentication
- Disable root login over SSH
- Use a local SSH config file for connecting to remote machines
I'd highly recommend signing up to the various SSH mailing lists if you're a bit sad like I am, and keeping an eye out for new features that might capture your imagination. ProxyJump hasn't been around for long, and it's very handy.
I do recall instances that SSH wound me up in some form or other, such as the time I spent a long hour or two bashing my head against a desk, trying to work out why SSH just wouldn't read a private RSA file, only to discover that it needed the public half to be in the same folder too, on the local machine. That's a considerable amount of time I won't get back, but it's a mistake I won't make twice.
That said, I can also share many more instances where SSH has downright impressed me, and made my life easier. It's basically the Swiss Army knife of system administration, and not just because it's usually the way you connect to a box.
People use SSH for administration, transferring backups, moving files between boxes, automation using tools such as Ansible, wrapping other connections inside, and much more.
It's solid, secure, and a pleasure to use. It works on Linux, macOS, the BSDs, Solaris, and even Windows!
Here's a big thanks to SSH, and OpenSSH specifically.