Setting up SSH access for your machine 2
2 Jul 2024Rails 6 posits an interesting time in Rails development history. For us at Sentia, we have different deployment processes based on whether the application in question uses Node.js as opposed to Sprockets, or Docker deployment as opposed to classic symlinking deployment with Mina or Capistrano.
As a result, our Rails 6 apps vary widely in their deployment architectures compared to other historical points in Rails’ lifecycle. Having said this, one constant, no matter what deployment stack, is the need for SSH access to a host server.
What the hell is SSH?
Secure Shell is a fun, headless way to access another computer.
If you’ve ever used PuTTy or TeamViewer, SSH is just the terminal equivalent. In order to access a remote Unix host, you need to know the following:
- the user that can access the machine via ssh (usually ubuntu, deploy or root)
- the host or URL that points to the machine
- a PEM key that allows aforementioned access to the machine without your own key
- your very own public and private key set
nb: Once you’re properly set up, you won’t need the PEM key anymore.
The first thing you want to do is run the following
bash
ssh-keygen
This generates a file that you will eventually place on the server, and use instead of the PEM key to log in.
Nex run
bash<br />cat ~/.ssh/id_rsa.pub<br />
and copy the output to your clipboard. You’ll need this later!
With your public key in the clipboard, run
cp /pem/file/location ~/.ssh/ && chmod 400 ~/.ssh/nameofkey.pem
to add the provided PEM key to your ssh directory.If you’re wondering, chmod sets the modification permissions to “400” meaning you give read access to the file owner, and absolutely zero read / write / execute permissions to anyone else.
Once that is set up, run ssh -i ~/.ssh/filenname.pem username@host
and provided there’s no whitelisting on the server, you should now be logged in as deploy user on the remote machine! But we’re not done yet. Time to add your own key to the server.
Provided you still have your newly generated key in your clipboard, you can add it to the server by running nano ~/.ssh/authorized_keys
, pasting the key, and saving with control+O (the letter, not the number!)To go over what you just achieved, you were provided a server host, username and authentication, but had no way of allowing your own machine to log in without pretending to be someone else. By using the PEM key to log in, then adding your own key to the server, you have negated the need to use someone else’s key at all!If you did this right, you should now be able to run ssh username@host without said PEM key, and all should work fine.If you want to automate further, here’s a nice way to alias your SSH commands by adding an entry to ~/.ssh/config. Here’s an example:
Host my-website-prod
Hostname mywebsite.com.au
IdentityFile ~/.ssh/id_rsa.pub
User root
Port 6688
Running ssh my-website-prod
is the same as running ssh <a aria-expanded="false" aria-haspopup="menu" data-remove-tab-index="true" data-sk="tooltip_parent" data-stringify-link="mailto:root@mywebsite.com.au" delay="150" rel="noopener noreferrer" tabindex="-1" target="_blank" href="mailto:root@mywebsite.com.au">root@mywebsite.com.au</a> -P 6688
. Happy hacking!