1. What to do:

SSH (Secure Shell): ssh user@hostname requires typing password each time which can be annoying. Using SSH Key-Based Authentication is an alternative.

Generate a key pair:

In you local computer(Mac/Linux), generate a key pair


you will see:

Generating public/private rsa key pair.
Enter file in which to save the key (/home/username/.ssh/id_rsa):

You can save to another directory if you know what you are doing. It will then generate a id_rsa and id_rsa.pub, the private and public key pair.

It then will prompt options for you to configure, won’t go wrong, but you would better leave the pass-phase blank, otherwise you will have to type extra password to using this key pair for ssh authentication.

2. Copy the public key to your remote server:

Copy the id_rsa.pub to the server.

ssh-copy-id use@remote_host

This will copy the contents of id_rsa.pub into a file called .ssh/authorized_keys in the remote user’s home directory.

If you don’t have ssh-copy-id in you local, you can simple copy it manually by scp, e.g.

scp ~/.ssh/id_rsa.pub user@remote_host:~/.ssh/authorized_keys

3. Set config for sshing to the remote server:

Then you will be able to ssh to remote host by:

ssh -i ~/.ssh/id_rsa user@remote_host

to make it even more simpler:

vim ~/.ssh/config

Add these lines to it:

Host my_remote_server
    User user
    HostName ip4
    IdentityFile ~/.ssh/github_key

Then you can just do ssh my_remote_server.

4. Reverse Tunnel:

SSH from remote server to a router nested host (your local)

Option1: setup port forwarding in the local host, say configure router’s port 3000 to map to local host’s port 22.

Option2: open a live connection from the firewall nested host

target-nested-host$ ssh -f -N -T -R22222:localhost:22 my-server-host

Then, you should be able to ssh into a public server host:

operational-host$ ssh my-server-host

Then in the remote shell:

my-server-host$ ssh -i key_to_target_host -p 22222 localhost

Use case; I have a remote server and a linux box that connected to a router, I want someone else to connect to the box via ssh, and due to my complex router-network setup, this is actually the simplest solution.