SSH

• Simplified Guide: Secure Shell (SSH)
• Wikibooks: SSH Multiplexing
• Debian Forum: X-Anwendungen mit SSH forwarden
• stribika: Secure Secure Shell (or how to make SSH secure)
• Stack Exchange: Does getting disconnected from an SSH session kill your programs?
• Ryan Lue: Using a GPG key for SSH Authentication
• ArchWiki SSH-Authentifizierung mit Schlüsselpaaren
• OpenBSD Manual Page: ssh_config - OpenSSH SSH client configuration files
• OpenBSD Manual Page: sshd_config - OpenSSH SSH daemon configuration file

• generate a SSH key:¹⁾ ssh-keygen -t rsa -b 4096 -C "user@domain"
• change the private key passphrase: ssh-keygen -p -f ~/.ssh/id_rsa
• show (own) SSH public key fingerprint: ssh-keygen -l
• publish (own) SSH public key to user@server: ssh-copy-id -i ~/.ssh/id_rsa.pub user@server
• list public key(s) of specific known host/server: ssh-keygen -F <host> -l
• remove key of host/server from known_hosts file: ssh-keygen -f ~/.ssh/known_hosts -R <host>
• show certificate information directly from server/host: ssh-keyscan <host>
• X11 forwarding: ssh -x user@domain

sudo ufw allow proto tcp from 192.168.178.0/24 to any port 22

• ~/.ssh/config: client configuration (possibly different from server to server, see Linux manual page ssh_config(5))
• ~/.ssh/known_hosts: known host(s) public key fingerprint (SSH will never ask you again, to accept the associated public key when SSL/TLS is running)
• ~/.ssh/id_rsa.pub: RSA public key²⁾
• ~/.ssh/id_dsa.pub: DSA public key³⁾
• ~/.ssh/id_ecdsa.pub: ECDSA public key
• ~/.ssh/id_ed25519.pub: (Bernstein) Curve ed25519 public key
• ~/.ssh/id_rsa: RSA private key

See below for a ~/.ssh/config example, which uses client keep-alive and connection multiplexing (for a particular host).

Host <name>
    HostName <host>
    IdentityFile ~/.ssh/id_rsa
    User <user>
    EscapeChar none
# multiplexing
    ControlPath ~/.ssh/controlmasters/%r@%h:%p
    ControlMaster auto
    ControlPersist 3h
# keep-alive
    TCPKeepAlive yes
    ServerAliveInterval 15
    ServerAliveCountMax 4