Transcript from the "Connecting to the Server" Lesson
[00:00:01]
>> Jem Young: And now I want to SSH into my server. Now that I'm going to create a secure connection to my server. The user that is, by default is root, the root user. So I'm going to try that now. So SSH root at my IP address.
>> Jem Young: And I'm gonna hit Yes.
[00:00:22] It's just saying hey, I've never met this server before. Are you sure this is what you wanna connect to? Which is really useful because let's say someone hacked your server and took it over. The signature is gonna be a little bit different. And it's really useful to know like hey, I'm trying to SSH into this server but it's not working anymore.
[00:00:41] And if you ever get something like you're SSHing, you're connected to a server and the SHA signature is changed, you should be a little careful because something's a little bit awry. Usually it's nothing but it's just a heads up. I'm just gonna say yes. Denied, man what happened there?
[00:01:01] Well, what happened is the default key pair is ID underscore SSH. And SSH is going to try to look there first. If that doesn't work, it's going to be like, I don't know, your key is not matching into the public key that we have in the server. So what we need to do is SSH dash I, and we're going to pass in the name of that private key that we passed in.
[00:01:24] So, fsfe2 and then we type root@
>> Jem Young: And I am on my server, you're on your server. And if you wanna see what's happening, and I won't pass the dash I this time around, I'm just gonna say root @ IP address. I'm gonna say dash V and it's gonna give me more details.
[00:01:54] This is helpful if you try to figure out hey, why is this thing not being accepted? Why did that work this time, that should not have worked, anyways. And this just more detail than you want to know but it's used to the dashboard command is useful for debugging if you're ever confused.
[00:02:12] And exit my server, I can just type exit in a back to my normal computer. You know that was, that was a pain. I don't want to type that every single time. So what we're gonna do is we're gonna add it to the key chain. This a great thing about OSX is it has this concept of keychain.
[00:02:29] Most computers do, I'm not sure if Windows does, but we're gonna add this to the keychain so that it's part of the regular keys that it checks. So when you SSH into a server, it's gonna say, this one is it. This one is this one, no, yes?
>> Speaker 2: I was gonna say, you don't have to do that once you've successfully connected, it automatically adds it to your keychain.
[00:02:46]
>> Jem Young: Really?
>> Speaker 2: That's why it didn't ask you the second time.
>> Jem Young: So I will say this because I tried this on a different computer, not every keychain is automatically configured to add the keys to the agent every time. Some computers are. But that's a really good point.
[00:03:00] I think the modern version of whatever version of OSX I'm in does that, but just in case it doesn't, you can say VI and we're going to modify the SSH config. So I'm going to say clear vi tilde dot SSH slash config.
>> Jem Young: And the AddKeysTo the agent just means, every time you successfully connect to server.
[00:03:27] It's automatically gonna check that next time. But they're not always true.
>> Jem Young: And then we just say use keychain, just saying the SSH key is going to use that. It's gonna look in the keychain first, rather than you have to pass it through manually. Don't worry about the other stuff, that's because this is my work computer.
[00:03:49]
>> Jem Young: All right.
>> Jem Young: And then if you need to, you can use ssh-add -k and that will manually add that to the teaching if you want, if you don't want to enable the doing it automatically. But I would assume most people's computer is set up is for people at home who are using a different configuration, maybe a different operating system entirely.
[00:04:20]
>> Jem Young: Just get the SSH into our server. I'm gonna hold here for now. But
>> Jem Young: And we're on. We are on a server now. We're on a server somewhere in the world depending on where your data center is. Important things to note, this hash, octothorpe, whatever you want to call it, that means we're on as a superuser.
[00:04:48] We're on as the group. Now, being root is dangerous, and one of the first things we're gonna do is we're gonna switch out of root, because root, it will let you do anything you want. You wanna remove your entire directory, you wanna move everything, it'll let you do it.
[00:05:01] It won't give you any warnings. When we switch out of being a super user, it means if we do something that is restricted in permissions, we have to manually override that every time. We don't want to go around that. It's really really tempting to be to do everything as root.
[00:05:16] But because there are no guardrails as root, it's assuming you know what you're doing, you can get yourself into a really bad spot. But a little bit later we're going to learn how to create a new user that has root permissions, but by default is not root.