ssh/README.md

# SSH

## Create key

```bash
ssh-keygen -t ecdsa -b 521

# specif an file
ssh-keygen -t ecdsa -b 521 -f ~/.ssh/key-ecdsa
```

## Copy public key

```bash
ssh-add ~/.ssh/id_ed25519
ssh-copy-id -i ~/.ssh/y-ecdsa.pub example_user@192.0.2.4
```

## Add existing Key

```bash
ssh-add ~/.ssh/key-ecdsa
```

## Alias

```bash
Host srv01
    HostName srv01.lan
    User john
    RemoteCommand cd ~/; exec bash --login
    RequestTTY yes
```

## Port Binding

Bind local port 8001 to target-server port 80 using jump-machine.local.  
_(local machine without direct access to target-server)_

```bash
ssh -f -N -L localhost:8001:target-server:80 usr@jump-machine.local
```

### kubernetes - ssh client

```yaml
kind: Pod
metadata:
  name: ssh-client
  labels:
    app: ssh-client
spec:
  containers:
    - name: ssh-client
      image: git.limbosolutions.com/kb/ssh-client:latest
      tty: true
      command: ["bash", "-c"]
      args:
        - |
        set -e
        eval `ssh-agent` 
        ssh-keyscan -p ${SRV_PORT} -H ${SRV_HOST} > ~/.ssh/known_hosts
        ssh ${SRV_HOST}@${SRV_USER} -p ${SRV_PORT} "ls -lah" && \
        echo "INFO:Remote command executed!"
      env:
        - name: SRV_HOST
          valueFrom:
            secretKeyRef:
              name: backup-secrets
              key: SRV_HOST

        - name: SRV_PORT
          valueFrom:
            secretKeyRef:
              name: backup-secrets
              key: SRV_PORT

        - name: SRV_USER
          valueFrom:
            secretKeyRef:
              name: backup-secrets
              key: SRV_USER

      volumeMounts:
        - name: backup-secrets
          subPath: SSH_PRIVATE_KEY
          mountPath: /root/.ssh/id_ed25519

  volumes:
    - name: backup-secrets
      secret:
        secretName: backup-secrets
        defaultMode: 0600
        items:
          - key: SSH_PRIVATE_KEY
            path: SSH_PRIVATE_KEY
```