Skip to content
Planet Argon Planet Argon Engineering Handbook

SSH

Secure Shell (SSH) is a cryptographic network protocol used primarily for secure remote login and other secure network services over an unsecured network. SSH provides a secure channel in a client-server architecture, connecting an SSH client application with an SSH server. It provides strong password and public key authentication, encrypted data communication, and it’s broadly used in a wide range of applications, from remote command-line login to remote command execution.

How We Use SSH at Planet Argon

Section titled “How We Use SSH at Planet Argon”

Here are a few ways we use SSH to manage and interact with the servers that host our clients’ applications.

  1. Remote Server Access: We often work with servers located in different geographical locations. We use SSH to securely connect to these servers and perform various tasks, such as modifying configurations or debugging issues.

  2. Code Deployment: We often use SSH to push updates from our local development environment to staging or production servers. This is typically done using tools like Capistrano that internally leverage SSH to execute commands on remote servers.

  3. Version Control Systems: SSH is also used to interact with version control systems like Git. We use SSH keys to authenticate to Git repositories, enabling secure push and pull operations.

  4. Secure Data Transfer: SSH also includes SFTP (SSH File Transfer Protocol) for secure data transfer, allowing our team to safely upload and download files to and from a server.

  5. Tunneling/Port Forwarding: SSH can be used to create secure tunnels to securely route traffic, which can be useful when testing certain services or when accessing databases remotely.

In general, SSH provides Planet Argon engineers with a secure means to perform server-based tasks necessary for deploying, managing, and maintaining our applications.

FAQs About SSH

Section titled “FAQs About SSH”
How do I generate a new SSH key?

The following command will create a public/private rsa keypair. Use your own email address and name the SSH files as you see fit.

$ ssh-keygen -t rsa -b 4096 -C "robby@planetargon.com" -f ~/.ssh/id_rsa-robby2019

You’ll be prompted to, optionally, set a passphrase. This would be something you’d want to store in your own 1Password vault. It’ll be needed everytime you want to load the key into your SSH agent.

What is ssh-agent?

ssh-agent is an authentication agent for SSH. It allows you to add and remove different SSH key pairs as you see fit.

How do I find out what SSH keypairs are currently loaded?

Run the following command to find out which SSH keypairs are currently loaded:

$ ssh-add -l

How do I load my SSH key into ssh-agent?

Run the following command to load your SSH key into ssh-agent:

$ ssh-add add ~/.ssh/id_rsa-robby2019

If you used a passphrase, you will be prompted for that now.

How do I keep my SSH key loaded into ssh-agent after a reboot?

You need to store the key in your keychain in order to have it persist in your ssh-agent after a reboot. To do so, run the following command:

$ ssh-add -K ~/.ssh/id_rsa-robby2019

If you used a passphrase, you will be prompted for that now.

How do I configure SSH to always use the keychain?

If you haven’t already, create an ~/.ssh/config file. In other words, in the .ssh directory in your home dir, make a file called config.

In that .ssh/config file, add the following lines:

Host *
  UseKeychain yes
  AddKeysToAgent yes
  IdentityFile ~/.ssh/id_rsa-robby2019
What is the difference between the private and public key files?

The private file is for YOUR EYES ONLY. You don’t want to give the contents of that file to anybody, although you might keep a copy of it in a private 1Password vault in case your laptop is stolen. The private key and public keys work together to verify that you are who you claim to be when you ask servers to grant you access for deployments and such.

The PUBLIC key (e.g., ~/.ssh/id_rsa-robby2019.pub) is something you can share with anyone. The contents of this file can be added to Github or Bitbucket for git pull/push privileges and to each of the servers you need to SSH into.

Where should I add my SSH public key so that we can install it on servers?

At the moment, we group our SSH keys into a single file that we can add to servers via this Github project: https://github.com/planetargon/pub_ssh_keys

As you can see, we have a collection of SSH public keys here: https://github.com/planetargon/pub_ssh_keys/blob/main/ssh_pub_keys

This project comes bundled with a Rake task that fetches the SSH public keys we’ve each added to our Github accounts so we don’t have to manually add them for each person.

How do I add my own SSH public keys to a server?

You can’t. If you don’t already have SSH access to a client server, you’re not likely going to be able to do this. Ask the project tech lead or another engineer on the project with access to add you.

How do I add someone else's SSH public key to a server?

Here is an example, using Nike’s staging01 server:

  1. Ask the engineer to provide you with their SSH public key file contents.
  2. Run the following command to access the server:

ssh deploy@staging01-news.nikedev.com.planetargon.us

  1. Access the authorized keys file:

vi ~/.ssh/authorized_keys

  1. Add their public key to the bottom of the file, then save and quit:

save + quit vi

  1. Finally, have them attempt to SSH into the server:

ssh deploy@staging01-news.nikedev.com.planetargon.us

You will need to repeat this for each server that we deploy for that particular client.

When would we use the ssh_pub_keys project?

We use the ssh_pub_keys project when we need to grant or revoke access for everyone in one big batch. In this case, we might entirely replace the contents of a server’s .ssh/authorized_keys file with the contents of the project file in Github.