# More Time with SSH

### Introduction

In the last few lessons, we performed a whirlwind tour of setting up an EC2 instance.  In this lesson, we'll spend a little bit more time with SSH.  SSH is used not just for AWS, but whenever we need to securely access another computer.

### Reviewing SSH

As we know, we use SSH to login to access an external computer.  SSH uses both a public key and a private key.  The public key is stored on the remote computer, and we store the private key on our computer.  This is what occurred when we create a new key pair.

<img src="./creating-pem-name.png" width="80%"/> 

The public key was automatically placed on our instance and the private key is downloaded to our computer and saved as the `.pem` file.

Then we logged into our instance with the following:

`ssh -i "ds-setup.pem" ec2-user@us-east-2.compute.amazonaws.com`

In other words, our `.pem` file contains the private key which allows us to access the target computer.

### Using a Config file

So above is one way to use ssh.  If we find ourselves repeatedly logging into the same machine, we can also make this login process a bit easier by settup up our `~/.ssh/config` file.  For example, where as previously we logged into a remote machine with:

`ssh -i "ds-setup.pem" ec2-user@ec2-3-17.us-east-2.compute.amazonaws.com`

We can structure our config file with the ip address, the user to login as, and the path to the corresponding file.

```bash
# ~/.ssh/config
Host production-server
  HostName ec2-3-17.us-east-2.compute.amazonaws.com
  User ec2-user
  IdentityFile ~/.ssh/ds_setup.pem
```

Then should make sure our `.pem` file is located in the `.ssh` folder.  And we can login with the following:

```bash
ssh production-server
```

Now if we only want to perform a single command on the remote server, we can do so by specifying `ssh` our host, and the bash command.  It occurs like so: 

`ssh production-server ls`

### Working with SCP 

Ok, now so far we've seen how to use ssh to directly login to a machine.  If we want to simply copy a file to our machine, we can do so with an scp to the machine.  That is, a secure copy.  

Now, with scp we can copy a file to our machine with the following:

```
scp production-server:/path/to/file ./local-filename
```

So first, we specify where we are copying the file to -- the machine and the path on the machine.  And the second argument is the file that we are copying over.  



### A Bit Deeper on Access

Now as we know, the source parameter of all zeros allows a computer from any ip address to access our computer.  We could also restrict this to just a specific ip address.  For example, what if we wanted to just allow access from our ip address.

Now we first view our `ip address` by typing `ipconfig getifaddr en0` into our terminal.

In [2]:
!ipconfig getifaddr en0

# 192.168.16.192

192.168.1.10


> This displays our connection to the network.

Finally add a `\32` to the end of the ip address.  This specifies that only this particular connection on the network can access the EC2 machine.

For example, `192.168.16.192\32`.

<img src="./ssh-ip-address-1.png" width="100%"/> 

If we were to append `\26` to the end of the ip address, this would allow anyone on the network to connect to the machine, which would be useful if say we would wanted to allow anyone in on a company network to have access.

Notice that if you place a `\0` at the end of any ip address, this automatically allow any ip address to access it, so AWS will switch your ip address to `0.0.0.0\0` if that `\0` is present. 

### Challenge

Change (or create) the `.ssh/config` so that we can ssh into our EC2 instance we setup in the Flask lab with `ssh flask_lab`.  Do not remove this setup or the .pem file -- we'll need it later.

### Summary

In this lesson, went a bit deeper into ssh.  We saw that ssh uses both a public and private -- the public key which is stored on the host and private key stored on our local computer.  We log in via ssh by specifying the file with our private key, the user, and the ip address of the host computer.

`ssh -i "ds-setup.pem" ec2-user@ec2-3-17.us-east-2.compute.amazonaws.com`

We also saw that we can specify these arguments in the `~/ssh/config` file.  
```bash
Host production-server
  HostName ec2-3-17.us-east-2.compute.amazonaws.com
  User ec2-user
  IdentityFile ~/.ssh/ds_setup.pem
```

Finally, we saw that we can use scp to copy files from our machine to the remote machine by specifying the remote machine and the target path, and the file we wish to copy over:

`scp production-server:/path/to/file ./local-filename`

### Resources

[Public Key cryptography](https://en.wikipedia.org/wiki/Public-key_cryptography)

[Thoughtbot SSH](https://thoughtbot.com/upcase/videos/intro-to-ssh)

[Thoughtbot Mastering the Shell](https://thoughtbot.com/upcase/mastering-the-shell)