Newer versions of OpenSSH have deprecated small key sizes for security reasons. We still have some older equipment that uses these types of keys that we need to access. You can work around this with:

ssh -o RSAMinSize=1024 user@domain.com

Normally I use SSH keys (with a password) to login to remote machines. Today I needed to force SSH to use a password to verify a change. Here is the command:

ssh -o PubkeyAuthentication=no user@server.domain.com

Fedora and CentOS automatically regenerate SSH host keys on bootup if the key files are missing. This makes it easy to trigger regeneration as you simply remove the keys, and reboot the server. Other distributions are not quite as forgiving and require manual intervention. These are the steps I've used on Debian to get updated host keys.

rm /etc/ssh/ssh_host_*
ssh-keygen -f /etc/ssh/ssh_host_rsa_key     -N '' -q -t rsa
ssh-keygen -f /etc/ssh/ssh_host_ecdsa_key   -N '' -q -t ecdsa
ssh-keygen -f /etc/ssh/ssh_host_ed25519_key -N '' -q -t ed25519

ls /etc/ssh/*key* -lsh

systemctl restart sshd

We have some older Cisco equipment that runs SSH with some untrusted ciphers. Specifically the key exchange is still using SHA1, which modern Linux distributions have deprecated. You may see something like this:

Unable to negotiate with 234.234.234.234 port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1

You can work around this by putting this in your ~/.ssh/config

Host 234.234.234.234
    KexAlgorithms +diffie-hellman-group1-sha1

Borrowed from StackExchange.

I need to transfer several 10+ gigabyte files between two internal Linux hosts. The easiest way is to use either the scp or sftp. This will encrypt the transfer which can slow things down. There are several ciphers available that you can use to speed things up. Using modern OSs (Fedora 27, CentOS 7, FreeNAS 11) I wanted to find the best cipher to standardize on. The fastest cipher supported by all of my operating systems is aes128-gcm@openssh.com.

You can use aes128-gcm@openssh.com with scp and sftp like this:

scp -c aes128-gcm@openssh.com user@domain.com
sftp -c aes128-gcm@openssh.com user@domain.com

To use an alternate cipher with rsync use this command:

rsync -avP --rsh="ssh -c aes128-gcm@openssh.com" /source/dir user@domain.com:/destination/dir

Honorable mention goes to aes128-ctr as the second place contender. If for whatever reason aes128-gcm@openssh.com isn't available it would make a good alternate choice.

SSH is great for scripting file transfers between two trusted hosts when you're using SSH keys. If you are using SSH keys to automate SSH commands you will want to make sure your SSH commands are using BatchMode. With BatchMode enabled, the SSH connection will fail immediately if the key is rejected, instead of failing back to a password prompt. This will prevent your scripts from "hanging" while it waits for you to type a password.

ssh -o BatchMode=true user@domain.com
scp -q -o BatchMode=true user@domain.com:/tmp/