Zettt · August 10, 2014 18:03
diff --git a/ssh.sh b/ssh.sh
 Copy your ssh public key to a server from a machine that doesn’t have ssh-copy-id
 #/bin/bash


 if [ -z "$2" ]
 then
       echo "Usage: $0 id_file hostname|ssh-nickname"
 else
       cat "$1" |ssh $2 'sh -c "cat - >>~/.ssh/authorized_keys"'
 fi
 #EOF




 Live ssh network throughput test
 yes | pv | ssh $host "cat > /dev/null"



 Resume scp of a big file
 rsync –partial –progress –rsh=ssh $file_source $user@$host:$destination_file



 Force SSH client to use password authentication instead of public key

 To test if you can connect to a host using password authentication and explicitly deny public key authentication:

 ssh -o PreferredAuthentications=keyboard-interactive -o PubkeyAuthentication=no user@host



 Record an SSH Session:
 ssh foo | tee -a ~/recording.log
 Logs the SSH session to foo into a local text file named recording.log



 25 SSH Tricks
 http://www.tomschaefer.org/web/wordpress/?p=1669


 --
 Build a local polipo proxy instance and an SSH reverse tunnel so you can have the remote machine use the local proxy to tunnel it's own firewall to the outside world.

 (Use case: apt-get update a machine behind an extremely restrictive firewall.)

 RemoteForward 8123 localhost:8123
 LocalCommand polipo 2>/dev/null &
 PermitLocalCommand yes
 --
 SSH over BackToMyMac
 http://webdiary.com/2011/12/27/btmm/

 Turn on Back to my Mac in  > System Preferences > iCloud > Back to my Mac

 find out your member number

 $ dns-sd -E
 Looking for recommended registration domains:DATE: ---Mon 25 Feb 2013---15:11:26.072  ...STARTING...Timestamp     Recommended Registration domain15:11:26.075  Added     (More)               local15:11:26.075  Added                icloud.com
                                            - > btmm
                                            - - > members
                                            - - - > 38248352

 38248352 is mine:

 Easier:

 This returns your BTMM domain.
 $ echo show Setup:/Network/BackToMyMac | scutil | sed -n 's/.* : *\(.*\).$/\1/p'
 38248352.members.btmm.icloud.com

 If you have spaces in your Computer Name then replace them with dashes, e.g. “My Mac” becomes the hostname my-mac.

 To test connectivity to your remote host use ping6, e.g.
 ping6 mymac.123456789.members.btmm.icloud.com

 To list all the SSH enabled hosts on your domain:
 dns-sd -B _ssh._tcp

 ssh -2 -6 username@computer-name.[account number].members.btmm.icloud.com

 utun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1380
       inet6 fe80::319d:70d9:51fd:d089%utun0 prefixlen 64 scopeid 0x9
       inet6 fd6a:6f91:1bb5:5751:319d:70d9:51fd:d089
 --


 CryptoParty
 2013/02/25 19:20

 daxim

 Paramter die anzusehen sind:
 ControlPersist

 Turn off Kerberos
 GSSAPIAuthentication no

 HostKeyAlias
 --
 Remote Commands

 ssh remotemachine nslookup server.example.com

 Output from a remote command is just like a local command.
 You can pipe it, count it, store it, sort it, etc.
 Trash it, upgrade it, fax, rename it.

 ssh remote@server -- cat /var/log/system.log | wc -l
 --------remote part------------------------------------- | ---local part again

 ---
 Interactive remote commands
 like top, vi


 ssh -t [email protected] 'top'
 Note the -t flag. That tells ssh that you’ll be interacting with remote shell. Without the -t flag top will return results after which ssh will log you out of the remote host immediately. With the -t flag, ssh keeps you logged in until you exit the interactive command. The -t flag can be used with most interactive commands, including text editors like pico and vi.

 --
 -o EscapeChar

 For example: EscapeChar ^j
 --

 SSH can do that blog posting
 http://blogs.perl.org/users/smylers/2011/08/ssh-productivity-tips.html

 Multiple Connections (Master connections)
 ControlMaster auto
 ControlPath /tmp/ssh_mux_%h_%p_%r

 An issue with connection sharing is that sometimes if the connection is abnormally terminated the ControlPath file doesn’t get deleted. Then when reconnecting OpenSSH spots the previous file, realizes that it isn’t current, so ignores it and makes a non-shared connection instead. A warning message like this is displayed:
 ControlSocket /tmp/ssh_mux_dev_22_smylers already exists, disabling multiplexing
 In such circumstances the only remedy I’ve found on seeing such a message is to exit the connection, rm the file, then connect again. Any tips for making this less tedious would be gratefully received.

 run ssh -O check remote-host. You get a message to standard error with the answer, which is also reflected in the process exit status in the obvious way. You can also do ssh -O exit remote-host, which is occasionally useful.








 Repeated Connections

 If you find yourself making multiple consecutive connections to the same server (you do something on a server, log out, and then a little later connect to it again) then enable persistent connections. This is simply one more line in your config (in addition to the two above for shared connections):
 ControlPersist 4h
 That will cause connections to hang around for 4 hours (or whatever time you specify) after you log out, ready to spring back into life if you request another connection to the same server during that time. Again, it really speeds up copying multiple files; a series of git push or scp commands doesn’t require authenticating with the server each time. ControlPersist requires OpenSSH 5.6 or newer.





 Hostname Aliases

 You can also define hostname aliases in your SSH config, though this can involve listing each hostname. For example:
 Host dev
 HostName dev.internal.example.com
 You can use wildcards to group similar hostnames, using %h in the fully qualified domain name:
 Host dev intranet backup
 HostName %h.internal.example.com

 Host www* mail
 HostName %h.example.com





 Resilient Connections

 It can be irritating if a network blip terminates your SSH connections. OpenSSH can be told to ignore short outages (though this also means it takes longer to notice permanent outages). The precise numbers to use are a matter of preference, but putting something like this in your SSH config seems to work quite well:
 TCPKeepAlive no
 ServerAliveInterval 60
 ServerAliveCountMax 10
 If the network disappears your connection will hang, but if it then re-appears with 10 minutes it will resume working.






 Restarting Connections

 AutoSSH can spot when connections have failed, and automatically restart them; it doesn’t do this if a connection has been closed by user request. The AutoSSH works as a drop-in replacement for ssh. This requires ServerAliveInterval and ServerAliveCountMax to be set in your SSH config, and (somewhat irritatingly) this environment variable in your shell config:
 export AUTOSSH_PORT=0




 Jumping Through Servers
 SSH 5.4 and up, older versions need netcat for this.
 Host db
 HostName db.internal.example.com
 ProxyCommand ssh gateway -W %h:%p



 Defeating Web Proxies
 Use Corkscrew
 http://www.agroman.net/corkscrew/
 ProxyCommand corkscrew proxy.example.com 8080 %h %p






 Gui Applications and Remote Windows
 Client: ForwardX11 yes
 sshd_config: X11Forwarding yes





 Avoiding Delays
 Skip trying Kerberos authentication, if you _really_ need it, you can turn it on on a per host basis.
 GSSAPIAuthentication no


 Speeding up connections
 If you are connecting to a server across a network which is already secure (such as your internal office network) then you can make data transfer faster by choosing the arcfour encryption algorithm:

 Host dev
 Ciphers arcfour

 --
 Security:
 ONLY activate AgentForwarding on _really_ trusted connections and on a per connection base. Always turn OFF AgentForwarding globally so you cannot accidentally leak your private key. (As this is what AgentForwarding actually does, it transfers your private key to the remote server. You actually never really want that.)
	Copy your ssh public key to a server from a machine that doesn’t have ssh-copy-id
	#/bin/bash


	if [ -z "$2" ]
	then
	echo "Usage: $0 id_file hostname\|ssh-nickname"
	else
	cat "$1" \|ssh $2 'sh -c "cat - >>~/.ssh/authorized_keys"'
	fi
	#EOF




	Live ssh network throughput test
	yes \| pv \| ssh $host "cat > /dev/null"



	Resume scp of a big file
	rsync –partial –progress –rsh=ssh $file_source $user@$host:$destination_file



	Force SSH client to use password authentication instead of public key

	To test if you can connect to a host using password authentication and explicitly deny public key authentication:

	ssh -o PreferredAuthentications=keyboard-interactive -o PubkeyAuthentication=no user@host



	Record an SSH Session:
	ssh foo \| tee -a ~/recording.log
	Logs the SSH session to foo into a local text file named recording.log



	25 SSH Tricks
	http://www.tomschaefer.org/web/wordpress/?p=1669


	--
	Build a local polipo proxy instance and an SSH reverse tunnel so you can have the remote machine use the local proxy to tunnel it's own firewall to the outside world.

	(Use case: apt-get update a machine behind an extremely restrictive firewall.)

	RemoteForward 8123 localhost:8123
	LocalCommand polipo 2>/dev/null &
	PermitLocalCommand yes
	--
	SSH over BackToMyMac
	http://webdiary.com/2011/12/27/btmm/

	Turn on Back to my Mac in  > System Preferences > iCloud > Back to my Mac

	find out your member number

	$ dns-sd -E
	Looking for recommended registration domains:DATE: ---Mon 25 Feb 2013---15:11:26.072 ...STARTING...Timestamp Recommended Registration domain15:11:26.075 Added (More) local15:11:26.075 Added icloud.com
	- > btmm
	- - > members
	- - - > 38248352

	38248352 is mine:

	Easier:

	This returns your BTMM domain.
	$ echo show Setup:/Network/BackToMyMac \| scutil \| sed -n 's/.* : \(.\).$/\1/p'
	38248352.members.btmm.icloud.com

	If you have spaces in your Computer Name then replace them with dashes, e.g. “My Mac” becomes the hostname my-mac.

	To test connectivity to your remote host use ping6, e.g.
	ping6 mymac.123456789.members.btmm.icloud.com

	To list all the SSH enabled hosts on your domain:
	dns-sd -B _ssh._tcp

	ssh -2 -6 username@computer-name.[account number].members.btmm.icloud.com

	utun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1380
	inet6 fe80::319d:70d9:51fd:d089%utun0 prefixlen 64 scopeid 0x9
	inet6 fd6a:6f91:1bb5:5751:319d:70d9:51fd:d089
	--


	CryptoParty
	2013/02/25 19:20

	daxim

	Paramter die anzusehen sind:
	ControlPersist

	Turn off Kerberos
	GSSAPIAuthentication no

	HostKeyAlias
	--
	Remote Commands

	ssh remotemachine nslookup server.example.com

	Output from a remote command is just like a local command.
	You can pipe it, count it, store it, sort it, etc.
	Trash it, upgrade it, fax, rename it.

	ssh remote@server -- cat /var/log/system.log \| wc -l
	--------remote part------------------------------------- \| ---local part again

	---
	Interactive remote commands
	like top, vi


	ssh -t [email protected] 'top'
	Note the -t flag. That tells ssh that you’ll be interacting with remote shell. Without the -t flag top will return results after which ssh will log you out of the remote host immediately. With the -t flag, ssh keeps you logged in until you exit the interactive command. The -t flag can be used with most interactive commands, including text editors like pico and vi.

	--
	-o EscapeChar

	For example: EscapeChar ^j
	--

	SSH can do that blog posting
	http://blogs.perl.org/users/smylers/2011/08/ssh-productivity-tips.html

	Multiple Connections (Master connections)
	ControlMaster auto
	ControlPath /tmp/ssh_mux_%h_%p_%r

	An issue with connection sharing is that sometimes if the connection is abnormally terminated the ControlPath file doesn’t get deleted. Then when reconnecting OpenSSH spots the previous file, realizes that it isn’t current, so ignores it and makes a non-shared connection instead. A warning message like this is displayed:
	ControlSocket /tmp/ssh_mux_dev_22_smylers already exists, disabling multiplexing
	In such circumstances the only remedy I’ve found on seeing such a message is to exit the connection, rm the file, then connect again. Any tips for making this less tedious would be gratefully received.

	run ssh -O check remote-host. You get a message to standard error with the answer, which is also reflected in the process exit status in the obvious way. You can also do ssh -O exit remote-host, which is occasionally useful.








	Repeated Connections

	If you find yourself making multiple consecutive connections to the same server (you do something on a server, log out, and then a little later connect to it again) then enable persistent connections. This is simply one more line in your config (in addition to the two above for shared connections):
	ControlPersist 4h
	That will cause connections to hang around for 4 hours (or whatever time you specify) after you log out, ready to spring back into life if you request another connection to the same server during that time. Again, it really speeds up copying multiple files; a series of git push or scp commands doesn’t require authenticating with the server each time. ControlPersist requires OpenSSH 5.6 or newer.





	Hostname Aliases

	You can also define hostname aliases in your SSH config, though this can involve listing each hostname. For example:
	Host dev
	HostName dev.internal.example.com
	You can use wildcards to group similar hostnames, using %h in the fully qualified domain name:
	Host dev intranet backup
	HostName %h.internal.example.com

	Host www* mail
	HostName %h.example.com





	Resilient Connections

	It can be irritating if a network blip terminates your SSH connections. OpenSSH can be told to ignore short outages (though this also means it takes longer to notice permanent outages). The precise numbers to use are a matter of preference, but putting something like this in your SSH config seems to work quite well:
	TCPKeepAlive no
	ServerAliveInterval 60
	ServerAliveCountMax 10
	If the network disappears your connection will hang, but if it then re-appears with 10 minutes it will resume working.






	Restarting Connections

	AutoSSH can spot when connections have failed, and automatically restart them; it doesn’t do this if a connection has been closed by user request. The AutoSSH works as a drop-in replacement for ssh. This requires ServerAliveInterval and ServerAliveCountMax to be set in your SSH config, and (somewhat irritatingly) this environment variable in your shell config:
	export AUTOSSH_PORT=0




	Jumping Through Servers
	SSH 5.4 and up, older versions need netcat for this.
	Host db
	HostName db.internal.example.com
	ProxyCommand ssh gateway -W %h:%p



	Defeating Web Proxies
	Use Corkscrew
	http://www.agroman.net/corkscrew/
	ProxyCommand corkscrew proxy.example.com 8080 %h %p






	Gui Applications and Remote Windows
	Client: ForwardX11 yes
	sshd_config: X11Forwarding yes





	Avoiding Delays
	Skip trying Kerberos authentication, if you _really_ need it, you can turn it on on a per host basis.
	GSSAPIAuthentication no


	Speeding up connections
	If you are connecting to a server across a network which is already secure (such as your internal office network) then you can make data transfer faster by choosing the arcfour encryption algorithm:

	Host dev
	Ciphers arcfour

	--
	Security:
	ONLY activate AgentForwarding on _really_ trusted connections and on a per connection base. Always turn OFF AgentForwarding globally so you cannot accidentally leak your private key. (As this is what AgentForwarding actually does, it transfers your private key to the remote server. You actually never really want that.)