mdemare · February 24, 2011 12:13
diff --git a/SSH Tips b/SSH Tips
 1) COPY SSH KEYS TO USER@HOST TO ENABLE PASSWORD-LESS SSH LOGINS. (NOT ON MAC)

 ssh-copy-id user@host

 To generate the keys use the command ssh-keygen

 2) START A TUNNEL FROM SOME MACHINE’S PORT 80 TO YOUR LOCAL POST 2001

 ssh -N -L2001:localhost:80 somemachine

 Now you can acces the website by going to http://localhost:2001/

 3) MOUNT FOLDER/FILESYSTEM THROUGH SSH

 sshfs name@server:/path/to/folder /path/to/mount/point

 Install SSHFS from http://fuse.sourceforge.net/sshfs.html
 Will allow you to mount a folder security over a network.

 4) SSH CONNECTION THROUGH HOST IN THE MIDDLE

 ssh -t reachable_host ssh unreachable_host

 Unreachable_host is unavailable from local network, but it’s available from reachable_host’s network. This command creates a connection to unreachable_host through “hidden” connection to reachable_host.

 5) COPY FROM HOST1 TO HOST2, THROUGH YOUR HOST

 ssh root@host1 “cd /somedir/tocopy/ && tar -cf – .” | ssh root@host2 “cd /samedir/tocopyto/ && tar -xf -”
 Good if only you have access to host1 and host2, but they have no access to your host (so ncat won’t work) and they have no direct access to each other.


 6) CREATE A PERSISTENT CONNECTION TO A MACHINE

 ssh -MNf <user>@<host>

 Create a persistent SSH connection to the host in the background. Combine this with settings in your ~/.ssh/config:
 Host host
 ControlPath ~/.ssh/master-%r@%h:%p
 ControlMaster no
 All the SSH connections to the machine will then go through the persisten SSH socket. This is very useful if you are using SSH to synchronize files (using rsync/sftp/cvs/svn) on a regular basis because it won’t create a new socket each time to open an ssh connection.

 7) ATTACH SCREEN OVER SSH

 ssh -t remote_host screen -r

 Directly attach a remote screen session (saves a useless parent bash process)

 8) RUN COMPLEX REMOTE SHELL CMDS OVER SSH, WITHOUT ESCAPING QUOTES

 ssh host -l user $(<cmd.txt)

 Much simpler method. More portable version: ssh host -l user “`cat cmd.txt`”

 9) COPY YOUR SSH PUBLIC KEY TO A SERVER FROM A MACHINE THAT DOESN’T HAVE SSH-COPY-ID

 cat ~/.ssh/id_rsa.pub | ssh user@machine “mkdir ~/.ssh; cat >> ~/.ssh/authorized_keys”

 If you use Mac OS X or some other *nix variant that doesn’t come with ssh-copy-id, this one-liner will allow you to add your public key to a remote machine so you can subsequently ssh to that machine without a password.

 10) HOW TO ESTABLISH A REMOTE GNU SCREEN SESSION THAT YOU CAN RE-CONNECT TO

 ssh -t [email protected] /usr/bin/screen -xRR

 Long before tabbed terminals existed, people have been using Gnu screen to open many shells in a single text terminal. Combined with ssh, it gives you the ability to have many open shells with a single remote connection using the above options. If you detach with “Ctrl-a d” or if the ssh session is accidentally terminated, all processes running in your remote shells remain undisturbed, ready for you to reconnect. Other useful screen commands are “Ctrl-a c” (open new shell) and “Ctrl-a a” (alternate between shells). Read this quick reference for more screen commands: http://aperiodic.net/screen/quick_reference

 11) HARDER, FASTER, STRONGER SSH CLIENTS

 ssh -4 -C -c blowfish-cbc

 We force IPv4, compress the stream, specify the cypher stream to be Blowfish. I suppose you could use aes256-ctr as well for cypher spec. I’m of course leaving out things like master control sessions and such as that may not be available on your shell although that would speed things up as well.

 12) TRANSFER SSH PUBLIC KEY TO ANOTHER MACHINE IN ONE STEP

 ssh-keygen; ssh-copy-id user@host; ssh user@host

 This command sequence allows simple setup of (gasp!) password-less SSH logins. Be careful, as if you already have an SSH keypair in your ~/.ssh directory on the local machine, there is a possibility ssh-keygen may overwrite them. ssh-copy-id copies the public key to the remote host and appends it to the remote account’s ~/.ssh/authorized_keys file. When trying ssh, if you used no passphrase for your key, the remote shell appears soon after invoking ssh user@host.
	1) COPY SSH KEYS TO USER@HOST TO ENABLE PASSWORD-LESS SSH LOGINS. (NOT ON MAC)

	ssh-copy-id user@host

	To generate the keys use the command ssh-keygen

	2) START A TUNNEL FROM SOME MACHINE’S PORT 80 TO YOUR LOCAL POST 2001

	ssh -N -L2001:localhost:80 somemachine

	Now you can acces the website by going to http://localhost:2001/

	3) MOUNT FOLDER/FILESYSTEM THROUGH SSH

	sshfs name@server:/path/to/folder /path/to/mount/point

	Install SSHFS from http://fuse.sourceforge.net/sshfs.html
	Will allow you to mount a folder security over a network.

	4) SSH CONNECTION THROUGH HOST IN THE MIDDLE

	ssh -t reachable_host ssh unreachable_host

	Unreachable_host is unavailable from local network, but it’s available from reachable_host’s network. This command creates a connection to unreachable_host through “hidden” connection to reachable_host.

	5) COPY FROM HOST1 TO HOST2, THROUGH YOUR HOST

	ssh root@host1 “cd /somedir/tocopy/ && tar -cf – .” \| ssh root@host2 “cd /samedir/tocopyto/ && tar -xf -”
	Good if only you have access to host1 and host2, but they have no access to your host (so ncat won’t work) and they have no direct access to each other.


	6) CREATE A PERSISTENT CONNECTION TO A MACHINE

	ssh -MNf <user>@<host>

	Create a persistent SSH connection to the host in the background. Combine this with settings in your ~/.ssh/config:
	Host host
	ControlPath ~/.ssh/master-%r@%h:%p
	ControlMaster no
	All the SSH connections to the machine will then go through the persisten SSH socket. This is very useful if you are using SSH to synchronize files (using rsync/sftp/cvs/svn) on a regular basis because it won’t create a new socket each time to open an ssh connection.

	7) ATTACH SCREEN OVER SSH

	ssh -t remote_host screen -r

	Directly attach a remote screen session (saves a useless parent bash process)

	8) RUN COMPLEX REMOTE SHELL CMDS OVER SSH, WITHOUT ESCAPING QUOTES

	ssh host -l user $(<cmd.txt)

	Much simpler method. More portable version: ssh host -l user “`cat cmd.txt`”

	9) COPY YOUR SSH PUBLIC KEY TO A SERVER FROM A MACHINE THAT DOESN’T HAVE SSH-COPY-ID

	cat ~/.ssh/id_rsa.pub \| ssh user@machine “mkdir ~/.ssh; cat >> ~/.ssh/authorized_keys”

	If you use Mac OS X or some other *nix variant that doesn’t come with ssh-copy-id, this one-liner will allow you to add your public key to a remote machine so you can subsequently ssh to that machine without a password.

	10) HOW TO ESTABLISH A REMOTE GNU SCREEN SESSION THAT YOU CAN RE-CONNECT TO

	ssh -t [email protected] /usr/bin/screen -xRR

	Long before tabbed terminals existed, people have been using Gnu screen to open many shells in a single text terminal. Combined with ssh, it gives you the ability to have many open shells with a single remote connection using the above options. If you detach with “Ctrl-a d” or if the ssh session is accidentally terminated, all processes running in your remote shells remain undisturbed, ready for you to reconnect. Other useful screen commands are “Ctrl-a c” (open new shell) and “Ctrl-a a” (alternate between shells). Read this quick reference for more screen commands: http://aperiodic.net/screen/quick_reference

	11) HARDER, FASTER, STRONGER SSH CLIENTS

	ssh -4 -C -c blowfish-cbc

	We force IPv4, compress the stream, specify the cypher stream to be Blowfish. I suppose you could use aes256-ctr as well for cypher spec. I’m of course leaving out things like master control sessions and such as that may not be available on your shell although that would speed things up as well.

	12) TRANSFER SSH PUBLIC KEY TO ANOTHER MACHINE IN ONE STEP

	ssh-keygen; ssh-copy-id user@host; ssh user@host

	This command sequence allows simple setup of (gasp!) password-less SSH logins. Be careful, as if you already have an SSH keypair in your ~/.ssh directory on the local machine, there is a possibility ssh-keygen may overwrite them. ssh-copy-id copies the public key to the remote host and appends it to the remote account’s ~/.ssh/authorized_keys file. When trying ssh, if you used no passphrase for your key, the remote shell appears soon after invoking ssh user@host.