I use SSH as a powerful tool that it deserves its own gist.
Create a dynamic port:
ssh -fNCq -D 8123 -p 22 [email protected]
- f: Forks the process to the background
- C: Compresses
- q: quiet mode
- N: Tells SSH that no command will be sent once the tunnel is up
- D: create a SOCKS tunnel
- p: is the port number on the remote side, which anyways defaults to 22
Sometimes I like to use the acronym fvNqCD like "Fun QCD", QCD being quantum chromodynamics.
After running this, SSH will exit and creates a tunnel. Now you can use this tunnel, i.e. localhost using the above defined port 8123 in the SOCKS section of Firefox under Preferences --> Advanced --> Network --> Setting --> SOCKS host. You should also add no proxy for localhost, 127.0.0.1. An alternative to permanent setting is using a Proxy Toggler like add on like this one. Just enter localhost and port, leave the credentials empty. You can also use the remote DNS.
You can check your IP using one of these sites:
In order to use the tunnel, you can open Firefox preference window and search for SOCKS5. Then you can put there "localhost" as server and the chosen port as port, in the "SOCKS5" section. There are also some add ons that help switching faster.
After you finish you can close the tunnel by:
ps ax | grep ssh
kill -9 PID
ssh -t username_on_intermediate@intermediate_machine ssh username_on_target@target_machine
Assuming you (A) have access to a target machine C over a proxy B and want to scp a file this way A->B->C or the other way C->B->A:
ssh -fNML 4567:target.machine:22 [email protected]
- f: Forks the process to the background
- N: Tells SSH that no command will be sent once the tunnel is up
- M: put ssh in master mode
- L: local port
Then:
scp -P 4567 thefile username_on_target@localhost:~
after you finish you can close the tunnel by:
ps ax | grep ssh
kill -9 PID
tar cvzf - /wwwdata | ssh user@server "dd of=/backup/wwwdata.tar.gz"
tar zcvf - /wwwdata | ssh user@server "cat > /backup/wwwdata.tar.gz"
ssh [email protected] "cat /backup/wwwdata.tar.gz" | tar zxvf -
Start a SSH tunnel session with GNU Screen:
ssh -t user@server screen -D -R
or on a Raspberry Pi:
ssh -t [email protected] "TERM=xterm /opt/bin/screen" -D -R
Some commands:
- ^A ^W - window list, where am I
- ^A ^C - create new window
- ^A space - next window
- ^A p - previous window
- ^A ^A - switch to previous screen (toggle)
- ^A [0-9] - go to window [0-9]
- ^A ^K - kill a window (better to use ctrl-D or exit)
- ^A ? - show the help screen!
- ^A a - is like a normal ^A in standard shell meaning beginning of the line
- ^A d - detach
- ^A esc - copy mode, which I use for scroll back
- ^Q and ^A ^Q to try to unlock it.
In order for screen to read the .profile on the target system, add to .screenrc of the target system:
shell -$SHELL
a@A:~> ssh-keygen -t rsa
a@A:~> ssh b@B mkdir -p .ssh
a@A:~> cat .ssh/id_rsa.pub | ssh b@B 'cat >> .ssh/authorized_keys'
a@A:~> ssh b@B hostname
B
public and private:
ssh-keygen -t dsa
The generated key will be in '.ssh/id_dsa.pub' to change an existing password:
ssh-keygen -f ./id_dsa -p
Create:
openssl req -new -x509 -keyout server.pem -out server.pem -days 365 -nodes
Info:
openssl x509 -in CERT.pem -noout -text
Fingerprint:
openssl x509 -in CERT.pem -noout -sha256 -fingerprint
change
UseDNS no
in /etc/ssh/sshd_config