ssh-copy-id [-i keyfile] [email protected]
|100% non-interactive SSH: What parameters to use to avoid any interaction.||
ssh -i my_priv_key -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o PreferredAuthentications=publickey [email protected] -n "/bin/ls"
|Using SSH Agent||
eval $(ssh-agent) # Start agent on demand ssh-add -l # List keys ssh-add # Add default key ssh-add ~/.ssh/id_rsa # Add specific key ssh-add -t 3600 ~/.ssh/id_rsa # Add with timeout ssh-add -D # Drop keys ssh -A ... # Enforce agent forwarding
ssh host1 -A -t host2 -A -t host3 ...
|How to use a SOCKS Proxy||On the client start proxy by
ssh -D <port> <remote host>
|Extract Public Key from Private Key||Use ssh-keygen
ssh-keygen -y -f ~/.ssh/id_rsa > ~/.ssh/id_rsa.pub
Read the authorized_keys HowTo to learn about syntax and options...
Per Host Keys
Host example.com IdentityFile ~/.ssh/example.com_id_rsa
Agent Forwarding explained with pictures! Configured in /etc/ssh_config with
Host * ForwardAgent yes
This is done using a "ControlMaster". This means the first SSH sessions connection will be used for all following ones saving you the connection overhead. Note: when you kill the first connection, all connections will die! Also the first connection won't terminate even if you request it to.
Create ~/.ssh/tmp before using below snippet
ControlMaster auto ControlPath /home/<user name>/.ssh/tmp/%h_%p_%r
If you are using such an SSH configuration and want a real new connection add "-S" to the ssh invocation.
This can be achieved using ProxyCommand:
Host unreachable_host ProxyCommand ssh gateway_host exec nc %h %p
Automatic Jump Host Proxying
Host <your jump host> ForwardAgent yes Hostname <your jump host> User <your user name on jump host> # Note the server list can have wild cards, e.g. "webserver-* database*" Host <server list> ForwardAgent yes User <your user name on all these hosts> ProxyCommand ssh -q <your jump host> nc -q0 %h 22
Automatic Port Knocking
Host myserver User myuser Host myserver.com ProxyCommand bash -c '/usr/bin/knock %h 1000 2000 3000 4000; sleep 1; exec /bin/nc %h %p'
Pseudo-terminal will not be allocated...
This happens when piping shell commands through SSH. Try adding "-T" or "-t -t" when doing sudo.
- SFTP chroot with umask: How to enforce a umask with SFTP
Subsystem sftp /usr/libexec/openssh/sftp-server -u 0002
- Parallel SSH on Debian
apt-get install psshand use it like this
pssh -h host_list.txt <command> pssh -i -t 60 -h host_list.txt -- <command> # 60s timeout, list output
- Clustered SSH on Debian
apt-get install clustersshand use it like this
cssh server1 server2
- Vim Remote File Editing:
vim scp:[email protected]//some/directory/file.txt
- MonkeySphere: Use GPG keys with SSH agent
monkeysphere subkey-to-ssh-agent -t 3600
apt-get install knockd iptables-persistent # Change sequence numbers in /etc/knockd.conf # Default is sequence = 7000,8000,9000 # set START_KNOCKD=1 in /etc/default/knockd service knockd start
Use from client
knock <server> <sequence>
knock example.com 7000 8000 9000
"Secret" Hot Keys
SSH Escape Key: Pressing "~?" (directly following a newline) gives a menu for escape sequences:
Supported escape sequences: ~. - terminate connection (and any multiplexed sessions) ~B - send a BREAK to the remote system ~C - open a command line ~R - Request rekey (SSH protocol 2 only) ~^Z - suspend ssh ~# - list forwarded connections ~& - background ssh (when waiting for connections to terminate) ~? - this message ~~ - send the escape character by typing it twice (Note that escapes are only recognized immediately after newline.)
To mount a remote home dir
sshfs [email protected]: /mnt/home/user/
Unmount again with
fuserumount -u /mnt/home/user