Notes‎ > ‎

SSH

Create a public/private key
$ ssh-keygen -t dsa|rsa

SSH logins are slow because ssh clients are attempting to to use GSSAPIAuthentication when the server doesn't support it
# vi /etc/ssh/ssh_config
-GSSAPIAuthentication yes
+#GSSAPIAuthentication yes

Temporarily ignore known SSH hosts
$ ssh -o UserKnownHostsFile=/dev/null root@192.168.1.1

Tunneling ssh X over multiple ssh hosts (through ssh proxy)
$ ssh -t -X -A user@sshproxy ssh -X -A user@sshhost

Change user within ssh session retaining the current MIT cookie for X-forwading
$ su username -c "xauth add ${HOSTNAME}/unix:${DISPLAY//[a-zA-Z:_-]/} $(xauth list | grep -o '[a-zA-Z0-9_-]*\ *[0-9a-zA-Z]*$'); bash"
When you remotely log in like "ssh -X userA:host" and become a different user with "su UserB",
X-forwarding will not work anymore since /home/UserB/.Xauthority does not exist.

This will use UserA's information stored in .Xauthority for UserB to enable X-forwarding.
Copy your ssh public key to a server from a machine that doesn't have ssh-copy-id
$ cat ~/.ssh/id_rsa.pub | ssh user@machine "mkdir ~/.ssh; cat >> ~/.ssh/authorized_keys"

Create a tunnel from localhost:2001 to somemachine:80
$ ssh -N -L 2001:localhost:80 somemachine
This one-liner creates a tunnel from your computer’s port 2001 to somemachine’s port 80. 
Each time you connect to port 2001 on your machine, your connection gets tunneled to somemachine:80.

The -L option can be summarized as -L port:host:hostport. Whenever a connection is made to 
localhost:port, the connection is forwarded over the secure channel, and a connection is made 
to host:hostport from the remote machine.
The -N option makes sure you don’t run shell as you connect to somemachine.

To make things more concrete, here is another example:

$ ssh -f -N -L 2001:www.google.com:80 somemachine
This one-liner creates a tunnel from your computer’s port 2001 to www.google.com:80 via somemachine. 
Each time you connect to localhost:2001, ssh tunnels your request via somemachine, where it tries to open
a connection to www.google.com.
 
Notice the additional -f flag - it makes ssh daemonize (go into background) so it didn’t consume a terminal.

Unfreeze a hung shell
press [enter] then ~.

Escape characters list
 ~. Disconnect.
~^Z Background ssh.
~# List forwarded connections.
~& Background ssh at logout when waiting for forwarded connection / X11 sessions to terminate.
~? Display a list of escape characters.
~B Send a BREAK to the remote system (only useful for SSH protocol version 2 and if the peer supports it).
~C Open command line. Currently this allows the addition of port forwardings using the -L, -R and -D options (see above). It also allows the cancellation of existing remote port-forwardings using -KR[bind_address:]port.
!command allows the user to execute a local command if the PermitLocalCommand option is enabled in ssh_config(5). Basic help is available, using the -h option.
~R Request rekeying of the connection (only useful for SSH protocol version 2 and if the peer supports it).
Comments