SSH

Create a public/private key

$ ssh-keygen -t dsa|rsa

SSH logins are slow because ssh clients are attempting to to use GSSAPIAuthentication when the server doesn't support it

# vi /etc/ssh/ssh_config

-GSSAPIAuthentication yes

+#GSSAPIAuthentication yes

Temporarily ignore known SSH hosts

$ ssh -o UserKnownHostsFile=/dev/null root@192.168.1.1

Tunneling ssh X over multiple ssh hosts (through ssh proxy)

$ ssh -t -X -A user@sshproxy ssh -X -A user@sshhost

Change user within ssh session retaining the current MIT cookie for X-forwading

$ su username -c "xauth add ${HOSTNAME}/unix:${DISPLAY//[a-zA-Z:_-]/} $(xauth list | grep -o '[a-zA-Z0-9_-]*\ *[0-9a-zA-Z]*$'); bash"

When you remotely log in like "ssh -X userA:host" and become a different user with "su UserB", X-forwarding will not work anymore since /home/UserB/.Xauthority does not exist.  This will use UserA's information stored in .Xauthority for UserB to enable X-forwarding.

Copy your ssh public key to a server from a machine that doesn't have ssh-copy-id

$ cat ~/.ssh/id_rsa.pub | ssh user@machine "mkdir ~/.ssh; cat >> ~/.ssh/authorized_keys"

Create a tunnel from localhost:2001 to somemachine:80

$ ssh -N -L 2001:localhost:80 somemachine

This one-liner creates a tunnel from your computer’s port 2001 to somemachine’s port 80.  Each time you connect to port 2001 on your machine, your connection gets tunneled to somemachine:80.  The -L option can be summarized as -L port:host:hostport. Whenever a connection is made to  localhost:port, the connection is forwarded over the secure channel, and a connection is made  to host:hostport from the remote machine. The -N option makes sure you don’t run shell as you connect to somemachine.  To make things more concrete, here is another example:  $ ssh -f -N -L 2001:www.google.com:80 somemachine This one-liner creates a tunnel from your computer’s port 2001 to www.google.com:80 via somemachine.  Each time you connect to localhost:2001, ssh tunnels your request via somemachine, where it tries to open a connection to www.google.com.  

Notice the additional -f flag - it makes ssh daemonize (go into background) so it didn’t consume a terminal.

$ ssh <remote_host> -NfL <local_port>:localhost:<remote_port>

Unfreeze a hung shell

press [enter] then ~.

Escape characters list

~. Disconnect.

~^Z Background ssh.

~# List forwarded connections.

~& Background ssh at logout when waiting for forwarded connection / X11 sessions to terminate.

~? Display a list of escape characters.

~B Send a BREAK to the remote system (only useful for SSH protocol version 2 and if the peer supports it).

~C Open command line. Currently this allows the addition of port forwardings using the -L, -R and -D options (see above). It also allows the cancellation of existing remote port-forwardings using -KR[bind_address:]port.

!command allows the user to execute a local command if the PermitLocalCommand option is enabled in ssh_config(5). Basic help is available, using the -h option.

~R Request rekeying of the connection (only useful for SSH protocol version 2 and if the peer supports it).