SSH
General
ssh user@host ssh user@host -p 123 # specify alternate port
- O'Reilly's SSH, The Secure Shell: The Definitive Guide: 1.5. History of SSH
- http://blog.hyfather.com/blog/2013/04/18/ssh-uses-four-tcp-segments-for-each-character/
Server and client
The OpenSSH suite consists of the following tools:
- Remote operations are done using ssh, scp, and sftp.
- Key management with ssh-add, ssh-keysign, ssh-keyscan, and ssh-keygen.
- The service side consists of sshd, sftp-server, and ssh-agent.
- Dropbear is a relatively small SSH server and client. It runs on a variety of POSIX-based platforms. Dropbear is open source software, distributed under a MIT-style license. Dropbear is particularly useful for "embedded"-type Linux (or other Unix) systems, such as wireless routers.
Client
Management
storm
- storm is a command line tool to manage your ssh connections. features; adding, editing, deleting, listing, searching across your SSHConfig. command alias support for your CLI preferences. support for custom SSH directives. scriptable as a python library.
user interfaces besides cli. (web ui, wxpython, unity(ubuntu) indicator.) [4]
multissh
- multissh - A really short but useful shellscript for connecting to all nodes of a cluster using ssh (also thru gateways and trapdoors) and sending commands to all nodes in parallel. It's using DCOP to remote-control a konsole process with the ssh connections in seperate tabs.
Keys
Default file name format;
~/.ssh/id_rsa and ~/.ssh/id_rsa.pub RSA key
~/.ssh/identity and ~/.ssh/identity.pub DSA key (old)
Creating
ssh-keygen create a key. rsa is default.
Distributing
ssh-copy-id [-i [identity_file]] [user@]remote ssh-copy-id username@remote-server.org
ssh-copy-id 'user@remote-server.org -p 8129' ssh-copy-id -i ~/.ssh/id_ecdsa.pub '-p 221 username@remote-server.org'
Multiple keys
ssh -i ~/.ssh/id_rsa_example.org
Config
~/.ssh/config
Host example.org IdentityFile ~/.ssh/id_rsa_example.org
- sshit - A quick way to manage .ssh/config
to sort
- SSH Can Do That? Productivity Tips for Working with Remote Servers
- Tips for Remote Unix Work (SSH, screen, and VNC) [6]
- http://blog.hypergeometric.com/2012/02/22/ssh-dos-and-donts/
- http://www.cyberciti.biz/tips/linux-unix-bsd-openssh-server-best-practices.html
- http://opensourcehacker.com/2012/10/24/ssh-key-and-passwordless-login-basics-for-developers/
- http://vimeo.com/54505525
- HOWTO: set up ssh keys
- Using Rsync and SSH - Keys, Validating, and Automation
- http://www.karan.org/blog/index.php/2009/08/25/multiple-ssh-private-keys
SSH agents
- Envoy helps you to manage ssh keys in similar fashion to keychain, but done in c, takes advantage of cgroups and systemd.
randomart
VisualHostKey=yes
SCP
scp -P [port] file.txt user@remotehose:~/file.txt
When scp on remote is initiated, it done so with -t flag, which is undocumented but might be required for precise command persmission configuration.
SSHFS
sshfs user@address:/home/user/dir dirtomountto -p [port] mount fusermount -u dirtomountto unmount
if
fuse: failed to open /dev/fuse: Permission denied
do
usermod -G fuse [username]
and relogin
Security
fail2ban
sshguard
Honeypot
X11 forwarding
See GUI#X_Forwarding
Web forwarding
Tools
To sort
- https://wiki.archlinux.org/index.php/Shfs - older Linux kernel module which allows you to mount remote filesystems using a plain shell (ssh) connection