====== SSH ======
==== Converting SSH2 Keys ====
From ssh2 to openssh
ssh-keygen -i -f id_dsa.pub > id_dsa_open.pub
From OpenSSH to ssh2
ssh-keygen -e -f id_dsa.pub > id_dsa_ssh2.pub
==== SCP Speed UP ====
To increase speed on transfer you can force cipher to arcfour.\\
You can use same mechanism with rsync when you use ssh encapsulation. \\
scp -c arcfour
rsync -av -e "ssh -c arcfour -l " NOTE: THis reduce your security though
==== SSH Tunnels ====
=== Forward Tunnel ===
It is used when you want to forward local port to remote port over SSH.
ssh -f -N -L 5445:localhost:5432 root@
=== Reverse Tunnel ===
It is used when you want to forward Remote Port to Local Port.\\
Usually used to allow access other way around.
ssh -f -N -R 5445:localhost:5432 root@
==== SSH Agent automation ====
Undefine existing value and define new value in session.\\
This also keep the value same since nothing is changing.
unsetenv SSH_AUTH_SOCK
setenv SSH_AUTH_SOCK $HOME/.screen/ssh-auth-sock.$USERNAME
Each call of screen command will overwrite the existing symlink.
_ssh_auth_save() {
ln -sf "$SSH_AUTH_SOCK" "$HOME/.screen/ssh-auth-sock.$USERNAME"
}
alias screen='_ssh_auth_save ; screen'
Now add key to your session with "ssh-add".\\
That should do it.
==== Tips & Tricks ====
== Show fingerprint of key ==
You can use -v to print random ASCII Image
# Using -E can specify MD5 has which mostly require to compare
ssh-keygen -lf .ssh/OLD/id_rsa.pub.old
OR
ssh-keygen -l -F ip.k2patel.in
It will print for all public key in single file if there is multiple key in it.\\
Also, it is usefull in identifying MITM Attack by comparing against your known host.\\
== Print fingerprint on login ==
You can enabled printing of server key by setting following variable.\\
you can setup on any of following file /etc/ssh/ssh_config OR .ssh/config
VisualHostKey yes
== Run Command from file Remotely ==
Place all your command in xyz file. And run as follows
ssh -l k2patel nice.k2patel.in "`cat xzy`"
== Comment on public key ==
You can control comment on public key during generation using following command.
ssh-keygen -t rsa -C "k2patel rsync to remote server xyz" -f .ssh/remote_xyz
== Temporarily disable ssh key forwarding ==
This will disable key forwarding, while login with the key.
ssh yahoo.com -i .ssh/id_ed25519 -o IdentitiesOnly=yes -F /dev/null -l ketan