====== SSH ======

==== Converting SSH2 Keys ====

From ssh2 to openssh
<code bash>
ssh-keygen -i -f id_dsa.pub > id_dsa_open.pub
</code>

From OpenSSH to ssh2
<code bash>
ssh-keygen -e -f id_dsa.pub > id_dsa_ssh2.pub
</code>

==== SCP Speed UP ====

To increase speed on transfer you can force cipher to arcfour.\\
You can use same mechanism with rsync when you use ssh encapsulation. \\
<code bash>
scp -c arcfour <source> <destination>
</code>

<code bash>
rsync -av -e "ssh -c arcfour -l <username>" <Source> <Destination>
</code>

<html>
<span style="color:red">NOTE:</span> THis reduce your security though
</html>


==== SSH Tunnels ====

=== Forward Tunnel ===
It is used when you want to forward local port to remote port over SSH.
<code bash>
ssh -f -N -L 5445:localhost:5432 root@<machine>
</code>

=== Reverse Tunnel ===
It is used when you want to forward Remote Port to Local Port.\\
Usually used to allow access other way around.

<code bash>
ssh -f -N -R 5445:localhost:5432 root@<machine>
</code>

==== SSH Agent automation ====

Undefine existing value and define new value in session.\\
This also keep the value same since nothing is changing.

<code bash | .screenrc>
    unsetenv SSH_AUTH_SOCK
    setenv SSH_AUTH_SOCK $HOME/.screen/ssh-auth-sock.$USERNAME
</code>
    
Each call of screen command will overwrite the existing symlink.

<code bash | .bashrc>
    _ssh_auth_save() {
            ln -sf "$SSH_AUTH_SOCK" "$HOME/.screen/ssh-auth-sock.$USERNAME"
    }
    alias screen='_ssh_auth_save ; screen'
</code>

Now add key to your session with "ssh-add".\\
That should do it.


==== Tips & Tricks ====

== Show fingerprint of key ==
<note important>You can use -v to print random ASCII Image</note>

<code bash>
# Using -E can specify MD5 has which mostly require to compare
ssh-keygen -lf .ssh/OLD/id_rsa.pub.old
</code>
OR
<code bash>
ssh-keygen -l -F ip.k2patel.in
</code>

It will print for all public key in single file if there is multiple key in it.\\
Also, it is usefull in identifying MITM Attack by comparing against your known host.\\

== Print fingerprint on login ==
You can enabled printing of server key by setting following variable.\\
<note tip>you can setup on any of following file /etc/ssh/ssh_config OR .ssh/config</note>
<code bash>
VisualHostKey yes
</code>

== Run Command from file Remotely ==
Place all your command in xyz file. And run as follows
<code bash>
ssh -l k2patel nice.k2patel.in "`cat xzy`"
</code>

== Comment on public key ==
You can control comment on public key during generation using following command.

<code bash>
ssh-keygen -t rsa -C "k2patel rsync to remote server xyz" -f .ssh/remote_xyz
</code>

== Temporarily disable ssh key forwarding ==
This will disable key forwarding, while login with the key.
<code bash>
ssh yahoo.com -i .ssh/id_ed25519 -o IdentitiesOnly=yes -F /dev/null -l ketan
</code>