Table of Contents
SSH
Converting SSH2 Keys
From ssh2 to openssh
ssh-keygen -i -f id_dsa.pub > id_dsa_open.pub
From OpenSSH to ssh2
ssh-keygen -e -f id_dsa.pub > id_dsa_ssh2.pub
SCP Speed UP
To increase speed on transfer you can force cipher to arcfour.
You can use same mechanism with rsync when you use ssh encapsulation.
scp -c arcfour <source> <destination>
rsync -av -e "ssh -c arcfour -l <username>" <Source> <Destination>
<span style="color:red">NOTE:</span> THis reduce your security though
SSH Tunnels
Forward Tunnel
It is used when you want to forward local port to remote port over SSH.
ssh -f -N -L 5445:localhost:5432 root@<machine>
Reverse Tunnel
It is used when you want to forward Remote Port to Local Port.
Usually used to allow access other way around.
ssh -f -N -R 5445:localhost:5432 root@<machine>
SSH Agent automation
Undefine existing value and define new value in session.
This also keep the value same since nothing is changing.
- | .screenrc
unsetenv SSH_AUTH_SOCK setenv SSH_AUTH_SOCK $HOME/.screen/ssh-auth-sock.$USERNAME
Each call of screen command will overwrite the existing symlink.
- | .bashrc
_ssh_auth_save() { ln -sf "$SSH_AUTH_SOCK" "$HOME/.screen/ssh-auth-sock.$USERNAME" } alias screen='_ssh_auth_save ; screen'
Now add key to your session with “ssh-add”.
That should do it.
Tips & Tricks
Show fingerprint of key
<note important>You can use -v to print random ASCII Image</note>
# Using -E can specify MD5 has which mostly require to compare ssh-keygen -lf .ssh/OLD/id_rsa.pub.old
OR
ssh-keygen -l -F ip.k2patel.in
It will print for all public key in single file if there is multiple key in it.
Also, it is usefull in identifying MITM Attack by comparing against your known host.
Print fingerprint on login
You can enabled printing of server key by setting following variable.
<note tip>you can setup on any of following file /etc/ssh/ssh_config OR .ssh/config</note>
VisualHostKey yes
Run Command from file Remotely
Place all your command in xyz file. And run as follows
ssh -l k2patel nice.k2patel.in "`cat xzy`"
Comment on public key
You can control comment on public key during generation using following command.
ssh-keygen -t rsa -C "k2patel rsync to remote server xyz" -f .ssh/remote_xyz
Temporarily disable ssh key forwarding
This will disable key forwarding, while login with the key.
ssh yahoo.com -i .ssh/id_ed25519 -o IdentitiesOnly=yes -F /dev/null -l ketan