User Tools

Site Tools


ssh

SSH

Converting SSH2 Keys

From ssh2 to openssh

ssh-keygen -i -f id_dsa.pub > id_dsa_open.pub

From OpenSSH to ssh2

ssh-keygen -e -f id_dsa.pub > id_dsa_ssh2.pub

SCP Speed UP

To increase speed on transfer you can force cipher to arcfour.
You can use same mechanism with rsync when you use ssh encapsulation.

scp -c arcfour <source> <destination>
rsync -av -e "ssh -c arcfour -l <username>" <Source> <Destination>

<span style="color:red">NOTE:</span> THis reduce your security though

SSH Tunnels

Forward Tunnel

It is used when you want to forward local port to remote port over SSH.

ssh -f -N -L 5445:localhost:5432 root@<machine>

Reverse Tunnel

It is used when you want to forward Remote Port to Local Port.
Usually used to allow access other way around.

ssh -f -N -R 5445:localhost:5432 root@<machine>

SSH Agent automation

Undefine existing value and define new value in session.
This also keep the value same since nothing is changing.

| .screenrc
    unsetenv SSH_AUTH_SOCK
    setenv SSH_AUTH_SOCK $HOME/.screen/ssh-auth-sock.$USERNAME

Each call of screen command will overwrite the existing symlink.

| .bashrc
    _ssh_auth_save() {
            ln -sf "$SSH_AUTH_SOCK" "$HOME/.screen/ssh-auth-sock.$USERNAME"
    }
    alias screen='_ssh_auth_save ; screen'

Now add key to your session with “ssh-add”.
That should do it.

Tips & Tricks

Show fingerprint of key

<note important>You can use -v to print random ASCII Image</note>

# Using -E can specify MD5 has which mostly require to compare
ssh-keygen -lf .ssh/OLD/id_rsa.pub.old

OR

ssh-keygen -l -F ip.k2patel.in

It will print for all public key in single file if there is multiple key in it.
Also, it is usefull in identifying MITM Attack by comparing against your known host.

You can enabled printing of server key by setting following variable.
<note tip>you can setup on any of following file /etc/ssh/ssh_config OR .ssh/config</note>

VisualHostKey yes
Run Command from file Remotely

Place all your command in xyz file. And run as follows

ssh -l k2patel nice.k2patel.in "`cat xzy`"
Comment on public key

You can control comment on public key during generation using following command.

ssh-keygen -t rsa -C "k2patel rsync to remote server xyz" -f .ssh/remote_xyz
Temporarily disable ssh key forwarding

This will disable key forwarding, while login with the key.

ssh yahoo.com -i .ssh/id_ed25519 -o IdentitiesOnly=yes -F /dev/null -l ketan
ssh.txt · Last modified: 2021/06/08 20:07 by k2patel