This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
ssh [2011/10/28 15:14] k2patel [SCP Speed UP] |
ssh [2021/06/08 20:07] k2patel [Tips & Tricks] |
||
---|---|---|---|
Line 32: | Line 32: | ||
==== SSH Tunnels ==== | ==== SSH Tunnels ==== | ||
+ | === Forward Tunnel === | ||
+ | It is used when you want to forward local port to remote port over SSH. | ||
+ | <code bash> | ||
+ | ssh -f -N -L 5445:localhost:5432 root@<machine> | ||
+ | </code> | ||
+ | |||
+ | === Reverse Tunnel === | ||
+ | It is used when you want to forward Remote Port to Local Port.\\ | ||
+ | Usually used to allow access other way around. | ||
+ | |||
+ | <code bash> | ||
+ | ssh -f -N -R 5445:localhost:5432 root@<machine> | ||
+ | </code> | ||
+ | |||
+ | ==== SSH Agent automation ==== | ||
+ | |||
+ | Undefine existing value and define new value in session.\\ | ||
+ | This also keep the value same since nothing is changing. | ||
+ | |||
+ | <code bash | .screenrc> | ||
+ | unsetenv SSH_AUTH_SOCK | ||
+ | setenv SSH_AUTH_SOCK $HOME/.screen/ssh-auth-sock.$USERNAME | ||
+ | </code> | ||
+ | | ||
+ | Each call of screen command will overwrite the existing symlink. | ||
+ | |||
+ | <code bash | .bashrc> | ||
+ | _ssh_auth_save() { | ||
+ | ln -sf "$SSH_AUTH_SOCK" "$HOME/.screen/ssh-auth-sock.$USERNAME" | ||
+ | } | ||
+ | alias screen='_ssh_auth_save ; screen' | ||
+ | </code> | ||
+ | |||
+ | Now add key to your session with "ssh-add".\\ | ||
+ | That should do it. | ||
+ | |||
+ | |||
+ | ==== Tips & Tricks ==== | ||
+ | |||
+ | == Show fingerprint of key == | ||
+ | <note important>You can use -v to print random ASCII Image</note> | ||
+ | |||
+ | <code bash> | ||
+ | # Using -E can specify MD5 has which mostly require to compare | ||
+ | ssh-keygen -lf .ssh/OLD/id_rsa.pub.old | ||
+ | </code> | ||
+ | OR | ||
+ | <code bash> | ||
+ | ssh-keygen -l -F ip.k2patel.in | ||
+ | </code> | ||
+ | |||
+ | It will print for all public key in single file if there is multiple key in it.\\ | ||
+ | Also, it is usefull in identifying MITM Attack by comparing against your known host.\\ | ||
+ | |||
+ | == Print fingerprint on login == | ||
+ | You can enabled printing of server key by setting following variable.\\ | ||
+ | <note tip>you can setup on any of following file /etc/ssh/ssh_config OR .ssh/config</note> | ||
+ | <code bash> | ||
+ | VisualHostKey yes | ||
+ | </code> | ||
+ | |||
+ | == Run Command from file Remotely == | ||
+ | Place all your command in xyz file. And run as follows | ||
+ | <code bash> | ||
+ | ssh -l k2patel nice.k2patel.in "`cat xzy`" | ||
+ | </code> | ||
+ | |||
+ | == Comment on public key == | ||
+ | You can control comment on public key during generation using following command. | ||
+ | |||
+ | <code bash> | ||
+ | ssh-keygen -t rsa -C "k2patel rsync to remote server xyz" -f .ssh/remote_xyz | ||
+ | </code> | ||
+ | |||
+ | == Temporarily disable ssh key forwarding == | ||
+ | This will disable key forwarding, while login with the key. | ||
+ | <code bash> | ||
+ | ssh yahoo.com -i .ssh/id_ed25519 -o IdentitiesOnly=yes -F /dev/null -l ketan | ||
+ | </code> |