ssh
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
ssh [2011/10/28 15:14] k2patel [SCP Speed UP] |
ssh [2021/06/08 20:07] (current) k2patel [Tips & Tricks] |
||
|---|---|---|---|
| Line 32: | Line 32: | ||
| ==== SSH Tunnels ==== | ==== SSH Tunnels ==== | ||
| + | === Forward Tunnel === | ||
| + | It is used when you want to forward local port to remote port over SSH. | ||
| + | <code bash> | ||
| + | ssh -f -N -L 5445:localhost:5432 root@<machine> | ||
| + | </code> | ||
| + | |||
| + | === Reverse Tunnel === | ||
| + | It is used when you want to forward Remote Port to Local Port.\\ | ||
| + | Usually used to allow access other way around. | ||
| + | |||
| + | <code bash> | ||
| + | ssh -f -N -R 5445:localhost:5432 root@<machine> | ||
| + | </code> | ||
| + | |||
| + | ==== SSH Agent automation ==== | ||
| + | |||
| + | Undefine existing value and define new value in session.\\ | ||
| + | This also keep the value same since nothing is changing. | ||
| + | |||
| + | <code bash | .screenrc> | ||
| + | unsetenv SSH_AUTH_SOCK | ||
| + | setenv SSH_AUTH_SOCK $HOME/.screen/ssh-auth-sock.$USERNAME | ||
| + | </code> | ||
| + | | ||
| + | Each call of screen command will overwrite the existing symlink. | ||
| + | |||
| + | <code bash | .bashrc> | ||
| + | _ssh_auth_save() { | ||
| + | ln -sf "$SSH_AUTH_SOCK" "$HOME/.screen/ssh-auth-sock.$USERNAME" | ||
| + | } | ||
| + | alias screen='_ssh_auth_save ; screen' | ||
| + | </code> | ||
| + | |||
| + | Now add key to your session with "ssh-add".\\ | ||
| + | That should do it. | ||
| + | |||
| + | |||
| + | ==== Tips & Tricks ==== | ||
| + | |||
| + | == Show fingerprint of key == | ||
| + | <note important>You can use -v to print random ASCII Image</note> | ||
| + | |||
| + | <code bash> | ||
| + | # Using -E can specify MD5 has which mostly require to compare | ||
| + | ssh-keygen -lf .ssh/OLD/id_rsa.pub.old | ||
| + | </code> | ||
| + | OR | ||
| + | <code bash> | ||
| + | ssh-keygen -l -F ip.k2patel.in | ||
| + | </code> | ||
| + | |||
| + | It will print for all public key in single file if there is multiple key in it.\\ | ||
| + | Also, it is usefull in identifying MITM Attack by comparing against your known host.\\ | ||
| + | |||
| + | == Print fingerprint on login == | ||
| + | You can enabled printing of server key by setting following variable.\\ | ||
| + | <note tip>you can setup on any of following file /etc/ssh/ssh_config OR .ssh/config</note> | ||
| + | <code bash> | ||
| + | VisualHostKey yes | ||
| + | </code> | ||
| + | |||
| + | == Run Command from file Remotely == | ||
| + | Place all your command in xyz file. And run as follows | ||
| + | <code bash> | ||
| + | ssh -l k2patel nice.k2patel.in "`cat xzy`" | ||
| + | </code> | ||
| + | |||
| + | == Comment on public key == | ||
| + | You can control comment on public key during generation using following command. | ||
| + | |||
| + | <code bash> | ||
| + | ssh-keygen -t rsa -C "k2patel rsync to remote server xyz" -f .ssh/remote_xyz | ||
| + | </code> | ||
| + | |||
| + | == Temporarily disable ssh key forwarding == | ||
| + | This will disable key forwarding, while login with the key. | ||
| + | <code bash> | ||
| + | ssh yahoo.com -i .ssh/id_ed25519 -o IdentitiesOnly=yes -F /dev/null -l ketan | ||
| + | </code> | ||
ssh.1319814855.txt.gz ยท Last modified: 2020/08/10 02:29 (external edit)
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
