OpenSSH is a FREE version of the SSH connectivity tools that technical users of the Internet rely on. Users of telnet, rlogin, and ftp may not realize that their password is transmitted across the Internet unencrypted, but it is. OpenSSH encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other attacks. Additionally, OpenSSH provides secure tunneling capabilities and several authentication methods, and supports all SSH protocol versions. 1) COPY SSH KEYS TO USER@HOST TO ENABLE PASSWORD-LESS SSH LOGINS.ssh-copy-id user@hostTo generate the keys use the command ssh-keygen2) START A TUNNEL FROM SOME MACHINE’S PORT 80 TO YOUR LOCAL POST 2001 ssh -N -L2001:localhost:80 somemachineNow you can acces the website by going to http://localhost:2001/3) OUTPUT YOUR MICROPHONE TO A REMOTE COMPUTER’S SPEAKER dd if=/dev/dsp | ssh -c arcfour -C username@host dd of=/dev/dspThis will output the sound from your microphone port to the ssh target computer’s speaker port. The sound quality is very bad, so you will hear a lot of hissing. 4) COMPARE A REMOTE FILE WITH A LOCAL FILEssh user@host cat /path/to/remotefile | diff /path/to/localfile -Useful for checking if there are differences between local and remote files.5) MOUNT FOLDER/FILESYSTEM THROUGH SSH sshfs name@server:/path/to/folder /path/to/mount/pointInstall SSHFS from http://fuse.sourceforge.net/sshfs.html
Will allow you to mount a folder security over a network. 6) SSH CONNECTION THROUGH HOST IN THE MIDDLEssh -t reachable_host ssh unreachable_hostUnreachable_host is unavailable from local network, but it’s available from reachable_host’s network. This command creates a connection to unreachable_host through “hidden” connection to reachable_host. 7) COPY FROM HOST1 TO HOST2, THROUGH YOUR HOSTssh root@host1 “cd /somedir/tocopy/ && tar -cf – .” | ssh root@host2 “cd /samedir/tocopyto/ && tar -xf -”
Good if only you have access to host1 and host2, but they have no access to your host (so ncat won’t work) and they have no direct access to each other.
8) RUN ANY GUI PROGRAM REMOTELY
ssh -fX <user>@<host> <program>
The SSH server configuration requires:X11Forwarding yes # this is default in DebianAnd it’s convenient too: Compression delayed9) CREATE A PERSISTENT CONNECTION TO A MACHINEssh -MNf <user>@<host>Create a persistent SSH connection to the host in the background. Combine this with settings in your ~/.ssh/config:
Host host
ControlPath ~/.ssh/master-%r@%h:%p
ControlMaster no
All the SSH connections to the machine will then go through the persisten SSH socket. This is very useful if you are using SSH to synchronize files (using rsync/sftp/cvs/svn) on a regular basis because it won’t create a new socket each time to open an ssh connection. 10) ATTACH SCREEN OVER SSHssh -t remote_host screen -rDirectly attach a remote screen session (saves a useless parent bash process)11) PORT KNOCKING!knock <host> 3000 4000 5000 && ssh -p <port> user@host && knock <host> 5000 4000 3000 Knock on ports to open a port to a service (ssh for example) and knock again to close the port. You have to install knockd.
See example config file below.
[options]
logfile = /var/log/knockd.log
[openSSH]
sequence = 3000,4000,5000
seq_timeout = 5
command = /sbin/iptables -A INPUT -i eth0 -s %IP% -p tcp –dport 22 -j ACCEPT
tcpflags = syn
[closeSSH]
sequence = 5000,4000,3000
seq_timeout = 5
command = /sbin/iptables -D INPUT -i eth0 -s %IP% -p tcp –dport 22 -j ACCEPT
tcpflags = syn12) REMOVE A LINE IN A TEXT FILE. USEFUL TO FIXssh-keygen -R <the_offending_host>In this case it’s better do to use the dedicated tool13) RUN COMPLEX REMOTE SHELL CMDS OVER SSH, WITHOUT ESCAPING QUOTES ssh host -l user $(<cmd.txt)Much simpler method. More portable version: ssh host -l user “`cat cmd.txt`”14) COPY A MYSQL DATABASE TO A NEW SERVER VIA SSH WITH ONE COMMANDmysqldump –add-drop-table –extended-insert –force –log-error=error.log -uUSER -pPASS OLD_DB_NAME | ssh -C user@newhost “mysql -uUSER -pPASS NEW_DB_NAME” Dumps a MySQL database over a compressed SSH tunnel and uses it as input to mysql – i think that is the fastest and best way to migrate a DB to a new server!15) REMOVE A LINE IN A TEXT FILE. USEFUL TO FIX “SSH HOST KEY CHANGE” WARNINGS sed -i 8d ~/.ssh/known_hostsRead more: URFIX'S BLOG
Will allow you to mount a folder security over a network. 6) SSH CONNECTION THROUGH HOST IN THE MIDDLEssh -t reachable_host ssh unreachable_hostUnreachable_host is unavailable from local network, but it’s available from reachable_host’s network. This command creates a connection to unreachable_host through “hidden” connection to reachable_host. 7) COPY FROM HOST1 TO HOST2, THROUGH YOUR HOSTssh root@host1 “cd /somedir/tocopy/ && tar -cf – .” | ssh root@host2 “cd /samedir/tocopyto/ && tar -xf -”
Good if only you have access to host1 and host2, but they have no access to your host (so ncat won’t work) and they have no direct access to each other.
8) RUN ANY GUI PROGRAM REMOTELY
ssh -fX <user>@<host> <program>
The SSH server configuration requires:X11Forwarding yes # this is default in DebianAnd it’s convenient too: Compression delayed9) CREATE A PERSISTENT CONNECTION TO A MACHINEssh -MNf <user>@<host>Create a persistent SSH connection to the host in the background. Combine this with settings in your ~/.ssh/config:
Host host
ControlPath ~/.ssh/master-%r@%h:%p
ControlMaster no
All the SSH connections to the machine will then go through the persisten SSH socket. This is very useful if you are using SSH to synchronize files (using rsync/sftp/cvs/svn) on a regular basis because it won’t create a new socket each time to open an ssh connection. 10) ATTACH SCREEN OVER SSHssh -t remote_host screen -rDirectly attach a remote screen session (saves a useless parent bash process)11) PORT KNOCKING!knock <host> 3000 4000 5000 && ssh -p <port> user@host && knock <host> 5000 4000 3000 Knock on ports to open a port to a service (ssh for example) and knock again to close the port. You have to install knockd.
See example config file below.
[options]
logfile = /var/log/knockd.log
[openSSH]
sequence = 3000,4000,5000
seq_timeout = 5
command = /sbin/iptables -A INPUT -i eth0 -s %IP% -p tcp –dport 22 -j ACCEPT
tcpflags = syn
[closeSSH]
sequence = 5000,4000,3000
seq_timeout = 5
command = /sbin/iptables -D INPUT -i eth0 -s %IP% -p tcp –dport 22 -j ACCEPT
tcpflags = syn12) REMOVE A LINE IN A TEXT FILE. USEFUL TO FIXssh-keygen -R <the_offending_host>In this case it’s better do to use the dedicated tool13) RUN COMPLEX REMOTE SHELL CMDS OVER SSH, WITHOUT ESCAPING QUOTES ssh host -l user $(<cmd.txt)Much simpler method. More portable version: ssh host -l user “`cat cmd.txt`”14) COPY A MYSQL DATABASE TO A NEW SERVER VIA SSH WITH ONE COMMANDmysqldump –add-drop-table –extended-insert –force –log-error=error.log -uUSER -pPASS OLD_DB_NAME | ssh -C user@newhost “mysql -uUSER -pPASS NEW_DB_NAME” Dumps a MySQL database over a compressed SSH tunnel and uses it as input to mysql – i think that is the fastest and best way to migrate a DB to a new server!15) REMOVE A LINE IN A TEXT FILE. USEFUL TO FIX “SSH HOST KEY CHANGE” WARNINGS sed -i 8d ~/.ssh/known_hostsRead more: URFIX'S BLOG
Posts
0 comments:
Post a Comment