- 1 HOWTO:
- 1.1 Reverse SSH
- 1.2 SFTP
- 1.3 Delete Remote Host Known Key
- 1.4 Rsync Over SSH
- 1.5 Generate SSH Private Key
- 1.6 Copy Key To Server
- 1.7 Remove The SSH Last Login Information
- 1.8 Change The SSH Port Used By The Server
- 1.9 Create 'config' File #1
- 1.10 Create 'config' File #2
- 2 AutoSSH Keep SSH Session Alive
- 3 SSH File System
- 4 Port Forwarding
- 5 Personal VPN
- 6 INFO:
- 7 SSH Agent
- 8 Windows Install
To connect to a remote laptop...
Get the laptop client to SSH in to a server and build a reverse port forward...
ssh email@example.com -p 222 -R 6000:localhost:22
Then, the admin can SSH in to the same server, then SSH to the remote laptop via the reverse connection...
ssh admin@localhost -p 6000
TO BE COMPLETED SOON
Delete Remote Host Known Key
Because of server upgrade or whatever...
ssh-keygen -f "/home/user/.ssh/known_hosts" -R [server.domain.com]:2212
Rsync Over SSH
Copy from remote (on a non-standard port) to local, just 1 file...
/usr/bin/rsync -v -h -a --include=filename.ext --exclude=* -e "ssh -p 2222" firstname.lastname@example.org:~/remotedir/ ~/localdir/
Copy from local to remote
/usr/bin/rsync -a -e ssh ~/my/local/folder/ email@example.com:~/path/to/folder/
Copy from local to remote, with extra options (e.g. disable host checking) wrapped with ' single quotes
/usr/bin/rsync -a -e 'ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' ~/my/local/folder/ firstname.lastname@example.org:~/path/to/folder/
Copy from remote to local
/usr/bin/rsync -a -e ssh email@example.com:~/path/to/folder/ ~/my/local/folder/
See Limit Bandwidth below...
Spaces In File Or Folder Name
If you want to rsync a file or folder with spaces in the file name, you have to escape and put double-quotes around both the local and remote shell parts of the command.
/usr/bin/rsync -a -e ssh "firstname.lastname@example.org:\"~/path/to/folder/with spaces\"" ~/my/local/folder/
rsync -v -a --exclude='*FLAC*' -e ssh "username@server:\"Music/Dream Theater\"" /home/username/Music/
Option 1 - use the rsync option to limit I/O bandwidth, in KB per second...
/usr/bin/rsync --bwlimit=2000 -a -e ssh ~/my/local/folder/ user@remote:~/path/to/folder/
Option 2 - use the lightweight userspace bandwidth shaper trickle, also in KB per second...
/usr/bin/rsync -a -e trickle -d 2000 ssh ~/my/local/folder/ user@remote:~/path/to/folder/
Option 3 - use both rsync and trickle maybe, just remember that trickle has up and down limits...
/usr/bin/rsync --bwlimit=2000 -a -e trickle -d 2000 ssh ~/my/local/folder/ user@remote:~/path/to/folder/
Generate SSH Private Key
cd .ssh # There is no actual need to change directory, this is more to show where the key is stored. ssh-keygen # Pressing enter will display the two lines shown below, if the file location is correct press enter again. Generating public/private rsa key pair. Enter file in which to save the key (/home/fdibnah/.ssh/id_rsa):
Copy Key To Server
ssh-copy-id -i ~/.ssh/id_rsa.pub username@ipaddress [-p 3313] # optional port number, omit brackets
cat ~/.ssh/my_id_rsa.pub | ssh -i ~/.ssh/lightsail.pem email@example.com "cat >> ~/.ssh/authorized_keys"
Remove The SSH Last Login Information
Edit the following in the SSH config file:
sudo nano /etc/ssh/sshd_config PrintLastLog no
Save and exit.
Change The SSH Port Used By The Server
sudo nano /etc/ssh/sshd_config
Find and edit the following section:
# What ports, IPs and protocols we listen for Port 22 # Change port to meet your requirements.
Save change and exit the file, then restart the SSH service:
sudo service ssh restart
Create 'config' File #1
touch ~/.ssh.config chmod 0600 ~/.ssh/config nano ~/.ssh/config
Host * AddressFamily inet ControlMaster auto ControlPath /tmp/ssh-%r@%h:%p StrictHostKeyChecking no Host myserver User ubuntu Port 22 HostName 123.456.789.0 IdentityFile ~/.ssh/myserver.pem Host client2server User joe Port 2212 HostName myserver.com LocalForward 8207 192.168.0.207:8006
Create 'config' File #2
The following will generate a new file allowing you to assign shortcut SSH logins instead of having to type "firstname.lastname@example.org".
nano ~/.ssh/config Host * AddressFamily inet Host <shortcut name> # For example: No1 - for server1.mydomain.com User <username> # Your username, i.e. jbloggs Port 22 # Unless otherwise configured HostName name.of.machine # For example: server1.mydomain.com
CTRL+o to save, then CTRL+x to exit.
AutoSSH Keep SSH Session Alive
autossh -M 0 -o "ServerAliveInterval 45" -o "ServerAliveCountMax 2" email@example.com
Example of sshfs combined with autossh to keep a persitant tunnel alive. This is great for those that experience dodgy internet connectivity :-)
sshfs -o IdentityFile=/home/localuser/.ssh/server,port=16482,idmap=user,reconnect,compression=yes,transform_symlinks,ServerAliveInterval=45,ServerAliveCountMax=2,ssh_command='autossh -M 0' firstname.lastname@example.org:/home/user/subfolder/ /home/localuser/mountpoint/
SSH File System
As it sounds, this will allow you to access a remote server's file system as if it were your own.
1. Install the software...
sudo apt-get install sshfs
2. Create the directory to mount your remote server's file system...
3. Generate a new SSH key (and give it a useful name like 'myremoteserver')...
ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/home/user/.ssh/id_rsa): /home/user/.ssh/myremoteserver Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/user/.ssh/myremoteserver. Your public key has been saved in /home/user/.ssh/myremoteserver.pub.
4. Copy that key to the remote server...
ssh-copy-id -i ~/.ssh/myremoteserver.pub email@example.com -p 12345
5. Test that you can log in without a prompt...
ssh -i ~/.ssh/myremoteserver firstname.lastname@example.org -p 12345
6. Add an entry to your SSH config file for ease of use...
nano ~/.ssh/config Host myremoteserver User username Port 12345 HostName 123.456.789.0 IdentityFile ~/.ssh/myremoteserver
7. Test that you can log in even easier...
8. Mount the remote file system to your own directory...
sshfs myremoteserver:~/path/to/data/ ~/myremoteserver/
9. Check you can read and write to it...
echo "test" >~/myremoteserver/test.txt ls -lah ~/myremoteserver/
Unmounting Disconnecting SSHFS
fusermount -u /path/to/mountpoint/
ssh -p remotesshport user@remoteexternalip -L myport:remotelocalip:remotelocalport
ssh -p 22 email@example.com -L 9999:192.168.1.229:8006
Then, point your web browser at http://127.0.0.1:9999 to see the magic. If the remote local web page is on https then you will need to change your web browser to that as well, e.g. https://127.0.0.1:8081
Use a VM in another country and then SSH in to forward your browser's traffic using SOCK5 proxy.
ssh -D 9999 firstname.lastname@example.org
Then just point your browser’s SOCKS proxy settings to localhost:9999. Done!
Firefox > Preferences > Advanced > Network > Connection > Settings > Manual Proxy Configuration > SOCKS Host: 127.0.0.1 > Port: 9999 > Remote DNS
Seahorse provides a GUI front-end to the gnome-keyring-daemon.
no matching cipher found. Their offer: aes256-cbc
ssh -c aes256-cbc user@server
Error agent admitted failure to sign
Win-SSHFS fork of the above and more up-to-date.