From Indie IT Wiki
Jump to: navigation, search


Delete Remote Host Known Key

Because of server upgrade or whatever...

ssh-keygen -f "/home/user/.ssh/known_hosts" -R []:2212

Rsync Over SSH

Copy from remote (on a non-standard port) to local, just 1 file...

/usr/bin/rsync -v -h -a --include=filename.ext --exclude=* -e "ssh -p 2222" user@123.456.789.0:~/remotedir/ ~/localdir/

Copy from local to remote

/usr/bin/rsync -a -e ssh ~/my/local/folder/ username@192.168.0.x:~/path/to/folder/

Copy from local to remote, with extra options (e.g. disable host checking) wrapped with ' single quotes

/usr/bin/rsync -a -e 'ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' ~/my/local/folder/ username@192.168.0.x:~/path/to/folder/

Copy from remote to local

/usr/bin/rsync -a -e ssh username@192.168.0.x:~/path/to/folder/ ~/my/local/folder/

See Limit Bandwidth below...

Spaces In File Or Folder Name

If you want to rsync a file or folder with spaces in the file name, you have to escape and put double-quotes around both the local and remote shell parts of the command.


/usr/bin/rsync -a -e ssh "username@192.168.0.x:\"~/path/to/folder/with spaces\"" ~/my/local/folder/


rsync -v -a --exclude='*FLAC*' -e ssh "username@server:\"Music/Dream Theater\"" /home/username/Music/

Limit Bandwidth

Option 1 - use the rsync option to limit I/O bandwidth, in KB per second...

/usr/bin/rsync --bwlimit=2000 -a -e ssh ~/my/local/folder/ user@remote:~/path/to/folder/

Option 2 - use the lightweight userspace bandwidth shaper trickle, also in KB per second...

/usr/bin/rsync -a -e trickle -d 2000 ssh ~/my/local/folder/ user@remote:~/path/to/folder/

Option 3 - use both rsync and trickle maybe, just remember that trickle has up and down limits...

/usr/bin/rsync --bwlimit=2000 -a -e trickle -d 2000 ssh ~/my/local/folder/ user@remote:~/path/to/folder/

Generate SSH Private Key

cd .ssh # There is no actual need to change directory, this is more to show where the key is stored.

ssh-keygen # Pressing enter will display the two lines shown below, if the file location is correct press enter again.

Generating public/private rsa key pair.
Enter file in which to save the key (/home/fdibnah/.ssh/id_rsa):

Follow prompts.

Copy Key To Server

ssh-copy-id -i ~/.ssh/ username@ipaddress [-p 3313] # optional port number, omit brackets

Remove The SSH Last Login Information

Edit the following in the SSH config file:

sudo nano /etc/ssh/sshd_config

PrintLastLog no 

Save and exit.


Change The SSH Port Used By The Server

sudo nano /etc/ssh/sshd_config

Find and edit the following section:

# What ports, IPs and protocols we listen for
Port 22 # Change port to meet your requirements.

Save change and exit the file, then restart the SSH service:

sudo service ssh restart

Create 'config' File #1

touch ~/.ssh.config
chmod 0600 ~/.ssh/config
nano ~/.ssh/config
Host *
       AddressFamily inet
       ControlMaster auto
       ControlPath /tmp/ssh-%r@%h:%p
       StrictHostKeyChecking no
Host myserver
       User ubuntu
       Port 22
       HostName 123.456.789.0
       IdentityFile ~/.ssh/myserver.pem
Host client2server
       User joe
       Port 2212
       LocalForward 8207
ssh myserver

Create 'config' File #2

The following will generate a new file allowing you to assign shortcut SSH logins instead of having to type "".

nano ~/.ssh/config

Host *
   AddressFamily inet

Host <shortcut name> # For example: No1 - for
        User <username> # Your username, i.e. jbloggs
        Port 22 # Unless otherwise configured
        HostName name.of.machine # For example:

CTRL+o to save, then CTRL+x to exit.

AutoSSH Keep SSH Session Alive


autossh -M 0 -o "ServerAliveInterval 45" -o "ServerAliveCountMax 2"


Example of sshfs combined with autossh to keep a persitant tunnel alive. This is great for those that experience dodgy internet connectivity :-)

sshfs -o IdentityFile=/home/localuser/.ssh/server,port=16482,idmap=user,reconnect,compression=yes,transform_symlinks,ServerAliveInterval=45,ServerAliveCountMax=2,ssh_command='autossh -M 0' /home/localuser/mountpoint/

Thanks -

SSH File System

As it sounds, this will allow you to access a remote server's file system as if it were your own.

1. Install the software...

sudo apt-get install sshfs

2. Create the directory to mount your remote server's file system...

mkdir ~/myremoteserver

3. Generate a new SSH key (and give it a useful name like 'myremoteserver')...


Generating public/private rsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_rsa): /home/user/.ssh/myremoteserver
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/user/.ssh/myremoteserver.
Your public key has been saved in /home/user/.ssh/

4. Copy that key to the remote server...

ssh-copy-id -i ~/.ssh/ user@123.456.789.0 -p 12345

5. Test that you can log in without a prompt...

ssh -i ~/.ssh/myremoteserver user@123.456.789.0 -p 12345

6. Add an entry to your SSH config file for ease of use...

nano ~/.ssh/config

Host myremoteserver
       User username
       Port 12345
       HostName 123.456.789.0
       IdentityFile ~/.ssh/myremoteserver

7. Test that you can log in even easier...

ssh myremoteserver

8. Mount the remote file system to your own directory...

sshfs myremoteserver:~/path/to/data/ ~/myremoteserver/

9. Check you can read and write to it...

echo "test" >~/myremoteserver/test.txt
ls -lah ~/myremoteserver/

Job, done.

Port Forwarding

ssh -p remotesshport user@remoteexternalip -L myport:remotelocalip:remotelocalport


ssh -p 22 user@01.23.456.789 -L 9999:

Then, point your web browser at to see the magic. If the remote local web page is on https then you will need to change your web browser to that as well, e.g.

Personal VPN

Use a VM in another country and then SSH in to forward your browser's traffic using SOCK5 proxy.

ssh -D 9999

Then just point your browser’s SOCKS proxy settings to localhost:9999. Done!

Firefox > Preferences > Advanced > Network > Connection > Settings > Manual Proxy Configuration > SOCKS Host: > Port: 9999 > Remote DNS

Now go to or to test your 'IP' address :-)


Password Generators


Seahorse provides a GUI front-end to the gnome-keyring-daemon.


Error agent admitted failure to sign

SSH Agent