SSH

From Indie IT Wiki
Jump to: navigation, search

HOWTO:

Rsync Over SSH

Copy from remote (on a non-standard port) to local, just 1 file...

/usr/bin/rsync -v -h -a --include=filename.ext --exclude=* -e "ssh -p 2222" user@123.456.789.0:~/remotedir/ ~/localdir/

Copy from local to remote

/usr/bin/rsync -a -e ssh ~/my/local/folder/ username@192.168.0.x:~/path/to/folder/

Copy from local to remote, with extra options (e.g. disable host checking) wrapped with ' single quotes

/usr/bin/rsync -a -e 'ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' ~/my/local/folder/ username@192.168.0.x:~/path/to/folder/

Copy from remote to local

/usr/bin/rsync -a -e ssh username@192.168.0.x:~/path/to/folder/ ~/my/local/folder/

See Limit Bandwidth below...

Spaces In File Or Folder Name

If you want to rsync a file or folder with spaces in the file name, you have to escape and put double-quotes around both the local and remote shell parts of the command.

e.g.

/usr/bin/rsync -a -e ssh "username@192.168.0.x:\"~/path/to/folder/with spaces\"" ~/my/local/folder/

e.g.

rsync -v -a --exclude='*FLAC*' -e ssh "username@server:\"Music/Dream Theater\"" /home/username/Music/

Limit Bandwidth

Option 1 - use the rsync option to limit I/O bandwidth, in KB per second...

/usr/bin/rsync --bwlimit=2000 -a -e ssh ~/my/local/folder/ user@remote:~/path/to/folder/

https://www.dalemacartney.com/2012/09/08/bandwidth-throttling-with-rsync/

Option 2 - use the lightweight userspace bandwidth shaper trickle, also in KB per second...

/usr/bin/rsync -a -e trickle -d 2000 ssh ~/my/local/folder/ user@remote:~/path/to/folder/

Option 3 - use both rsync and trickle maybe, just remember that trickle has up and down limits...

/usr/bin/rsync --bwlimit=2000 -a -e trickle -d 2000 ssh ~/my/local/folder/ user@remote:~/path/to/folder/

Generate SSH Private Key

cd .ssh # There is no actual need to change directory, this is more to show where the key is stored.

ssh-keygen # Pressing enter will display the two lines shown below, if the file location is correct press enter again.

Generating public/private rsa key pair.
Enter file in which to save the key (/home/fdibnah/.ssh/id_rsa):

Follow prompts.

Copy Key To Server

ssh-copy-id -i ~/.ssh/id_rsa.pub username@ipaddress [-p 3313] # optional port number, omit brackets

Remove The SSH Last Login Information

Edit the following in the SSH config file:

sudo nano /etc/ssh/sshd_config

PrintLastLog no 

Save and exit.

Thanks Superuser.com.

Change The SSH Port Used By The Server

sudo nano /etc/ssh/sshd_config

Find and edit the following section:

# What ports, IPs and protocols we listen for
Port 22 # Change port to meet your requirements.

Save change and exit the file, then restart the SSH service:

sudo service ssh restart

Create 'config' File #1

touch ~/.ssh.config
chmod 0600 ~/.ssh/config
nano ~/.ssh/config
Host *
       AddressFamily inet
       ControlMaster auto
       ControlPath /tmp/ssh-%r@%h:%p
       StrictHostKeyChecking no
Host myserver
       User ubuntu
       Port 22
       HostName 123.456.789.0
       IdentityFile ~/.ssh/myserver.pem
Host client2server
       User joe
       Port 2212
       HostName myserver.com
       LocalForward 8207 192.168.0.207:8006
ssh myserver

Create 'config' File #2

The following will generate a new file allowing you to assign shortcut SSH logins instead of having to type "username@server1.mydomain.com".

nano ~/.ssh/config

Host *
   AddressFamily inet

Host <shortcut name> # For example: No1 - for server1.mydomain.com
        User <username> # Your username, i.e. jbloggs
        Port 22 # Unless otherwise configured
        HostName name.of.machine # For example: server1.mydomain.com

CTRL+o to save, then CTRL+x to exit.

AutoSSH Keep SSH Session Alive

Normal

autossh -M 0 -o "ServerAliveInterval 45" -o "ServerAliveCountMax 2" username@example.com

SSHFS

Example of sshfs combined with autossh to keep a persitant tunnel alive. This is great for those that experience dodgy internet connectivity :-)

sshfs -o IdentityFile=/home/localuser/.ssh/server,port=16482,idmap=user,reconnect,compression=yes,transform_symlinks,ServerAliveInterval=45,ServerAliveCountMax=2,ssh_command='autossh -M 0' user@server.com:/home/user/subfolder/ /home/localuser/mountpoint/

Thanks - https://wiki.archlinux.org/index.php/Secure_Shell#Autossh_-_automatically_restarts_SSH_sessions_and_tunnels

SSH File System

As it sounds, this will allow you to access a remote server's file system as if it were your own.

1. Install the software...

sudo apt-get install sshfs

2. Create the directory to mount your remote server's file system...

mkdir ~/myremoteserver

3. Generate a new SSH key (and give it a useful name like 'myremoteserver')...

ssh-keygen

Generating public/private rsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_rsa): /home/user/.ssh/myremoteserver
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/user/.ssh/myremoteserver.
Your public key has been saved in /home/user/.ssh/myremoteserver.pub.

4. Copy that key to the remote server...

ssh-copy-id -i ~/.ssh/myremoteserver.pub user@123.456.789.0 -p 12345

5. Test that you can log in without a prompt...

ssh -i ~/.ssh/myremoteserver user@123.456.789.0 -p 12345

6. Add an entry to your SSH config file for ease of use...

nano ~/.ssh/config

Host myremoteserver
       User username
       Port 12345
       HostName 123.456.789.0
       IdentityFile ~/.ssh/myremoteserver

7. Test that you can log in even easier...

ssh myremoteserver

8. Mount the remote file system to your own directory...

sshfs myremoteserver:~/path/to/data/ ~/myremoteserver/

9. Check you can read and write to it...

echo "test" >~/myremoteserver/test.txt
ls -lah ~/myremoteserver/

Job, done.

Port Forwarding

ssh -p remotesshport user@remoteexternalip -L myport:remotelocalip:remotelocalport

e.g.

ssh -p 22 user@01.23.456.789 -L 9999:192.168.1.229:8006

Then, point your web browser at http://127.0.0.1:9999 to see the magic. If the remote local web page is on https then you will need to change your web browser to that as well, e.g. https://127.0.0.1:8081

Personal VPN

Use a VM in another country and then SSH in to forward your browser's traffic using SOCK5 proxy.

ssh -D 9999 me@myserver.com

Then just point your browser’s SOCKS proxy settings to localhost:9999. Done!

Firefox > Preferences > Advanced > Network > Connection > Settings > Manual Proxy Configuration > SOCKS Host: 127.0.0.1 > Port: 9999 > Remote DNS

Now go to http://whatismyipaddress.com or https://www.dnsleaktest.com to test your 'IP' address :-)

INFO:

Password Generators

Seahorse

Seahorse provides a GUI front-end to the gnome-keyring-daemon.

Troubleshooting

Error agent admitted failure to sign

SSH Agent