SSH tricks
SSH tricks
This is a small bundle of useful SSH tricks for you if you have not discovered the wonders of ssh config files. This tutorial assumes that the reader is familiar with basic basic Linux commands and is vaguely familiar with a terminal editor. All the commands mentioned below are meant to be run on the host machine aka on the local computer/laptop.
SSH without password
Entering your password becomes a serious problem when you interact with multiple servers everyday and at this stage SSH keys become a lifesaver. Apart from the obvious pain to using password with SSH, there is also an element of security involved. The steps for having a password-less ssh setup and to write a simple ssh-config file are enumerated below.
- Generate the key.
ssh-keygen -t rsa-
Continue by typing “yes” and this will save the public-private keypair in your ~/.ssh/ directory.
-
In the .ssh directory you will notice two files. First is id_rsa which is your private key and second is id_rsa.pub which is your public key. The private key should never leave your system under any circumstances and acts as your password/secret.
-
Now you copy the public key from the local host over to the remote host using
ssh-copy-id -i ~/.ssh/id_rsa.pub <user-name>@<remote-host>- ssh again and now It works!!!
ssh-copy-id <user-name>@<remote-host>- You can take this a step further and assign your remote host a name you prefer. This can be done via the SSH config file. Create a file called config inside .ssh directory as follows.
vim config- Add the below text to the file where sample is the name you prefer to use for the remote host.
host sample
User username
HostName sample.cs.jhu.edu
Port 22- Now, when you type ssh sample, it will SSH to sample.cs.jhu.edu
ssh sample- Try this on your CS ugrad and grad accounts!
Local Port Forwarding with SSH Config file
We live in the world with firewalls and these can be very restrictive at times. Frequently the only open ports are 80/443(HTTP/HTTPS) and 22(SSH). This prevents you from accessing services running on other ports, for example MySQL on 3306. Here port forwarding via SSH (also called SSH tunneling) can be a life saver. A short description of what this entails, is to create a connection between your local computer and a remote machine through which traffic can be relayed.
- A simple local port forwarding using ssh on command line
ssh -f -N -L 8036:localhost:3306 user@sample.cs.jhu.eduThe command above will forward all traffic from your local port 8036 to port 3306 on the remote host. Here options -f will run the job in the background and -N will make it execute a remote command. Now it can be difficult to remember the numerous ssh options and this long command. This can be easily mapped to your ssh config file as follows:
host tunnel
User username
HostName sample.cs.jhu.edu
LocalForward 8036 localhost:3306ssh -f -N tunnelX11 forwarding over SSH
-
What is X11? It is the windowing system for displays on Unix systems. You can read more on wikipedia.
-
So why is this relevant here? Well you can forward X11 over SSH from a remote host to your local host and access some components of the GUI over SSH. Do remember that this is no replacement for something like Unity, GNOME or KDE.
-
But you can use it for a bunch of stuff like opening a browser and using it over SSH.
-
A simple X11 command looks like this
ssh -X <user-name>@<remote-host>- Now you can open some supported software, for example a clock by typing
xclock- Or open a browser by typing
firefox- Do remember that this needs 2 things. X11 forwarding to be enabled on the remote host (most of them have this turned on) and a X11 server on your local host. Linux systems have one by default and no additional installation is required. If you are running Windows then you need Xming and XQuartz for OSX.
SSH X11 Forwarding on OSX
If you want to forward X11 on OSX, here is what you need in the config file.
host sample
User username
HostName sample.cs.jhu.edu
Port 22
ForwardX11 yes
ForwardX11Trusted yesKeeping your SSH connection alive
Are your ssh connections dropped due to inactivity? Adding ServerAliveInterval to the config file will prevent this from happening.
host sample
User username
HostName sample.cs.jhu.edu
Port 22
ServerAliveInterval 100