ssh-keygen, ssh port forwarding, ssh-agent, ...
##
# ssh
ssh user@host
-i # use specific key file
-T # test connection
## Folder ~/.ssh
- config (stores information about how to connect)
'''
Host git.kolhagen.net
Hostname git.kolhagen.net
Port 2022
IdentityFile ~/.ssh/git.kolhagen.net
IdentitiesOnly yes
'''
- known-hosts (stores public keys of known hosts)
- authorized_keys (server only: public keys that are allowed to connect)
##
# ssh-keygen
ssh-keygen -b 4096 (default rsa)
ssh-keygen -t rsa/dsa/ecdsa/ed25519 -b X (X strenght of public key in bits)
ssh-keygen -f ~/.ssh/new-key
-e # export public/private key to format -m RFC4716/PKCS8/PEM
-l # show fingerprint
-E # fingerprint hash (md5, sha256); ssh-keygen -lf /file -E md5
-C # add comment
##
# scp
scp /path/to/file <host>:/path/to/destination
scp <host>:/path/to/file /path/to/destination
sftp neo@remoteserver
##
# ssh-agent (temporarily stores ssh keys)
ssh-agent -s & # start ssh-agent in background
ssh-add -K ~/.ssh/key-to-add
##
# PORT FORWARDING
## Types
-L LOCAL # client -> server
-R REMOTE # server -> client
-D DYNAMIC # several application/ports (i.e. SOCKS proxy)
ssh -L 8080:www.ubuntuforums.org:80 <host> # connect to localhost:8080 -> ubuntuforums.org via host
ssh -R 5500:localhost:5500 <host>
ssh -C -D 1080 <host> # + enabled compression (for slow links)
ssh -X <host> # X - Server
# start SOCKS proxy server on port 8888 on localhost (great alternative to vpn)
ssh -D 8888 user@remoteserver
ssh -D 0.0.0.0:8888 user@remoteserver # all interfaces (not just localhost)
ssh -R 0.0.0.0:1999 192.168.1.100 user@remoteserver # reverse proxy (port 1999)
# SSH Tunnel (port fwd)
ssh -L 9999:127.0.0.1:80 user@remoteserver # local listen
ssh -L 9999:10.10.10.10:80 user@remoteserver # secondary remote host
ssh -R 1999:127.0.0.1:902 192.168.1.100 user@remoteserver # reverse tunnel
ssh-copy-id user@remoteserver # copy ssh key to remote server .authorized file
cat ~/.ssh/id_rsa.pub | ssh remoteserver 'cat >> .ssh/authorized_keys'
# trick copy folder to remote server
tar -cvj /datafolder | ssh remoteserver "tar -xj -C /datafolder"