slothsoffun
4/5/2018 - 10:51 AM

SSH commands

ssh-keygen, ssh port forwarding, ssh-agent, ...

##
# ssh
ssh user@host
-i # use specific key file
-T # test connection

## Folder ~/.ssh
- config (stores information about how to connect)
'''
Host git.kolhagen.net
    Hostname git.kolhagen.net
    Port 2022
    IdentityFile ~/.ssh/git.kolhagen.net
    IdentitiesOnly yes
''' 
- known-hosts (stores public keys of known hosts)
- authorized_keys (server only: public keys that are allowed to connect)

##
# ssh-keygen
ssh-keygen -b 4096 (default rsa)
ssh-keygen -t rsa/dsa/ecdsa/ed25519 -b X (X strenght of public key in bits)
ssh-keygen -f ~/.ssh/new-key

-e # export public/private key to format -m RFC4716/PKCS8/PEM
-l # show fingerprint
-E # fingerprint hash (md5, sha256); ssh-keygen -lf /file -E md5
-C # add comment

##
# scp
scp /path/to/file <host>:/path/to/destination
scp <host>:/path/to/file /path/to/destination

sftp neo@remoteserver

##
# ssh-agent (temporarily stores ssh keys)
ssh-agent -s & # start ssh-agent in background
ssh-add -K ~/.ssh/key-to-add

##
# PORT FORWARDING

## Types
-L LOCAL # client -> server
-R REMOTE # server -> client
-D DYNAMIC # several application/ports (i.e. SOCKS proxy)

ssh -L 8080:www.ubuntuforums.org:80 <host> # connect to localhost:8080 -> ubuntuforums.org via host
ssh -R 5500:localhost:5500 <host>
ssh -C -D 1080 <host> # + enabled compression (for slow links)
ssh -X <host> # X - Server

# start SOCKS proxy server on port 8888 on localhost (great alternative to vpn)
ssh -D 8888 user@remoteserver
ssh -D 0.0.0.0:8888 user@remoteserver # all interfaces (not just localhost)
ssh -R 0.0.0.0:1999 192.168.1.100 user@remoteserver # reverse proxy (port 1999)


# SSH Tunnel (port fwd)
ssh -L 9999:127.0.0.1:80 user@remoteserver # local listen
ssh -L 9999:10.10.10.10:80 user@remoteserver # secondary remote host
ssh -R 1999:127.0.0.1:902 192.168.1.100 user@remoteserver # reverse tunnel


ssh-copy-id user@remoteserver # copy ssh key to remote server .authorized file
cat ~/.ssh/id_rsa.pub | ssh remoteserver 'cat >> .ssh/authorized_keys'

# trick copy folder to remote server
tar -cvj /datafolder | ssh remoteserver "tar -xj -C /datafolder"