Jul 212010
 

From derwiki.tumblr.com

How I Learned to Stop Worrying and Love SSH

Before there were VPNs, there was ssh. And when you don’t have access to your VPN or can’t set one up, you can still get most of the functionality over ssh.

Quick and dirty HTTP tunneling

This is useful if you need to hit an internal server through a proxy server:

ssh -f -N -L 31609:hostireallywanttogetto.com:80 proxyhost.com

and then load http://localhost:31609 in your browser and it will look like http://hostireallywanttogetto.com from proxyhost.com’s point of view. Similarly:

ssh -f -N -L 31610:securehost.com:443 proxyhost.com

will forward SSL traffic to https://localhost:31610/. Not gonna work completely, but it’s a quick and dirty solution I’ve used to get to internal wiki servers before.

Quicker and Dirtier SSH tunneling

This isn’t very different from ssh’ing into one box and immediately ssh’ing to another. It avoids an extra bash process and it’s quicker, but that’s really it — except for the BAMF factor:

ssh -t gatewaymachine.com ssh hostireallywanttogetto

Reverse SSH tunneling a shell

Got a computer behind a firewall whose configuration you don’t have access to? It’s pretty easy to get the computer behind the firewall to poke out to another server.

(step 1, from the computer you wish to access)

[email protected]:~$ ssh -R localhost:2002:localhost:22 mypublicserver.com

(step 2, from any computer than can access mypublicserver.com)

[email protected]:~$ ssh mypublicserver.com -p 2002
(authenticate)
[email protected]:~$

I’ve found this especially useful to get into my dad’s computer and fix things. I put the “ssh -R” command into a shell script called “letadamin”, made it executable, and put it on his desktop. Now it’s super easy for him to grant me access in.

Tunneling SCP through a gateway

Sometimes you want to file transfer through a gateway machine:

ssh -N -L 1234:targetmachine:22 mypublicserver.com
scp -P 1234 localhost:~/remotefile localfile

Quickly setting up passwordless SSH

First make sure you’ve generated a key file: ssh-keygen
Ubuntu (and other Linux distros) make it really easy:

ssh-copy-id [email protected]

OS X seems to lack this, so the quick one liner I have is:

cat ~/.ssh/id_dsa.pub | ssh [email protected] “cat - » ~/.ssh/authorized_keys”

These are the most frequent ssh commands that I’ve “discovered.” What’s your favorite thing to do with ssh that I’ve missed?

Thanks to Lann and Shivaram for helping me come up with this list

Update: some people have contributed some great ssh tips on Hacker News

Share This!
 Posted by at 11:06 pm

Sorry, the comment form is closed at this time.