From derwiki.tumblr.com
How I Learned to Stop Worrying and Love SSH
Before there were VPNs, there was ssh. And when you don’t have access to your VPN or can’t set one up, you can still get most of the functionality over ssh.
Quick and dirty HTTP tunneling
This is useful if you need to hit an internal server through a proxy server:
ssh -f -N -L 31609:hostireallywanttogetto.com:80 proxyhost.com
and then load http://localhost:31609 in your browser and it will look like http://hostireallywanttogetto.com from proxyhost.com’s point of view. Similarly:
ssh -f -N -L 31610:securehost.com:443 proxyhost.com
will forward SSL traffic to https://localhost:31610/. Not gonna work completely, but it’s a quick and dirty solution I’ve used to get to internal wiki servers before.
Quicker and Dirtier SSH tunneling
This isn’t very different from ssh’ing into one box and immediately ssh’ing to another. It avoids an extra bash process and it’s quicker, but that’s really it — except for the BAMF factor:
ssh -t gatewaymachine.com ssh hostireallywanttogetto
Reverse SSH tunneling a shell
Got a computer behind a firewall whose configuration you don’t have access to? It’s pretty easy to get the computer behind the firewall to poke out to another server.
(step 1, from the computer you wish to access)
derwiki@firewalledcomputer:~$ ssh -R localhost:2002:localhost:22 mypublicserver.com
(step 2, from any computer than can access mypublicserver.com)
derwiki@mylaptopontheinternet:~$ ssh mypublicserver.com -p 2002
(authenticate)
derwiki@firewalledcomputer:~$
I’ve found this especially useful to get into my dad’s computer and fix things. I put the “ssh -R” command into a shell script called “letadamin”, made it executable, and put it on his desktop. Now it’s super easy for him to grant me access in.
Tunneling SCP through a gateway
Sometimes you want to file transfer through a gateway machine:
ssh -N -L 1234:targetmachine:22 mypublicserver.com
scp -P 1234 localhost:~/remotefile localfile
Quickly setting up passwordless SSH
First make sure you’ve generated a key file: ssh-keygen
Ubuntu (and other Linux distros) make it really easy:
ssh-copy-id user@remotehost
OS X seems to lack this, so the quick one liner I have is:
cat ~/.ssh/id_dsa.pub | ssh username@myslicehostserver.com “cat - » ~/.ssh/authorized_keys”
These are the most frequent ssh commands that I’ve “discovered.” What’s your favorite thing to do with ssh that I’ve missed?
Thanks to Lann and Shivaram for helping me come up with this list
Update: some people have contributed some great ssh tips on Hacker News