Blog

SSH infoz

From derwiki.tumblr.com

How I Learned to Stop Worrying and Love SSH

Before there were VPNs, there was ssh. And when you don’t have access to your VPN or can’t set one up, you can still get most of the functionality over ssh.

Quick and dirty HTTP tunneling

This is useful if you need to hit an internal server through a proxy server:

ssh -f -N -L 31609:hostireallywanttogetto.com:80 proxyhost.com

and then load http://localhost:31609 in your browser and it will look like http://hostireallywanttogetto.com from proxyhost.com’s point of view. Similarly:

ssh -f -N -L 31610:securehost.com:443 proxyhost.com

will forward SSL traffic to https://localhost:31610/. Not gonna work completely, but it’s a quick and dirty solution I’ve used to get to internal wiki servers before.

Quicker and Dirtier SSH tunneling

This isn’t very different from ssh’ing into one box and immediately ssh’ing to another. It avoids an extra bash process and it’s quicker, but that’s really it — except for the BAMF factor:

ssh -t gatewaymachine.com ssh hostireallywanttogetto

Reverse SSH tunneling a shell

Got a computer behind a firewall whose configuration you don’t have access to? It’s pretty easy to get the computer behind the firewall to poke out to another server.

(step 1, from the computer you wish to access)
derwiki@firewalledcomputer:~$ ssh -R localhost:2002:localhost:22 mypublicserver.com

(step 2, from any computer than can access mypublicserver.com)
derwiki@mylaptopontheinternet:~$ ssh mypublicserver.com -p 2002
(authenticate)
derwiki@firewalledcomputer:~$

I’ve found this especially useful to get into my dad’s computer and fix things. I put the “ssh -R” command into a shell script called “letadamin”, made it executable, and put it on his desktop. Now it’s super easy for him to grant me access in.

Tunneling SCP through a gateway

Sometimes you want to file transfer through a gateway machine:

ssh -N -L 1234:targetmachine:22 mypublicserver.com
scp -P 1234 localhost:~/remotefile localfile

Quickly setting up passwordless SSH

First make sure you’ve generated a key file: ssh-keygen
Ubuntu (and other Linux distros) make it really easy:
ssh-copy-id user@remotehost
OS X seems to lack this, so the quick one liner I have is:
cat ~/.ssh/id_dsa.pub | ssh username@myslicehostserver.com “cat - » ~/.ssh/authorized_keys”
These are the most frequent ssh commands that I’ve “discovered.” What’s your favorite thing to do with ssh that I’ve missed?

Thanks to Lann and Shivaram for helping me come up with this list

Update: some people have contributed some great ssh tips on Hacker News

g33kadmin

I am a g33k, Linux blogger, developer, student and Tech Writer for Liquidweb.com/kb. My passion for all things tech drives my hunt for all the coolz. I often need a vacation after I get back from vacation....