Ssh
ssh, or more specifically OpenSSH is a secure replacement for telnet, rsh, rexec, rcp and more. It even does tunneling (also called port forwarding)!.
Keypair generation
Besides regular password authentication, SSH can use public/private keypairs for authentication. To generate a new keypair run this command:
ssh-keygen
Keychain & Pageant
A great way to leverage keypair functionality is to combine it with keychain or pageant (for putty users). These two applications let you load your private key into an ssh-agent (after providing the passphrase) and thereafter, the agent handles the authentication so you won't be prompted for your passphrase over and over when logging into different hosts.
SSH Tunnels - Local and Remote
One of my favorite uses of SSH is port forwarding (or tunneling). This features makes local TCP ports available remotely, and remote TCP ports available locally. For instance, this is a command I use often to make my CVS repository on host franco available at port 12345 on dango.
ssh -R 12345:franco:22 dango
The same setup can be configured in .ssh/config or the system-wide /etc/ssh/ssh_config like so.
Host dango
RemoteForward 12345 franco:22
Once the connection has been established to dango, I can use this configuration to enable access to cvs...
Host cvs
Hostname localhost
Port 12345
HostKeyAlias cvs
The example above is remote port forwarding. It is possible to do a local port forwarding. For example, to enable "direct" access to an otherwise locally-inaccessible host called remotehost1.
Host gatewayhost
LocalForward 12345 remotehost1:22
HostKeyAlias gatewayhost
Host remotehost1
Port 12345
Hostname localhost
HostKeyAlias remotehost1
Thereafter, ssh remotehost1 should just work anytime the connection to gatewayhost is open.
Note1: might have to make sure AllowTcpForwarding is not disallowed (i.e. not No) in /etc/ssh/ssh_config. The default is yes.
Note2: Don't expect this to work if remotehost1 does not resolve from the local system. Use IP addresses if necessary.
SSH Proxy
Even cooler than the tunneling described above is a proxy setup. This allows you to ssh directly to hosts that are behind another.
Host *.example.com
ProxyCommand ssh examplegw exec 'nc %h %p' 2>/dev/null
Host examplegw
Hostname proxyhost.example.com
HostKeyAlias examplegw
Others useful commands
List SSH keys in memory
This shows the size and fingerprint of any keys loaded into memory.
ssh-add -l
2048 91:4f:37:d0:f2:43:ba:68:70:57:b2:46:3f:23:ee:8a (RSA)
List SSH key fingerprint
This is useful to corroborate against the command above.
ssh-keygen -l -f .ssh/id_rsa
2048 91:4f:37:d0:f2:43:ba:68:70:57:b2:46:3f:23:ee:8a .ssh/id_rsa.pub
ssh-agent
This is the snippet I use in .bashrc so that I get my ssh key loaded once and remembered for future bash sessions/shells. From http://mah.everybody.org/docs/ssh
function start\_agent {
echo "Initialising new SSH agent..."
/usr/bin/ssh-agent > "${SSH_ENV}"
echo succeeded
chmod 600 "${SSH_ENV}"
. "${SSH_ENV}" > /dev/null
/usr/bin/ssh-add;
}
# Source SSH settings, if applicable
if [ -f "${SSH_ENV}" ]; then
. "${SSH_ENV}" > /dev/null
ps -ef | grep ${SSH_AGENT_PID} | grep ssh-agent$ > /dev/null || {
start_agent;
}
else
start_agent;
fi