{"id":494,"date":"2012-07-05T11:34:33","date_gmt":"2012-07-05T03:34:33","guid":{"rendered":"http:\/\/rmohan.com\/?p=494"},"modified":"2012-07-05T11:34:33","modified_gmt":"2012-07-05T03:34:33","slug":"best-ssh-commands-tricks","status":"publish","type":"post","link":"https:\/\/mohan.sg\/?p=494","title":{"rendered":"Best SSH Commands \/ Tricks"},"content":{"rendered":"

\u00a0Best SSH Commands \/ Tricks<\/strong><\/p>\n

 <\/p>\n

OpenSSH is a FREE version of the SSH <\/a>connectivity tools that technical users of the Internet rely on. Users of telnet, rlogin, and ftp may not realize that their <\/a>password is transmitted across the Internet unencrypted, but it is. OpenSSH encrypts all traffic (including passwords) to effectively eliminate eavesdropping, <\/a>connection hijacking, and other attacks. The encryption that OpenSSH provides has been strong enough to earn the trust of Trend Micro and other providers of cloud computing.Additionally, OpenSSH provides secure tunneling capabilities and several authentication methods, and supports all SSH protocol versions.<\/p>\n

1) Copy ssh keys to user@host to enable password-less ssh logins.<\/p>\n

ssh-copy-id user@host<\/p>\n

To generate the keys use the command ssh-keygen<\/p>\n

2) Start a tunnel from some machine\u2019s port 80 to your local post 2001<\/p>\n

ssh -N -L2001:localhost:80 somemachine<\/p>\n

Now you can acces the website by going to http:\/\/localhost:2001\/<\/p>\n

3) Output your microphone to a remote computer\u2019s speaker<\/p>\n

dd if=\/dev\/dsp | ssh -c arcfour -C username@host dd of=\/dev\/dsp<\/p>\n

This will output the sound from your microphone port to the ssh target computer\u2019s speaker port. The sound quality is very bad, so you will hear a lot of hissing.<\/p>\n

4) Compare a remote file with a local file<\/p>\n

ssh user@host cat \/path\/to\/remotefile | diff \/path\/to\/localfile –<\/p>\n

Useful for checking if there are differences between local and remote files.<\/p>\n

5) Mount folder\/filesystem through SSH<\/p>\n

sshfs name@server:\/path\/to\/folder \/path\/to\/mount\/point<\/p>\n

<\/a>Install SSHFS from http:\/\/fuse.sourceforge.net\/sshfs.html
\nWill allow you to mount a folder security over a network.<\/p>\n

6) SSH connection through host in the middle<\/p>\n

ssh -t reachable_host ssh unreachable_host<\/p>\n

Unreachable_host is unavailable from local network, but it\u2019s available from reachable_host\u2019s network. This command creates a connection to unreachable_host through \u201chidden\u201d connection to reachable_host.<\/p>\n

7) Copy from host1 to host2, through your host
\nssh root@host1 \u201ccd \/somedir\/tocopy\/ && tar -cf \u2013 .\u201d | ssh root@host2 \u201ccd \/samedir\/tocopyto\/ && tar -xf -\u201d<\/p>\n

Good if only you have access to host1 and host2, but they have no access to your host (so ncat won\u2019t work) and they have no direct access to each other.<\/p>\n

8) Run any GUI program remotely<\/p>\n

ssh -fX @<\/p>\n

The SSH server configuration requires:<\/p>\n

X11Forwarding yes # this is default in Debian<\/p>\n

And it\u2019s convenient too:<\/p>\n

Compression delayed<\/p>\n

9) Create a persistent connection to a machine<\/p>\n

ssh -MNf @<\/p>\n

Create a persistent SSH connection to the host in the background. Combine this with <\/a>settings in your ~\/.ssh\/config:
\nHost host
\nControlPath ~\/.ssh\/master-%r@%h:%p
\nControlMaster no
\nAll the SSH <\/a>connections to the machine will then go through the persisten SSH socket. This is very useful if you are using SSH to synchronize files (using rsync\/sftp\/cvs\/svn) on a regular basis because it won\u2019t create a new socket each time to open an ssh connection.<\/p>\n

10) Attach screen over ssh<\/p>\n

ssh -t remote_host screen -r<\/p>\n

Directly attach a remote screen session (saves a useless parent bash process)<\/p>\n

11) Port Knocking!<\/p>\n

knock 3000 4000 5000 && ssh -p user@host && knock 5000 4000 3000<\/p>\n

Knock on ports to open a port to a service (ssh for example) and knock again to close the port. You have to <\/a>install knockd.
\nSee example config file below.
\n[options]
\nlogfile = \/var\/log\/knockd.log
\n[openSSH]
\nsequence = 3000,4000,5000
\nseq_timeout = 5
\ncommand = \/sbin\/iptables -A INPUT -i eth0 -s %IP% -p tcp \u2013dport 22 -j ACCEPT
\ntcpflags = syn
\n[closeSSH]
\nsequence = 5000,4000,3000
\nseq_timeout = 5
\ncommand = \/sbin\/iptables -D INPUT -i eth0 -s %IP% -p tcp \u2013dport 22 -j ACCEPT
\ntcpflags = syn<\/p>\n

12) Remove a line in a text file. Useful to fix<\/p>\n

ssh-keygen -R<\/p>\n

In this case it\u2019s better do to use the dedicated tool<\/p>\n

13) Run complex remote shell cmds over ssh, without escaping quotes<\/p>\n

ssh host -l user $(<\/p>\n

Much simpler method. More portable version: ssh host -l user \u201ccat cmd.txt<\/code>\u201d<\/p>\n

14) Copy a MySQL Database to a new Server via SSH with one command<\/p>\n

mysqldump \u2013add-drop-table \u2013extended-insert \u2013force \u2013log-error=error.log -uUSER -pPASS OLD_DB_NAME | ssh -C user@newhost \u201cmysql -uUSER -pPASS NEW_DB_NAME\u201d<\/p>\n

Dumps a MySQL database over a compressed SSH tunnel and uses it as input to mysql \u2013 i think that is the fastest and best way to migrate a DB to a new server!<\/p>\n

15) Remove a line in a text file. Useful to fix \u201cssh host key change\u201d warnings<\/p>\n

sed -i 8d ~\/.ssh\/known_hosts<\/p>\n

16) Copy your ssh public key to a server from a machine that doesn\u2019t have ssh-copy-id<\/p>\n

cat ~\/.ssh\/id_rsa.pub | ssh user@machine \u201cmkdir ~\/.ssh; cat >> ~\/.ssh\/authorized_keys\u201d<\/p>\n

If you use Mac OS X or some other *nix variant that doesn\u2019t come with ssh-copy-id, this one-liner will allow you to add your public key to a remote machine so you can subsequently ssh to that machine without a password.<\/p>\n

17) Live ssh network throughput test<\/p>\n

yes | pv | ssh $host \u201ccat > \/dev\/null\u201d<\/p>\n

connects to host via ssh and displays the live transfer speed, directing all transferred data to \/dev\/null
\nneeds pv <\/a>installed
\nDebian: \u2018apt-get install pv\u2019
\nFedora: \u2018yum install pv\u2019 (may need the \u2018extras\u2019 repository enabled)<\/p>\n

18) How to establish a remote Gnu screen session that you can re-connect to<\/p>\n

ssh -t user@some.domain.com \/usr\/bin\/screen -xRR<\/p>\n

Long before tabbed terminals existed, people have been using Gnu screen to open many shells in a single text terminal. Combined with ssh, it gives you the ability to have many open shells with a single remote connection using the above options. If you detach with \u201cCtrl-a d\u201d or if the ssh session is accidentally terminated, all processes running in your remote shells remain undisturbed, ready for you to reconnect. Other useful screen commands are \u201cCtrl-a c\u201d (open new shell) and \u201cCtrl-a a\u201d (alternate between shells). Read this quick reference for more screen commands: http:\/\/aperiodic.net\/screen\/quick_reference<\/p>\n

19) Resume scp of a big file<\/p>\n

rsync \u2013partial \u2013progress \u2013rsh=ssh $file_source $user@$host:$destination_file<\/p>\n

It can resume a failed secure copy ( usefull when you transfer big files like db dumps through vpn ) using rsync.
\nIt requires rsync installed in both hosts.
\nrsync \u2013partial \u2013progress \u2013rsh=ssh $file_source $user@$host:$destination_file local -> remote
\nor
\nrsync \u2013partial \u2013progress \u2013rsh=ssh $user@$host:$remote_file $destination_file remote -> local<\/p>\n

20) Analyze traffic remotely over ssh w\/ wireshark<\/p>\n

ssh root@server.com \u2018tshark -f \u201cport !22? -w -\u2019 | wireshark -k -i –<\/p>\n

This captures traffic on a remote machine with tshark, sends the raw pcap data over the ssh link, and displays it in wireshark. Hitting ctrl+C will stop the capture and unfortunately close your wireshark window. This can be worked-around by passing -c # to tshark to only capture a certain # of packets, or redirecting the data through a named pipe rather than piping directly from ssh to wireshark. I recommend filtering as much as you can in the tshark command to conserve bandwidth. tshark can be replaced with tcpdump thusly:
\nssh root@example.com tcpdump -w \u2013 \u2018port !22? | wireshark -k -i –<\/p>\n

21) Have an ssh session open forever<\/p>\n

autossh -M50000 -t server.example.com \u2018screen -raAd mysession\u2019<\/p>\n

Open a ssh session opened forever, great on laptops losing Internet connectivity when switching WIFI spots.<\/p>\n

22) Harder, Faster, Stronger SSH clients<\/p>\n

ssh -4 -C -c blowfish-cbc<\/p>\n

We force IPv4, compress the stream, specify the cypher stream to be Blowfish. I suppose you could use aes256-ctr as well for cypher spec. I\u2019m of course leaving out things like master control sessions and such as that may not be available on your shell although that would speed things up as well.<\/p>\n

23) Throttle bandwidth with cstream<\/p>\n

tar -cj \/backup | cstream -t 777k | ssh host \u2018tar -xj -C \/backup\u2019<\/p>\n

this bzips a folder and transfers it over the network to \u201chost\u201d at 777k bit\/s.
\ncstream can do a lot more, have a look http:\/\/www.cons.org\/cracauer\/cstream.html#usage
\nfor example:
\necho w00t, i\u2019m 733+ | cstream -b1 -t2<\/p>\n

24) Transfer SSH public key to another machine in one step<\/p>\n

ssh-keygen; ssh-copy-id user@host; ssh user@host<\/p>\n

This command sequence allows simple setup of (gasp!) password-less SSH logins. Be careful, as if you already have an SSH keypair in your ~\/.ssh directory on the local machine, there is a possibility ssh-keygen may overwrite them. ssh-copy-id copies the public key to the remote host and appends it to the remote account\u2019s ~\/.ssh\/authorized_keys file. When trying ssh, if you used no passphrase for your key, the remote shell appears soon after invoking ssh user@host.<\/p>\n

25) Copy stdin to your X11 buffer<\/p>\n

ssh user@host cat \/path\/to\/some\/file | xclip<\/p>\n

Have you ever had to scp a file to your work machine in order to copy its contents to a mail? xclip can help you with that. It copies its stdin to the X11 buffer, so all you have to do is middle-click to paste the content of that looong file \":)\"<\/p>\n

Have Fun<\/p>\n

Please comment if you have any other good SSH Commands OR Tricks.<\/p>\n","protected":false},"excerpt":{"rendered":"

Best SSH Commands \/ Tricks<\/p>\n

 <\/p>\n

OpenSSH is a FREE version of the SSH connectivity tools that technical users of the Internet rely on. Users of telnet, rlogin, and ftp may not realize that their password is transmitted across the Internet unencrypted, but it is. OpenSSH encrypts all traffic (including passwords) to effectively eliminate […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9],"tags":[],"_links":{"self":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/494"}],"collection":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=494"}],"version-history":[{"count":2,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/494\/revisions"}],"predecessor-version":[{"id":496,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/494\/revisions\/496"}],"wp:attachment":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=494"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=494"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=494"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}