Secure Shell (SSH)
scp — Copy files over ssh
sshfs
— Mount remote file system
screen — Run commands safely in remote session
Configuration
Create SSH aliases in ~/.ssh/config
Host *
ServerAliveInterval 60
ServerAliveCountMax 5
AddKeysToAgent yes
## GENERAL
Host gitlab.com
HostName gitlab.com
User git
IdentitiesOnly yes
IdentityFile ~/.ssh/id_rsa
UpdateHostKeys no
Host homelab*
PreferredAuthentications=publickey
IdentitiesOnly yes
IdentityFile ~/.ssh/id_rsa-homelab
Host homelab.nas
HostName *****
Port 5002
User fabian
...
SSH Keys
File permission
.ssh 700 (drwx------)
public key (.pub) 644 ( -rw-r--r-- )
private key (id_rsa) 600 ( -rw------- )
# required permissions
chmod 755 ~
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
chmod 600 ~/.ssh/id_rsa
chmod 644 ~/.ssh/id_rsa.pub
Create SSH key
ssh-keygen -t rsa -b 4096 -N '' -C "user@host"
Create public key from private key
ssh-keygen -y -f < PRIVATE-KE Y > > xxx.pub
Copy public SSH key to server
ssh-copy-id -i ~/.ssh/id_rsa-maintainer.pub -p 22023 -o PubkeyAuthentication=no unfa@10.0.0.130
ssh -p 22023 -vvv unfa@10.0.0.130 -o IdentitiesOnly=yes -i ~/.ssh/id_rsa-maintainer.pub
Launch local script remotely in screen session
# launch in background
ssh -t server screen -S backup -dm backup-nas.sh
# attach session
ssh -t server screen -r backup
SSH Forwarding
Local Port Forwarding
# forward the local port to the server on remote port
ssh -p " $PORT " " $USER "@" $HOST " -L " $LocalPort ":localhost:" $RemotePort "
Remote Port Forwarding
# forward requests on remote port to $SERVER:$ServerPort
ssh -p " $PORT " " $USER "@" $HOST " -R " $LocalPort ": $SERVER :" $ServerPort "
# forward requests on remote port to local port 2222
ssh -p " $PORT " " $USER "@" $HOST " -R " $LocalPort ":localhost:2222
Advanced
Reverse SOCKS Proxy
two networks: home & company network
home network allows inbound connections
setup up ssh jump box in home network
we want to setup ssh socks tunnel from jump box to company network
but because we cannot to company network from outside, we create a connection from within to the jump box
then we use remote port-forwarding to connect the jump box back to the company network
when we setup the socks tunnel, we specify a local proxy port and our remote forwarded port
configure jump box as socks proxy on client and browse the web through the eyes of the company network
# from within company box
PROXY_PORT = 8888
REMOTE_PORT = 5555
ssh jump@home -t \ # connect to jump box from withing company
-R $REMOTE_PORT :localhost:22 \ # forward some remote port from jump box to localhost
"ssh -vND $PROXY_PORT localhost -p $REMOTE_PORT " # setup socks proxy on jump box to forwarded port