SSH(1)
last modified: | 2 min read #ssh #toolsSSH is way more than a protocol for getting a shell on remote hosts. It is one of the most powerful tools in a developers toolbox.
Handeling keys
Run ssh-keygen to create a SSH keypair:
$ ssh-keygen -t ed25519 -C <your-email>
Option -t ed25519 specifies the type of key being used. Compared to the still
popular RSA type, ed25519 brings a couple of improvements:
- it’s faster
- it’s more secure
- keys are significantly smaller
RSA fallback key
Since ed25519 is relatively pretty new (supported since OpenSSH 6.5 - January 2014). It is possible that ed25519-keys are not supported. (AWS only fully supported them in 2021 - source)
For this purpose you can generate a classic RSA-key:
$ ssh-keygen -t rsa -b 4096 -C <your-email>
Copy your public key
I still see people manualy copying SSH-keys to remote hosts. You can do it easily with the following command:
$ ssh-copy-id <user>@<host>
Create a Tunnel
Forward a port from remote server locally:
$ ssh -L <local-port>:localhost:<remote-port> -N -f user@remote
We can forward it for other hosts in our local network like this:
$ ssh -L 0.0.0.0:<local-port>:localhost:<remote-port> user@remote
Mount remote folder over SSH with SSHFS
Mounting folder on a remote host can be done using sshfs.
$ sshfs user@host:/media/data ~/data/
Setup a SOCKS Proxy using SSH
With a SOCKS proxy, you can gain access to any system that the remote server can reach. With pretty much any appplication. You can set it up with this simple command:
$ ssh -D 8888 user@remote
Or create a SOCKS proxy that can be used by other devices in your network:
$ ssh -D 0.0.0.0:8888 user@remote
SSH X11 Forwarding
You can access GUI applications on a remote server through SSH. Both client and
server need to have X11 installed though.
$ ssh -X user@remote emacs
Edit files remotely using Vim
$ vim scp://user@remote//etc/doas.conf
Note the double
//is used to reference the absolute path. A single/will have a relative path from the users$HOME
Hop around using jump hosts
Work around network segmentation using jump hosts.
ssh -J host1,host2 user@private-host-3