last modified: | 2 min read #ssh #tools

SSH is way more than a protocol for getting a shell on remote hosts. It is one of the most powerful tools in a developers toolbox.

Handeling keys

Run ssh-keygen to create a SSH keypair:

$ ssh-keygen -t ed25519 -C <your-email>

Option -t ed25519 specifies the type of key being used. Compared to the still popular RSA type, ed25519 brings a couple of improvements:

  • it’s faster
  • it’s more secure
  • keys are significantly smaller

RSA fallback key

Since ed25519 is relatively pretty new (supported since OpenSSH 6.5 - January 2014). It is possible that ed25519-keys are not supported. (AWS only fully supported them in 2021 - source)

For this purpose you can generate a classic RSA-key:

$ ssh-keygen -t rsa -b 4096 -C <your-email>

Copy your public key

I still see people manualy copying SSH-keys to remote hosts. You can do it easily with the following command:

$ ssh-copy-id <user>@<host>

Create a Tunnel

Forward a port from remote server locally:

$ ssh -L <local-port>:localhost:<remote-port> -N -f user@remote

We can forward it for other hosts in our local network like this:

$ ssh -L<local-port>:localhost:<remote-port> user@remote

Mount remote folder over SSH with SSHFS

Mounting folder on a remote host can be done using sshfs.

$ sshfs user@host:/media/data ~/data/

Setup a SOCKS Proxy using SSH

With a SOCKS proxy, you can gain access to any system that the remote server can reach. With pretty much any appplication. You can set it up with this simple command:

$ ssh -D 8888 user@remote

Or create a SOCKS proxy that can be used by other devices in your network:

$ ssh -D user@remote

SSH X11 Forwarding

You can access GUI applications on a remote server through SSH. Both client and server need to have X11 installed though.

$ ssh -X user@remote emacs

Edit files remotely using Vim

$ vim scp://user@remote//etc/doas.conf

Note the double // is used to reference the absolute path. A single / will have a relative path from the users $HOME

Hop around using jump hosts

Work around network segmentation using jump hosts.

ssh -J host1,host2 user@private-host-3