ssh command

SSH Command: how to use it best

Posted on Posted in System administrator

We assume you know what it is and how to use the SSH command to normally connect to a server.

Initial definitions

Suppose we have a server “myserver>/em>” where we can connect with user “myuser

ssh myuser@myserver

SSH Command and Private key

If we have not yet created our ssh public/private keys, I would say that it’s time to do so via the command

ssh-keygen

The generated keys are under $HOME/.ssh/id* and the public ends with .pub

At this point, the ssh client will attempt to connect first with public key and if it is not possible, it will use the next available authentication.

To copy the key to the server “myserver” you must first add the public key to the ssh authentication agent (ssh-agent).

Suppose the agent has been automatically activated by the graphics session(gnome or kde do it automatically), we check that it is active with the command

pgrep ssh-agent

If not, we use a shell that encloses it with the command:

ssh-agent /bin/bash

At this point we add, unlocking, the ssh key

ssh-add

To import the key on the host “myserver” we use the command

ssh-copy-id myuser@myserver

Private password change

Suppose you want to change the private key password at some point. Just the simple command

ssh-keygen -p

How to launch a remote ssh command

To launch a remote command just pass it as the last parameter to the ssh command.

For example, suppose you want the file list on the home page

ssh myuser@myserver ls -alh

However, to back up the entire home with the tar command and save it all locally via the ssh command, let’s launch

ssh myuser@myserver tar czvf - . >mybackup.tgz

Use ssh as SOCKS5 server/proxy

Suppose you want to use “myserver” as a server/proxy socks5 and configure it on the local browser

ssh mioutente@mioserver
myuser@myserver:~$ ssh -N -D 8080 localhost

At this point, just configure the browser to use the server as SOCK5 on the local 8080 port and navigate
Add ssh option “-f” to leave the command in the background.

How to redirect a remote connection locally via ssh

Suppose the host “myserver” is allowed to log on to a DMZ to the server farm’s mysql server.
In order to access the mysql server with the local computer, we can launch the command

ssh -L 3333:mysql_server_name_o_ip:3306 myuser@myserver

Leaving the active command, now have an encrypted tunnel between the local computer and “myserver” on the local port 3333 which connects directly to the mysql server in DMZ.

We can then connect directly to the mysql server with the command

mysql -P 3333 -h 127.0.0.1 -u myusermysql -p mydatabasemysql

Or if you prefer to use phpMyAdmin just install it locally and configure it on local port 3333.

To remove the encrypted channel just close the ssh connection.

Redirect a local service remotely

Suppose we want to connect from home to the office PC (which can access the server myserver in server farm) that can not be accessed even via VPN. To do this, enough, from the office PC we launch the ssh command:

ssh -N -f -R 2222:localhost:22 miyuser@myserver

Let’s leave it on (without turning off the computer).
From home just enable VPN to reach “myserver

ssh myuser@myserver
myuser@myserver:~$ ssh -P 2222 user_work_pc@localhost
user_work_pc@localhost:~$

In this way, you can enter to the office PC from home.

Leave a Reply

Your email address will not be published. Required fields are marked *