Abstract: The article describes the advanced features of OpenSSH, which allow you to greatly simplify the life of system administrators and programmers who are not afraid of the shell. Unlike most manuals, which do not describe anything except the keys and the -L / D / R options, I tried to collect all the interesting features and conveniences that ssh carries with them.
Warning: the post is very voluminous, but for ease of use, I decided not to cut it apart.
Table of contents:
copying files via ssh
Forwarding I / O streams
Mounting a remote FS via ssh
Remote code execution
Aliases and options for connections in .ssh / config
Forwarding the X server
ssh as socks proxy
Port fowarding – forward and reverse
Reverse Sox Proxy
tunneling L2 / L3 traffic
Forwarding authorization agent
Ssh tunneling through ssh through untrusted server (you most likely do not know this)
Theory in a few words: ssh can log in not by password, but by key. The key consists of an open and closed part. Open is placed in the user’s home directory, “who” go to the server, closed – in the user’s home directory, which goes to a remote server. Halves are compared (I’m exaggerating) and if everything is ok, they let it go. Important: not only the client on the server is authorized, but also the server in relation to the client (that is, the server has its own key). The main feature of the key in comparison with the password is that it cannot be “stolen” by hacking the server – the key is not transferred from the client to the server, and during authorization the client proves to the server that he owns the key (the same cryptographic magic).
You can generate your key using the ssh-keygen command. If you do not set the parameters, then it will save everything as it should.
The key can be locked with a password. This password (in regular graphical interfaces) is asked once and saved for a while. If the password is empty, it will not be asked for use. Recover a forgotten password is impossible.
Yo can change the password to the key using the ssh-keygen -p command.