Posted on
Spread the love

Abstract: The article describes the advanced features of OpenSSH, which allow you to greatly simplify the life of system administrators and programmers who are not afraid of the shell. Unlike most manuals, which do not describe anything except the keys and the -L / D / R options, I tried to collect all the interesting features and conveniences that ssh carries with them.

Warning: the post is very voluminous, but for ease of use, I decided not to cut it apart.

Table of contents:

key management

copying files via ssh

Forwarding I / O streams

Mounting a remote FS via ssh

Remote code execution

Aliases and options for connections in .ssh / config

Default options

Forwarding the X server

ssh as socks proxy

Port fowarding – forward and reverse

Reverse Sox Proxy

tunneling L2 / L3 traffic

Forwarding authorization agent

Ssh tunneling through ssh through untrusted server (you most likely do not know this)

Key management

Theory in a few words: ssh can log in not by password, but by key. The key consists of an open and closed part. Open is placed in the user’s home directory, “who” go to the server, closed – in the user’s home directory, which goes to a remote server. Halves are compared (I’m exaggerating) and if everything is ok, they let it go. Important: not only the client on the server is authorized, but also the server in relation to the client (that is, the server has its own key). The main feature of the key in comparison with the password is that it cannot be “stolen” by hacking the server – the key is not transferred from the client to the server, and during authorization the client proves to the server that he owns the key (the same cryptographic magic).

Key generation

You can generate your key using the ssh-keygen command. If you do not set the parameters, then it will save everything as it should.

The key can be locked with a password. This password (in regular graphical interfaces) is asked once and saved for a while. If the password is empty, it will not be asked for use. Recover a forgotten password is impossible.

Yo can change the password to the key using the ssh-keygen -p command.