Slashdot Mirror


Getting the Most Out of SSH

jfruh writes "If you have to administer a *nix computer remotely, you hopefully ditched Telnet for SSH years ago. But you might not know that this tool does a lot more than offer you a secured command line. Here are some tips and tricks that'll help you do everything from detect man-in-the-middle attacks (how are you supposed to know if you should accept a new hosts public key, anyway?) to evading restrictions on Web surfing." What are your own favorite tricks for using SSH?

6 of 284 comments (clear)

  1. Re:Hopefully? by hcs_$reboot · · Score: 4, Interesting

    well I occasionally use 'telnet host 25' to test the smtp port

    --
    Slashdot, fix the reply notifications... You won't get away with it...
  2. Wow by frodo+from+middle+ea · · Score: 5, Interesting
    Wow, ssh tunneling, and a few command line options , and screen, that's your ultimate SSH guide ?
    I am impressed, not!

    How about
    - ssh master connection, for svn+ssh ?
    - ssh agent forwarding
    - opening ssh ports using knocking
    - auto blacklisting with something like sshblack

    I think the above are more advanced options than the ones mentioned in the article, no ?

    --
    for the last time people, I am "frodo from middle eaRTH", not "middle eaST".
  3. Re:InfoWorld at it again by buchner.johannes · · Score: 5, Interesting

    My favorite trick is
    1) have a server on the internet, let someone ssh -R their port 22 there
    2) connect to that server too with ssh -L putting their port 22 on the local port 8022
    3) Now you have a peer-to-peer ssh (with -Y), and you can run graphical applications remotely.

    --
    NB: The message above might reflect my opinion right now, but not necessarily tomorrow or next year.
  4. Re:Hopefully? by CubicleZombie · · Score: 5, Interesting

    I've worked in organizations where, because you can tunnel over SSH, it was banned and blocked over the network. Everything had to be done with Telnet instead. I'm not joking. That is probably what started my loathing of net admins.

    --
    :wq
  5. My fav by Anonymous Coward · · Score: 4, Interesting

    Rather than more complaining, I thought I'd say my favorite option. I like using the ~/.ssh/config file and the use of a master connection. In mine, I have:

    host *
      controlmaster auth
      controlpath ~/.ssh/ssh-%r@%h:%p
      controlpersist yes

    This creates a master socket on my client. When I first connect, I need to use my passphrase. But when I exit, the SSH tunnel stays up. Futher connections via SSH and sftp and scp use this connection, multiplexed. So no more asking from my passphrase. When I'm finished for the day, I close down the connection with

    ssh -O exit host

    replacing "host"

  6. Re:InfoWorld at it again by nschubach · · Score: 5, Interesting

    In my opinion, I think it might be a better idea to kill the errant job if the controller/user gets disconnected than to continue with a job that may need a followup command that may never come, possibly leaving the server in an unusable state. So you have a choice of trusting the user or having the user say explicitly, "trust me, this is what I want to happen (screen/nohup)... even if I get disconnected."

    --
    Every time I start to have faith in humanity, I ruin it by driving to work between 7 and 8 am.