SSH service
starts ssh service:
$ (sudo) service ssh start
checks ssh service status:
$ (sudo) service ssh status
stops ssh service
$ (sudo) service ssh stop
restarts ssh service
$ (sudo) service ssh restart
SSH connections
connects to a server (default port 22)
ssh user@server
runs a script on a remote server:
ssh user@server script_to_run
Compresses and downloads from a remote server:
$ ssh user@server "tar cvzf - ~/source" > output.tgz
specifies other ssh key for connection:
$ ssh -i ~/.ssh/specific_ssh_key
SCP (Secure Copy)
copies a file from a remote server to a local machine:
$ scp user@server:/directory/file.ext local_destination
copies a file between two servers:
opies a file from a local machine to a remote server
$ scp local_destination/file.ext user@server:/directory
uses a specific port declared for SHH in sshd_config
$ scp -P port
copies recursive a whole folder
$ scp -r user@server:/directory local_destination/
copies all files from a folder:
$ scp user@server:/directory/* local_destination
copies all files from a server folder to the current folder$ scp user@server:/directory/* .
compresses data on network using gzip:
$ scp -C
prints verbose info about the current transfer:
$ scp -v
SSH keys
generates a new ssh key:
$ ssh-keygen -t rsa -b 4096
sends the key to the server
$ ssh-copy-id user@server
converts ids_rsa into ppk:
$ puttygen current_key -o keyname.ppk
SSH config:
open config file (usual location):
$ sudo nano /etc/ssh/sshd_config
Changes default SSH port (22):
Port 9809
Disables root loginPermit
RootLogin no
Restricts access to specifucusers
AllowUsers user1, user2
Enables login through ssh key
PubkeyAuthentication yes
Disables login through password
PasswordAuthentication no
Disables usage of files .rhosts and .shosts
IgnoreRhosts yes
Disables a less secure type of login:
HostbasedAuthentication no
Number of unauthenticated connections before dropping:
MaxStartups 10:30:100
No. of failed tries before the servers stopsaccepting new tries:
MaxAuthTries 3
Max current ssh sessions:
MaxSessions 1
Disables interactive password authentication:
ChallengeResponseAuthentication no
No empty password allowed
PermitEmptyPasswords no
Disables Rhost authtentication:
RhostsAuthentication no
Disables port forwarding (blocks i.e MySQL Workbench)
AllowTcpForwarding no
X11Forwarding no
Prints much more info about SSH connections
LogLevel VERBOSE
Tunel ssh reverse
ssh adm@10.10.13.1 -L 10022:172.16.200.200:22
Blocks terminal, tunneling with Ctrl-C
ssh adm@10.10.13.1 -L 10022:172.16.200.200:22 -N
In the backgroud ends with kill
ssh adm@10.10.13.1 -L 10022:172.16.200.200:22 -N -f
Creating public tunel
ssh adm@10.10.13.1 -gL 10022:172.16.200.200:22