Table of Contents
Aliases
by editing ~/.ssh/config, you can make SSH aliases very simply:
Host shortname HostName longname.domain.tld Port 22 User username
typing “ssh shortname” will be the same as “ssh username@longname.domain.tld” (even if shortname is not defined in the DNS nor in the /etc/hosts file)
Bounce hosts
Here we use a publicaly available IP host to reach a private host, using a single command. For this to work you have to add something like that in ~/.ssh/config:
Host hostname
ProxyCommand ssh username@longname.domain.tld nc distant_private_ip_adress 22
User username
“ssh hostname” connects to the distantprivateip_adress adress server using the public longname.domain.tld host. Of course netcat must be installed on the public server.
Tunnels
We can map distant ports on localhost local ports, using a bounce host:
ssh -L 8080:server_to_forward_ports_of:80 server_to_connect_to
once connected to servertoconnectto, localhost:8080 would be the same as servertoforwardports_of:80.
SOCKS proxies
ssh -D 8080 server_to_connect_to
once connected to servertoconnect_to, use localhost:8080 as the (SOCKS v4) proxy server in your favorite browser.
Using a local proxy to enable internet access on a remote host
- install some proxy software (i.e., Squid)
- connect to the server, and map a port to the proxy's one:
ssh -R8181:localhost:3128 server_to_connect_to
- once connected, enter:
export http_proxy=http://127.0.0.1:8181
- surf
Run a command on login
Commands in /etc/ssh/sshrc are executed by ssh when the user logs in, just before the user's shell (or command) is started. It's commonly used to send alerts using mail:
#!/bin/sh # source: http://blog.uggy.org/post/2009/06/05/Execution-de-commande-lors-d-une-connexion-SSH DATE=`date "+%d.%m.%Y--%Hh%Mm"` IP=`echo $SSH_CONNECTION | awk '{print $1}'` REVERSE=`dig -x $IP +short` HOSTNAME=`hostname` echo "Connexion de $USER sur $HOSTNAME IP: $IP ReverseDNS: $REVERSE Date: $DATE " | mail -s "Connexion de $USER sur $HOSTNAME" me@mail.com
Multiplexing
If you make several connections to the same server, you can speed up every connection after the first one by enabling multiplexing.
- create the directory where connections' data will be stored:
$ mkdir -p ~/.ssh/connections $ chmod 700 ~/.ssh/connections
- Enable multiplexing for every hosts in .ssh/config:
Host * ControlMaster auto ControlPath ~/.ssh/connections/%r_%h_%p
Warning: This will not work with tunneled protocols or forwarded ports (See http://www.symkat.com/ssh-tips-and-tricks-you-need).