Aliases

by editing ~/.ssh/config, you can make SSH aliases very simply:

Host shortname
        HostName        longname.domain.tld
        Port            22
        User            username

typing “ssh shortname” will be the same as “ssh username@longname.domain.tld” (even if shortname is not defined in the DNS nor in the /etc/hosts file)

Bounce hosts

Here we use a publicaly available IP host to reach a private host, using a single command. For this to work you have to add something like that in ~/.ssh/config:

Host hostname
        ProxyCommand    ssh username@longname.domain.tld nc distant_private_ip_adress 22
        User            username

“ssh hostname” connects to the distantprivateip_adress adress server using the public longname.domain.tld host. Of course netcat must be installed on the public server.

Tunnels

We can map distant ports on localhost local ports, using a bounce host:

ssh -L 8080:server_to_forward_ports_of:80 server_to_connect_to

once connected to servertoconnectto, localhost:8080 would be the same as servertoforwardports_of:80.

SOCKS proxies

ssh -D 8080 server_to_connect_to

once connected to servertoconnect_to, use localhost:8080 as the (SOCKS v4) proxy server in your favorite browser.

Using a local proxy to enable internet access on a remote host

  • install some proxy software (i.e., Squid)
    • connect to the server, and map a port to the proxy's one:
ssh -R8181:localhost:3128 server_to_connect_to
  • once connected, enter:
export http_proxy=http://127.0.0.1:8181
  • surf

Run a command on login

Commands in /etc/ssh/sshrc are executed by ssh when the user logs in, just before the user's shell (or command) is started. It's commonly used to send alerts using mail:

#!/bin/sh
# source: http://blog.uggy.org/post/2009/06/05/Execution-de-commande-lors-d-une-connexion-SSH
DATE=`date "+%d.%m.%Y--%Hh%Mm"`
IP=`echo $SSH_CONNECTION | awk '{print $1}'`
REVERSE=`dig -x $IP +short`
HOSTNAME=`hostname`

echo "Connexion de $USER sur $HOSTNAME
IP: $IP
ReverseDNS: $REVERSE
Date: $DATE

" | mail -s "Connexion de $USER sur $HOSTNAME" me@mail.com

Multiplexing

If you make several connections to the same server, you can speed up every connection after the first one by enabling multiplexing.

  • create the directory where connections' data will be stored:
$ mkdir -p ~/.ssh/connections
$ chmod 700 ~/.ssh/connections
  • Enable multiplexing for every hosts in .ssh/config:
Host *
ControlMaster auto
ControlPath ~/.ssh/connections/%r_%h_%p

Warning: This will not work with tunneled protocols or forwarded ports (See http://www.symkat.com/ssh-tips-and-tricks-you-need).