OpenSSH is a FREE version of the SSH connectivity tools that technical users of the Internet rely on. Users of telnet, rlogin, and ftp may not realize that their password is transmitted across the Internet unencrypted, but it is. OpenSSH encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other attacks. The encryption that OpenSSH provides has been strong enough to earn the trust of Trend Micro and other providers of cloud computing.Additionally, OpenSSH provides secure tunneling capabilities and several authentication methods, and supports all SSH protocol versions.
SSH is an awesome powerful tool, there are unlimited possibility when it comes to SSH, heres the top Voted SSH commands
1) Copy ssh keys to user@host to enable password-less ssh logins.
ssh-copy-id user@host
To generate the keys use the command ssh-keygen
2) Start a tunnel from some machine’s port 80 to your local post 2001
ssh -N -L2001:localhost:80 somemachine
Now you can acces the website by going to http://localhost:2001/
3) Output your microphone to a remote computer’s speaker
dd if=/dev/dsp | ssh -c arcfour -C username@host dd of=/dev/dsp
This will output the sound from your microphone port to the ssh target computer’s speaker port. The sound quality is very bad, so you will hear a lot of hissing.
4) Compare a remote file with a local file
ssh user@host cat /path/to/remotefile | diff /path/to/localfile –
Useful for checking if there are differences between local and remote files.
5) Mount folder/filesystem through SSH
sshfs name@server:/path/to/folder /path/to/mount/point
Install SSHFS from http://fuse.sourceforge.net/sshfs.html
Will allow you to mount a folder security over a network.
6) SSH connection through host in the middle
ssh -t reachable_host ssh unreachable_host
Unreachable_host is unavailable from local network, but it’s available from reachable_host’s network. This command creates a connection to unreachable_host through “hidden” connection to reachable_host.
7) Copy from host1 to host2, through your host
Good if only you have access to host1 and host2, but they have no access to your host (so ncat won’t work) and they have no direct access to each other.
8) Run any GUI program remotely
The SSH server configuration requires:
X11Forwarding yes # this is default in Debian
And it’s convenient too:
Compression delayed
9) Create a persistent connection to a machine
ssh -MNf <user>@<host>
Create a persistent SSH connection to the host in the background. Combine this with settings in your ~/.ssh/config:
Host host
ControlPath ~/.ssh/master-%r@%h:%p
ControlMaster no
All the SSH connections to the machine will then go through the persisten SSH socket. This is very useful if you are using SSH to synchronize files (using rsync/sftp/cvs/svn) on a regular basis because it won’t create a new socket each time to open an ssh connection.
10) Attach screen over ssh
ssh -t remote_host screen -r
Directly attach a remote screen session (saves a useless parent bash process)
11) Port Knocking!
knock <host> 3000 4000 5000 && ssh -p <port> user@host && knock <host> 5000 4000 3000
Knock on ports to open a port to a service (ssh for example) and knock again to close the port. You have to install knockd.
See example config file below.
[options]
logfile = /var/log/knockd.log
[openSSH]
sequence = 3000,4000,5000
seq_timeout = 5
command = /sbin/iptables -A INPUT -i eth0 -s %IP% -p tcp –dport 22 -j ACCEPT
tcpflags = syn
[closeSSH]
sequence = 5000,4000,3000
seq_timeout = 5
command = /sbin/iptables -D INPUT -i eth0 -s %IP% -p tcp –dport 22 -j ACCEPT
tcpflags = syn
12) Remove a line in a text file. Useful to fix
ssh-keygen -R <the_offending_host>
In this case it’s better do to use the dedicated tool
13) Run complex remote shell cmds over ssh, without escaping quotes
ssh host -l user $(<cmd.txt)
Much simpler method. More portable version: ssh host -l user “`cat cmd.txt`”
14) Copy a MySQL Database to a new Server via SSH with one command
mysqldump –add-drop-table –extended-insert –force –log-error=error.log -uUSER -pPASS OLD_DB_NAME | ssh -C user@newhost “mysql -uUSER -pPASS NEW_DB_NAME”
Dumps a MySQL database over a compressed SSH tunnel and uses it as input to mysql – i think that is the fastest and best way to migrate a DB to a new server!
15) Remove a line in a text file. Useful to fix “ssh host key change” warnings
sed -i 8d ~/.ssh/known_hosts
16) Copy your ssh public key to a server from a machine that doesn’t have ssh-copy-id
cat ~/.ssh/id_rsa.pub | ssh user@machine “mkdir ~/.ssh; cat >> ~/.ssh/authorized_keys”
If you use Mac OS X or some other *nix variant that doesn’t come with ssh-copy-id, this one-liner will allow you to add your public key to a remote machine so you can subsequently ssh to that machine without a password.
17) Live ssh network throughput test
yes | pv | ssh $host “cat > /dev/null”
connects to host via ssh and displays the live transfer speed, directing all transferred data to /dev/null
needs pv installed
Debian: ‘apt-get install pv’
Fedora: ‘yum install pv’ (may need the ‘extras’ repository enabled)
18) How to establish a remote Gnu screen session that you can re-connect to
ssh -t user@some.domain.com /usr/bin/screen -xRR
Long before tabbed terminals existed, people have been using Gnu screen to open many shells in a single text terminal. Combined with ssh, it gives you the ability to have many open shells with a single remote connection using the above options. If you detach with “Ctrl-a d” or if the ssh session is accidentally terminated, all processes running in your remote shells remain undisturbed, ready for you to reconnect. Other useful screen commands are “Ctrl-a c” (open new shell) and “Ctrl-a a” (alternate between shells). Read this quick reference for more screen commands: http://aperiodic.net/screen/quick_reference
19) Resume scp of a big file
rsync –partial –progress –rsh=ssh $file_source $user@$host:$destination_file
It can resume a failed secure copy ( usefull when you transfer big files like db dumps through vpn ) using rsync.
It requires rsync installed in both hosts.
rsync –partial –progress –rsh=ssh $file_source $user@$host:$destination_file local -> remote
or
rsync –partial –progress –rsh=ssh $user@$host:$remote_file $destination_file remote -> local
20) Analyze traffic remotely over ssh w/ wireshark
ssh root@server.com ‘tshark -f “port !22” -w -‘ | wireshark -k -i –
This captures traffic on a remote machine with tshark, sends the raw pcap data over the ssh link, and displays it in wireshark. Hitting ctrl+C will stop the capture and unfortunately close your wireshark window. This can be worked-around by passing -c # to tshark to only capture a certain # of packets, or redirecting the data through a named pipe rather than piping directly from ssh to wireshark. I recommend filtering as much as you can in the tshark command to conserve bandwidth. tshark can be replaced with tcpdump thusly:
ssh root@example.com tcpdump -w – ‘port !22’ | wireshark -k -i –
21) Have an ssh session open forever
autossh -M50000 -t server.example.com ‘screen -raAd mysession’
Open a ssh session opened forever, great on laptops losing Internet connectivity when switching WIFI spots.
22) Harder, Faster, Stronger SSH clients
ssh -4 -C -c blowfish-cbc
We force IPv4, compress the stream, specify the cypher stream to be Blowfish. I suppose you could use aes256-ctr as well for cypher spec. I’m of course leaving out things like master control sessions and such as that may not be available on your shell although that would speed things up as well.
23) Throttle bandwidth with cstream
tar -cj /backup | cstream -t 777k | ssh host ‘tar -xj -C /backup’
this bzips a folder and transfers it over the network to “host” at 777k bit/s.
cstream can do a lot more, have a look http://www.cons.org/cracauer/cstream.html#usage
for example:
echo w00t, i’m 733+ | cstream -b1 -t2
24) Transfer SSH public key to another machine in one step
ssh-keygen; ssh-copy-id user@host; ssh user@host
This command sequence allows simple setup of (gasp!) password-less SSH logins. Be careful, as if you already have an SSH keypair in your ~/.ssh directory on the local machine, there is a possibility ssh-keygen may overwrite them. ssh-copy-id copies the public key to the remote host and appends it to the remote account’s ~/.ssh/authorized_keys file. When trying ssh, if you used no passphrase for your key, the remote shell appears soon after invoking ssh user@host.
25) Copy stdin to your X11 buffer
ssh user@host cat /path/to/some/file | xclip
Have you ever had to scp a file to your work machine in order to copy its contents to a mail? xclip can help you with that. It copies its stdin to the X11 buffer, so all you have to do is middle-click to paste the content of that looong file :)
Have Fun
Please comment if you have any other good SSH Commands OR Tricks.
59 responses to “25 Best SSH Commands / Tricks”
[…] This post was mentioned on Twitter by Jackie and supremedialect, Jackie . Jackie said: 25 Best SSH Commands / Tricks http://t.co/GR5ovcR via @supremedialect […]
Sweet list, the best one is definitely got to be the one where you can listen to the microphone via ssh,
I love this list. I was actually wondering how to copy my ssh keys since my server’s ssh port is not the standard 22. Thank you.
[…] 25 Best SSH Commands / Tricksblog.urfix.com […]
[…] more: 25 Best SSH Commands / Tricks 20 November 2010 | Uncategorized | Trackback | del.icio.us | Stumble it! | View Count : 0 Next […]
Great Article. Thank you.
Related to your 19.
I’ve got a nice alias in my bashRc, called rescp.
alias rescp=’rsync –size-only –partial –progress –stats –inplace’
I just use it in place of scp, and it work great!
Good list overall.
I’m not sure I see a the difference between #1 and #7. Are they dups?
Same goes for #10, #18, and somewhat #21 – While slightly different invocations, they ultimately do the same thing, right? My preference is using the #21 syntax to always ensure connection back to the same screen session.
Also #6 and #8 seem to be identical as well.
And #12 looks like it is incomplete.
@Doug you are absolutely right! # 1 and #8 are exactly the same, I didn’t even notice, thank you for pointing that out, I’m going to have to add a replacement command for that one as far #18 the -x switch allows you to connect to a non-datached screen and #21 has the -m switch which ignore $STY variable, do create a new screen session.
#6 and #8 are exactly the same and once again sorry for that.
but #12 is good
;)
[…] 25 Best SSH Commands / Tricks (tags: shell security tutorial) […]
Great tips !
Check my article about ssh tunneling, it’s written in French but script and drawing could be understand by everyone :p
http://www.it-wars.com/index.php?article199/vpn-avec-tunnel-ssh
[…] 25 Best SSH Commands / Tricks. This entry was posted in Linux and tagged astuces ssh, commandes ssh, linux ssh, SSH. Bookmark the permalink. ← Changer le nom de machine sous Debian […]
There is a tons of duplicates commands here, and some commands doesn’t really relate to ssh (like the mysql dump, whoa, just a “-c” parameters! what an innovation !).
Well, I will call it the “10 best SSH commands” in this list, that’s it !
Diff between #1 & #7 ??
I would include these commands in my site (www.security-commands.com), would you mind if I did?
[…] 25个ssh技巧,不过我就纳闷了copy-id算是技巧么。 pv 用来查看pipe的速度。 yes […]
[…] 25 Best SSH Commands / Tricks (tags: ssh linux tips security shell tutorials tricks) […]
Great post!
[…] 25 Best SSH Commands / Tricks. […]
don’t forget on-the-fly port fowards: http://www.lylebackenroth.com/blog/2009/01/26/ssh-on-the-fly-port-forwarding/
[…] REFERENCEShttp://blog.urfix.com/25-ssh-orders-tricks/ […]
Number 6 does not make sense to me, since the -t option on OpenSSH_5.1p1 does this: “Force pseudo-tty allocation. This can be used to execute…”
Perfect ! I like mounting folders on remote servers part ! (number 5) all of these are useful ! thanks
Very useful post. Thanks for the tips! I have subscribed and will be back soon
[…] 25条 SSH 命令和技巧 26 Nov 2010 作者: riku / 阅读次数: 0 (No Ratings Yet) Loading … 来源: 51CTO / 英文原文:25 BEST SSH COMMANDS / TRICKS […]
[…] 来源: 51CTO / 英文原文:25 BEST SSH COMMANDS / TRICKS […]
[…] 25 Best SSH Commands / Tricks : via @sagar38 […]
Cool, I like “9) CREATE A PERSISTENT CONNECTION TO A MACHINE” especially.
But, how do I close this master connection? killall ssh?
[…] 来源: 51CTO / 英文原文:25 BEST SSH COMMANDS / TRICKS […]
[…] 25 Best SSH Commands / Tricks 25 種最好地 SSH 指令/秘訣 (tags: linux ssh tricks terminal) […]
Cool list, long time ago i used to clone a partition (using dd) betwen 2 hosts, just great,
One of the best list on ssh
[…] from […]
[…] ssh lessons of 20 year old […]
[…] more at 25 BEST SSH COMMANDS / TRICKS; three I didn’t […]
[…] Hacker News: SSH Commands / Tricks. […]
[…] Management Systems – Smashing Magazine 5. Best Free Fonts of 2010 | Freebies 6. 25 Best SSH Commands / Tricks 7. What should a developer know _before_ building a public web site? – Stack […]
#15 makes more sense like this:
sed -i ‘/^name-of-offending-host/d’ ~/.ssh/known_hosts
[…] 25 Best SSH Commands. […]
[…] 2010: Tagged as System Administration ssh-keygen; ssh-copy-id user@host; ssh user@hostvia blog.urfix.comLove this one. Posted via email from danielmiessler.com | posterousRelated PostsFamiliarity with […]
@eliasp:
That only works if the hostnames aren’t hashed. If they aren’t hashed…. make it so :)
Great list… very imformative
My personal Favorite is the reverse of #2:
ssh -R3128:someSquidProxy.net:3128 firewalledhost
export http_proxy=localhost:3128
wget http://google.com
If firewalledhost can’t reach the public internet or the machine someSquidProxy, but your machine can, this opens a tunnel via SSH. I use it a lot to download patches to machines that normally can’t get them directly.
[…] by the linkage … just talkin out mah azz thought it might come in handy while I'm at it … 25 Best SSH Commands / Tricks more azz-speak 91 KZ1000 POLICE http://tinyurl.com/2wmgfc6 Reply With Quote […]
[…] by the linkage … just talkin out mah azz thought it might come in handy while I'm at it … 25 Best SSH Commands / Tricks more azz-speak 91 KZ1000 POLICE http://tinyurl.com/2wmgfc6 Reply With Quote […]
[…] 来源: 51CTO / 英文原文:25 BEST SSH COMMANDS / TRICKS […]
[…] Espectacular lista de trucos para SSH: http://blog.urfix.com/25-ssh-commands-tricks/ […]
[…] http://blog.urfix.com/25-ssh-commands-tricks/ Leave a Comment TrackBack URI […]
Brilliant list!!! Very informative..
‘xclip’ is a gold mine.
Thank you very much!
SSH connection through host in the middle is very usable for me.
[…] imabonehead: 25 Best SSH Commands / Tricks (urfix.com) […]
[…] 25 Best SSH Commands / Tricks: “URFIX’S BLOG A GEEK WITHOUT A CAUSETwitterRSS FeedHOME ABOUT […]
[…] imabonehead: 25 Best SSH Commands / Tricks (urfix.com) […]
[…] 原文:http://blog.urfix.com/25-ssh-commands-tricks/ « Fedora 14上FTP服务器的搭建 10件你不知道的apt那点事儿 » […]
[…] http://blog.urfix.com/25-ssh-commands-tricks/ […]
[…] See other tricks 25 ssh cmdhttp://blog.urfix.com/25-ssh-commands-tricks/ […]
[…] https://blog.urfix.com/25-ssh-commands-tricks/ SSH小技巧 […]
[…] 原文:http://blog.urfix.com/25-ssh-commands-tricks/ […]
[…] https://blog.urfix.com/25-ssh-commands-tricks/ SSH小技巧 […]