OpenSSH is the free version of the SSH connectivity tools. Telnet, rlogin, and ftp users might not realize that the passwords transmitted over the internet are unencrypted, but SSH is encrypted. OpenSSH encrypts all communications (including passwords), effectively eliminating eavesdropping, connection hijacking, and other attacks. Additionally, OpenSSH provides secure tunneling capabilities and several authentication methods, supporting all versions of the SSH protocol.
SSH is a very great tool, and if you need to connect remotely to a server on the internet, SSH is undoubtedly the best candidate. Below are the 25 best SSH commands selected by online voting that you must keep in mind.
(Note: Some lengthy commands in this article are displayed in a truncated state. If you need to read the full command, you can copy the whole line to your notebook for reading.)
1. Copy SSH keys to the target host to enable password-less SSH login
ssh-copy-id user@host
If you donât have a key yet, use the ssh-keygen command to generate one.
2. Open a tunnel from port 80 of a host to port 2001 of the local host
ssh -N -L2001:localhost:80 somemachine
You can now directly access this site by entering http://localhost:2001 in your browser.
3. Send your microphone output to the remote computerâs speaker
dd if=/dev/dsp | ssh -c arcfour -C username@host dd of=/dev/dsp
This outputs the sound from your microphone port to the speaker port of the SSH target machine, but unfortunately, the sound quality is poor and you will hear a lot of hissing.
4. Compare remote and local files
ssh user@host cat /path/to/remotefile | diff /path/to/localfile â
This command is useful when comparing if there are differences between local files and remote files.
5. Mount directory/filesystem over SSH
sshfs name@server:/path/to/folder /path/to/mount/point
Download sshfs from http://fuse.sourceforge.net/sshfs.html, it allows you to securely mount a directory over the network.
6. Establish an SSH connection through an intermediate host
ssh -t reachable_host ssh unreachable_host
Unreachable_host signifies a host that cannot be accessed directly from the local network but can be accessed from the network reachable_host is on. This command creates a connection to unreachable_host through a âhiddenâ connection to reachable_host.
7. Copy your SSH public key to the remote host and enable password-less login â the simple way
ssh-copy-id username@hostname
8. Connect directly to host A that can only be accessed through host B
ssh -t hostA ssh hostB
Of course, you must have access to host A.
9. Create a persistent connection to the target host
ssh -MNf @
Create a persistent connection to the target host in the background, combining this command with configurations in your ~/.ssh/config:
Host host
ControlPath ~/.ssh/master-%r@%h:%p
ControlMaster no
All SSH connections to the target host will use a persistent SSH socket. This command is very useful if you regularly synchronize files using SSH (using rsync/sftp/cvs/svn), as it avoids creating a new socket each time an SSH connection is opened.
10. Connect to a screen over SSH
ssh -t remote_host screen âr
Connect directly to a remote screen session (saves unnecessary parent bash processes).
11. Port knocking (knock)
knock 3000 4000 5000 && ssh -p user@host && knock 5000 4000 3000
Knock on a port to open a serviceâs port (like SSH) and knock again to close the port. You need to install knockd first. Below is a sample configuration file.
[options]
logfile = /var/log/knockd.log
[openSSH]
sequence = 3000,4000,5000
seq_timeout = 5
command = /sbin/iptables -A INPUT -i eth0 -s %IP% -p tcp âdport 22 -j ACCEPT
tcpflags = syn
[closeSSH]
sequence = 5000,4000,3000
seq_timeout = 5
command = /sbin/iptables -D INPUT -i eth0 -s %IP% -p tcp âdport 22 -j ACCEPT
tcpflags = syn
12. Remove a line from a text file, handy fix
ssh-keygen -R
In this case, itâs best to use professional tools.
13. Run complex remote shell commands via SSH
ssh host -l user $(
A more portable version:
ssh host -l user â`cat cmd.txt`â
14. Copy MySQL databases to a new server via SSH
mysqldump âadd-drop-table âextended-insert âforce âlog-error=error.log -uUSER -pPASS OLD_DB_NAME | ssh -C user@newhost âmysql -uUSER -pPASS NEW_DB_NAMEâ
Dump a MySQL database through a compressed SSH tunnel and pass it as input to the mysql command. I think this is the fastest and best method to migrate a database to a new server.
15. Remove a line from a text file to fix an âSSH host key changeâ warning
sed -i 8d ~/.ssh/known_hosts
16. Copy your SSH public key to a server from a host lacking the SSH-COPY-ID command
cat ~/.ssh/id_rsa.pub | ssh user@machine âmkdir ~/.ssh; cat >> ~/.ssh/authorized_keysâ
If you are using Mac OS X or another *nix variant lacking the ssh-copy-id command, this command can copy your public key to the remote host, allowing password-less SSH login just like before.
17. Real-time SSH network throughput test
yes | pv | ssh $host âcat > /dev/nullâ
Connect to the host via SSH and display the real-time transfer rate, directing all transmitted data to /dev/null. You need to install pv first.
If on Debian:
apt-get install pv
If on Fedora:
yum install pv
(Additional repositories may need to be enabled).
18. Establish a reconnectable remote GNU screen
ssh -t [email protected] /usr/bin/screen âxRR
People like to open many shells in a text terminal, and if the session is suddenly interrupted, or you press âCtrl-a dâ, the shell on the remote host remains unaffected, allowing you to reconnect. Other useful screen commands are âCtrl-a câ (open a new shell) and âCtrl-a aâ (toggle between shells), visit http://aperiodic.net/screen/quick_reference for more screen command quick references.
19. Resume SCP of large files
rsync âpartial âprogress ârsh=ssh $file_source $user@$host:$destination_file
It can resume failed rsync commands. This command is very useful when transferring big files like a backup database over V**, requiring rsync to be installed on both ends.
rsync âpartial âprogress ârsh=ssh $file_source $user@$host:$destination_file local -> remote
or
rsync âpartial âprogress ârsh=ssh $user@$host:$remote_file $destination_file remote -> local
20. Analyze traffic with SSH W/ WIRESHARK
ssh [email protected] âtshark -f âport !22âł -w -â | wireshark -k -i â
Use tshark to capture network communications on a remote host, send raw pcap data over an SSH connection, and display it in wireshark. Pressing Ctrl+C will stop the capture but also close the wireshark window. You can pass a â-c #â parameter to tshark, directing it to capture only the data type specified by â#â or redirect data through a named pipe instead of directly over SSH to wireshark. I recommend filtering packets to save bandwidth. tshark can be replaced by tcpdump:
ssh [email protected] tcpdump -w â âport !22Ⲡ| wireshark -k -i â
21. Keep an SSH session permanently open
autossh -M50000 -t http://server.example.com âscreen -raAd mysessionâ
Once an SSH session is opened, keep it permanently open. For laptop users, this prevents losing connections when switching between Wi-Fi hotspots.
22. More stable, faster, stronger SSH client
ssh -4 -C -c blowfish-cbc
Force the use of IPv4, compress the data stream, and use Blowfish encryption.
23. Control bandwidth with cstream
tar -cj /backup | cstream -t 777k | ssh host âtar -xj -C /backupâ
Compress a folder with bzip, then transfer it to the remote host at a rate of 777k bit/s. Cstream has more functions, visit http://www.cons.org/cracauer/cstream.html#usage for details, for example:
echo w00t, iâm 733+ | cstream -b1 -t2
24. Transfer SSH public key to another machine in one step
ssh-keygen; ssh-copy-id user@host; ssh user@host
This command combination allows password-less SSH login. Note that if an SSH key pair already exists in the ~/.ssh directory of the local machine, the ssh-keygen command may overwrite them. ssh-copy-id copies the key to the remote host and appends it to the remote accountâs ~/.ssh/authorized_keys file. During SSH connection, if you havenât used a key passphrase, the remote shell will appear soon after calling ssh user@host.
25. Copy standard input (stdin) to your X11 buffer
ssh user@host cat /path/to/some/file | xclip
Do you SCP files to a work computer just to copy their content into an email? xclip can help by copying standard input to the X11 buffer; you just need to click the middle mouse button to paste the content from the buffer.