SSH Remote Connections via Config

Thorsten has contributed the following ssh tip. Thanks Thorsten!

You wrote about ssh connects via gnome terminal:

http://dailyvim.blogspot.com/2008/09/gnome-terminal-tips.html

I'm using the config file of ssh to achieve the same goal:

just put the file "config" in your .ssh directory (chmod 600) with the
following lines:


host mysshhost
user root
identityfile /root/.ssh/my_ssh_key.ssh
port 34021
hostname 127.0.0.1
localforward 10100 localhost:10100
ForwardX11 yes


then back at the command line just try:

myhost:/ # ssh mysshhost

and voila, welcome to your ssh connected system (even the
bash-completion works with the config file, just do a ssh )

Easier Shared Key Authentication

I use ssh shared key authentication to access a good number of servers I work on. In an effort to make things more secure, the shared keys usually have passwords associated with them. Generally speaking, I try to keep remote sessions alive inside of screen or just minimized on my current workspace, but I'm a habitual window closer, so I end up having to login again pretty regularly. Luckily, openssh has a facility that saves me from typing my passwords over and over again. I keep all my keys inside /home/myuser/.ssh for convenience sake. When I start my desktop session, I cd into that directory and do ssh-add *. It prompts me to type each distinct password once, and that's it. After that, the ssh agent has the password stored in memory until I terminate my desktop session.

SSHFS via Fuse

This is relatively new to me and pretty damn cool. FUSE (Filesysten in Userspace) is a software package which allows you to mount various types of filesystems from inside userspace. It also includes an API for integrating such functionality into your own software and all sorts of other goodies, but that's beyond the scope of this post. I'm constantly hopping between the Grooveshark dev server and my local machine. Thinking it would be really convenient to have the remote filesystem available from inside my home directory, I decided to give Fuse a try. On my local Ubuntu workstation the sequence went something like this:

desktop:~$ apt-get install fuse-utils sshfs
desktop:~# usermod -a -G fuse travis # add my user to the fuse group
... logout ... log back in ...
desktop:~$ mkdir devmnt
desktop:~$ sshfs -p someport -oIdentityFile=/path/to/id/file user@host:/ devmnt
desktop:~$ cd devmnt
desktop:~/devmnt$ ls
... files !...

If you don't use an identity file or alternative port to ssh, you can omit those options from the sshfs command-line. Also, the filesystem is mounted with the same privileges as if you were logged onto the box as the user specified... so you can read and write files at will so long as the filesystem permissions allow.

Oh, one important little piece of information that was surprisingly absent from the sshfs manpage, you can unmount the filesystem as follows:

fusermount -u mountpoint

Remote Port Forwarding over SSH

Consider the following scenario. You have a remote machine that you have access to, and you have enough control to bind a process to an arbitrary port. You also have a workstation that isn't exposed to the outside world, but you would like to access this workstation from outside of your LAN/firewall. Sure you can setup a VPN, configure port forwarding on your router, etc... As usual, there are lots of solutions, but not many are as cool as this quick little ssh hack.

On your workstation:

ssh -Nf -R 9000:localhost:22 username@publicserver.com

This assumes you can bind to port 9000 via the loopback on the remote server and that you're running sshd on port 22 on your local workstation. Now you drive to the local coffeehouse, and you need to hop on your Linux box at home...

Log into publicserver.com:

ssh -p 9000 username@localhost

In this case, username is your account on your workstation behind the firewall.

Thanks to Nate G. for this tip.

Tar + SSH

If you want to transfer a directory structure from your local machine to a remote host, there are obviously a lot of ways to do this. You could use a recursive scp, an rsync, ftp (god forbid), or a variety of other techniques. Another way that's assuredly less popular but has the advantage of letting you specify the compression method and providing options to preserve attributes verbatim, is to use tar and ssh with the following syntax:

tar cvjf - * | ssh whoever@machine.com "(cd /path; tar xjf -)"

The previous example uses bzip2 compression, which may save time for large transfers. Thanks to Nate G. for contributing this tip.