SSH: Difference between revisions
| Line 35: | Line 35: | ||
=== ProxyCommand === |
=== ProxyCommand === |
||
Specify the proxy command used by ssh to deal with proxies. |
Specify the proxy command used by ssh to deal with proxies. Example of '''ProxyCommand''' to use in ssh config file: |
||
<source lang=bash> |
|||
# none |
|||
ProxyCommand none # No proxy |
|||
# using nc |
|||
| ⚫ | |||
# using connect (or connect-proxy) |
|||
ProxyCommand /usr/bin/connect %h %p # No proxy as well |
|||
ProxyCommand /usr/bin/connect -H proxyserver:8080 %h %p # Using HTTP proxy proxyserver:8080 |
|||
ProxyCommand /usr/bin/connect -h %h %p # Using HTTP proxy defined in env. var HTTP_PROXY |
|||
ProxyCommand /usr/bin/connect -S socks5server:1080 %h %p # Using SOCKS5 proxy server socks5server:1080 |
|||
ProxyCommand /usr/bin/connect -s %h %p # Using SOCKS5 proxy defined in env. var SOCKS5_SERVER |
|||
ProxyCommand /usr/bin/connect -S socks4server:1080 -4 %h %p # Using SOCKS4 proxy server socks4server:1080 |
|||
# Using ssh-tunnel |
|||
ProxyCommand /usr/local/bin/ssh-tunnel.pl -f - - %h %p |
|||
</source> |
|||
If a ''hostname'' matches several sections, first match found is used. Use '''ProxyCommand none''' to override a default proxy configuration: |
|||
<source lang=bash> |
<source lang=bash> |
||
Host |
Host 192.* |
||
ProxyCommand |
ProxyCommand none # Otherwise setting in Host * would be taken |
||
Host myProxiedHost |
|||
| ⚫ | |||
Host * |
Host * |
||
ProxyCommand |
ProxyCommand /usr/local/bin/ssh-tunnel.pl -f - - %h %p # Default proxy settings |
||
</source> |
</source> |
||
Revision as of 10:53, 3 November 2009
Reference
On this Wiki:
Tips
ssh -F hostname # Find hostname in ~/.ssh/known_hosts (useful if HashKnowHosts enabled)
ssh -l -f ~/.ssh/known_hosts # Print fingerprint of known host keys
ssh -Lport:host:hostport hostname sleep 60 # Forward port, and exit after 60s if no connection is made
Install
After installing ssh (client & server), you have to create an ssh-key:
ssh-keygen
Configuration
SSH can be configured through file ~/.ssh/config. See man ssh_config for more information. The format is as follows:
# Specific configuration options for host host1
Host host1
Option1 parameter
Option2 parameter
# General configuration options for all hosts.
# Options in this section applies if same option was *not already specified* in a relevant host section above.
Host *
Option1 parameter
Option2 parameter
The value to use for each option is given by the first section that matches the host specification and that provides a value for that option. So section Host * should always be at the end of the file, since any subsequent section will be ignored.
ProxyCommand
Specify the proxy command used by ssh to deal with proxies. Example of ProxyCommand to use in ssh config file:
# none
ProxyCommand none # No proxy
# using nc
ProxyCommand /usr/bin/nc -X connect -x 192.0.2.0:8080 %h %p # Example in ssh_config manpage but DOES NOT WORK
# using connect (or connect-proxy)
ProxyCommand /usr/bin/connect %h %p # No proxy as well
ProxyCommand /usr/bin/connect -H proxyserver:8080 %h %p # Using HTTP proxy proxyserver:8080
ProxyCommand /usr/bin/connect -h %h %p # Using HTTP proxy defined in env. var HTTP_PROXY
ProxyCommand /usr/bin/connect -S socks5server:1080 %h %p # Using SOCKS5 proxy server socks5server:1080
ProxyCommand /usr/bin/connect -s %h %p # Using SOCKS5 proxy defined in env. var SOCKS5_SERVER
ProxyCommand /usr/bin/connect -S socks4server:1080 -4 %h %p # Using SOCKS4 proxy server socks4server:1080
# Using ssh-tunnel
ProxyCommand /usr/local/bin/ssh-tunnel.pl -f - - %h %p
If a hostname matches several sections, first match found is used. Use ProxyCommand none to override a default proxy configuration:
Host 192.*
ProxyCommand none # Otherwise setting in Host * would be taken
Host *
ProxyCommand /usr/local/bin/ssh-tunnel.pl -f - - %h %p # Default proxy settings
Command-Line
Remote Command Execution
- SSH allows to execute any command on remote SSH host. The syntax is
ssh -t SSH_HOST COMMAND
- To execute a remote command on remote host and stay connected afterwards, use ssh -t, along with bash rcfile, like:
ssh -t SSH_HOST "bash --rcfile PATH_TO_RC_FILE"
Don't miss the quotes around the command. Bash will execute the commands in the rc file, and will open a session. Connection remains open because stdin/stdout is not closed. Option -t allows for connecting with current terminal. Without this option, there will be no terminal connection, so bash would run in batch mode (no prompt), and terminal features like tab completion or color would be missing.
- Another solution is to force bash interactive mode:
ssh SSH_HOST "bash --rcfile PATH_TO_RC_FILE -i"
Since there is no terminal, bash goes by default in non-interactive mode. Interactive mode is forced with option -i, and so prompt will be printed, etc. But this is only a partial solution because there is still no terminal, ie. no color, no TAB auto-completion.
Port Forwarding
Here two drawings that illustrate very clearly the mechanisms of port forwarding in SSH.
First the case of direct port forwarding, where a port is opened for listening on the SSH Server, and forwarded to a host and port accessible to the client.
Then the case of reverse port forwarding, where a port is opened for listening on the SSH Client, and forwarded to a host and port accessible to the server.
