SSH Tools
Some tools related to SSH.
GUI Front-Ends
Gnome/Nautilus
- Under GNOME, one can uses menu Places → Connect to Server... to connect to a remote server in Nautilus. The connection can be bookmarked for future use.
- The syntax for address bar in Nautilus is sftp://username@server/folder.
KDE/Konqueror
- Use KIO fish or sftp to establish a SSH or SFTP connection in Konqueror.
gftp
- gftp is a free multithreaded file transfer client for *NIX based machines. It supports the FTP, FTPS (control connection only), HTTP, HTTPS, SSH and FSP protocols.
SSH-Tunnel
- SSH-Tunnel is a Perl script that can be used with SSH ProxyCommand to automatically detect the proxy settings to use.
- See official page on Yobi.
- To install
# Install ssh-tunnel
tar -xvzf ssh-tunnel-x.yy.tgz
make install
# Create empty ssh banner (will be updated at the first connection)
touch ~/.ssh/clbanner.txt
# Create ssh symlink ( need to have ~/bin in path !)
mkdir ~/bin
ln -s /usr/local/bin/ssh.pl ~/bin/ssh
# Edit ~/.ssh/config and ~/.ssh/proxy.conf
vi ~/.ssh/config
vi ~/.ssh/proxy.conf
- Install required packages (openssl and dev libraries) and required PERL packages (see Perl:
$ sudo apt-get install openssl libssl-dev
$ sudo cpan
# 2 following lines only needed if first time cpan is run
cpan> o conf init urllist
cpan> o conf commit
cpan> install Getopt::Long MIME::Base64 Net::SSLeay IO::Socket::SSL Authen::NTLM
- Here a [{{#filelink: ssh-tunnel-v2.26.patch}} patch] on ssh-tunnel-v2.26 to prevent double expansion in command arguments:
--- ssh-tunnel-2.26/ssh.pl 2007-04-15 20:15:36.000000000 +0200
+++ ssh-tunnel-2.26-patched/ssh.pl 2008-09-09 15:54:59.125000000 +0200
@@ -15,5 +15,5 @@
# Parse ssh-options
while ($#ARGV>=0 && $ARGV[0] ne '--') {
- push @SSHARGV, shift @ARGV;
+ push @SSHARGV, "\'" . shift(@ARGV) . "\'";
}
shift @ARGV if $ARGV[0] eq '--';
SSH-Agent
ssh-agent is a program that holds private keys used for public key authentication (RSA, DSA). Using this program, users only have to enter once the passphrase of their ssh key, and not at each ssh invokation.
% eval `ssh-agent -s`
% ssh-add # Here ssh-add asks for user's passphrase
% ssh # Here no passphrase requested
ssh-agent defines the environment variable SSH_AUTH_SOCK, which points to a unix socket that is used by 'ssh to communicate with the agent.
Linux
On Linux, ssh-agent should be launched before starting the X session, so that all child processes have this variable defined. Also, be sure to kill all instances of ssh-agent when the session ends.
Cygwin
The situation is trickier on Cygwin / Windows because it is not possible to launch the ssh-agent before the Windows GUI.
I use [{{#filelink: ssh-agent-refresh.sh}} this script] to overcome this situation (to install in /usr/local/bin/). The script also works in multi-user environment, but only accept one ssh-agent instance per user.
{{#fileanchor: ssh-agent-refresh.sh}}
#!/bin/bash
#
# This script will detect any running ssh-agent and restore the environment
# variable that would normally be created with the command
#
# % ssh-agent -s
#
# By default, this script looks for an existing ssh-agent process already running with
# same UID as the current shell. If none is found, a new ssh-agent process is launched.
# If the SSH_AUTH_SOCK is not specified, the script will try to find back the correct
# socket name. For this it looks for a socket named /tmp/ssh-*/agent.*, with same UID
# as current script.
#
# If the environment variable SSH_AUTH_SOCK is set, ssh-agent will use that socket name
# instead of generating a new one (on first invocation).
#
# Example of use:
# ssh-agent-refresh.sh
# if ( ssh-add -L | grep -q $USER ); then ssh-add -t 3600; fi
#
# Example with predefined SSH_AUTH_SOCK
# export SSH_AUTH_SOCK=/tmp/.ssh-agent-$USER
# ssh-agent-refresh.sh
# if ( ssh-add -L | grep -q $USER ); then ssh-add -t 3600; fi
#
# Example of output of ssh-agent -s:
#
# SSH_AUTH_SOCK=/tmp/ssh-VAjpOtefMI/agent.2112; export SSH_AUTH_SOCK;
# SSH_AGENT_PID=2568; export SSH_AGENT_PID;
# echo Agent pid 2568;
SSH_AGENT_PROCESS_NAME=ssh-agent
# Shell must be a login shell - for USER variable
if [ -z "$USER" ]; then
echo "ERROR! Environment variable USER not defined - you probably don't run a login shell"
exit 4
fi
# First see check that at most one instance of ssh-agent is running.
SSH_AGENT_COUNT=`ps -su $USER | grep -c "$SSH_AGENT_PROCESS_NAME"`
if [ $SSH_AGENT_COUNT -gt 1 ]; then
echo "ERROR! Several ssh-agent processes are running">/dev/stderr
exit 3
fi
# Second launch a new ssh-agent if none is running. We use variable SSH_AUTH_SOCK if defined
if [ $SSH_AGENT_COUNT -eq 0 ]; then
if [ $SSH_AUTH_SOCK ]; then
ssh-agent -a "$SSH_AUTH_SOCK" -s
else
ssh-agent -s
fi
exit 1
fi
# Third, find back ssh-agent-pid We use the blob below because pidof doesn't filter based on process UID
SSH_AGENT_PID=`ps -su $USER | grep "$SSH_AGENT_PROCESS_NAME" | sed -r 's/^ *([0-9]*) .*$/\1/'`
# Next find the socket that the running ssh-agent is attached to. We reuse variable SSH_AUTH_SOCK if it is defined.
if [ ! $SSH_AUTH_SOCK ]; then
SSH_AUTH_SOCK=`find /tmp -type s -user $USER -path "/tmp/ssh-*/agent.*"`
else
if [ -x "$SSH_AUTH_SOCK" ]; then
echo "ssh-agent process found (pid $SSH_AGENT_PID), but given socket does not exist ($SSH_AUTH_SOCK)!">/dev/stderr
exit 2
fi
fi
echo "SSH_AUTH_SOCK=$SSH_AUTH_SOCK; export SSH_AUTH_SOCK;"
echo "SSH_AGENT_PID=$SSH_AGENT_PID; export SSH_AGENT_PID;"
echo "echo Agent pid $SSH_AGENT_PID;"
exit 0
Then add the following lines in your file ~/.bash_profile (not in the ~/.bashrc because we use variable USER which is only defined in a login shell):
eval `ssh-agent-refresh.sh` >/dev/null
if ( ! ( ssh-add -L | grep -q $USER ) ); then ssh-add -t 3600; fi
Some security tip:
- Define a maximum life time using option -t time.
- Lock the agent with a password using option ssh-add -x.
Note that to overcome the one instance per user limitation, one would need to save the environment generated by ssh-agent in some file in home directory, and then source the proper file at next invocation.
Other ideas found on internet:
- win-ssh-askpass A GUI tool to do exactly the same as in Linux. Also provides win-ssh-askpass.exe that can be defined as executable for SSH_ASKPASS (see ssh-add man pages).
- [1] Proposes to use a predefined SSH_AUTH_SOCK (defined in Windows environment), and saves the ssh-agent environment into a file, which can be sourced later on.
- Some more ideas here
SSH Sessions
Autossh
autossh - Automatically restart SSH sessions and tunnels.
autossh by default monitors the ssh connection through a dedicated port to see whether the current ssh connection must be restarted. However the simpler is to use the ssh config option ServerAliveCountMax and ServerAliveInterval so that ssh exits automatically when the connection is down. In that case, autossh will then restart ssh automatically without need of additional monitoring.
Add to your ~/.ssh/config:
Host * ServerAliveCountMax 3 # default value actually ServerAliveInterval 15 # ssh will exit after 3 x 15s = 45s
Example of uses:
$ autossh -M 0 -f -D 1080 noekeon # -M 0 tells autossh to only restart ssh upon ssh's exit
Mosh
Mosh is a remote terminal application that allows roaming, supports intermittent connectivity, and provides intelligent local echo and line editing of user keystrokes.
Eternal Terminal
- maintains connections alive even on disconnect. Works better than autossh or mosh [2].