
SSH Examples, Tips and Tunnels - thewanderer1999
https://hackertarget.com/ssh-examples-tunnels/
======
blueflow
If you liked this article, PLEASE, PLEASE just take 10 minutes to look at the
manpages for ssh(1) and ssh_config(5). SSH options are nothing we need to
research about, we humans made it and we wrote documentation for it. The
manpages are also exhaustive, definitive, and valid for the exact version you
have installed.

Please, instead of making more 'how to use SSH'-articles popular, read the
manpages yourself.

Reading the datasheets and documentation of the stuff you work with is an
important characteristic of an capable engineer.

~~~
beefield
My usage of manpages would increase by orders of magnitude if I knew there
were examples of actual working commands in the first page. Most of the time I
am not looking for an obscure parameter, but my brain just has failed to take
a note of the basic syntax of the command. So why not start ssh manpage with
two _simple_ examples, how to connect to a host with username and ssh key:

ssh user@example.com

ssh -i ~/.ssh/id_rsa user@example.com

~~~
gumby
This is how every man page starts, with a "SYNOPSIS" of invocation. For
example the ssh man page starts:

    
    
        ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-B bind_interface] [-b bind_address] [-c cipher_spec] ...
    

If there are several incompatible ways to invoke an operation several cases
are given, e.g.

    
    
        netstat [-AaLlnW] [-f address_family | -p protocol]
        netstat [-gilns] [-v] [-f address_family] [-I interface]
        ...
    

Typically there are examples in the EXAMPLES or USAGE section which you can
jump straight to via /^U or /^E

In the case of ssh there are several such sections so just jump to them via
/^[^ ]

~~~
crispyambulance

          > ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-B bind_interface] [-b bind_address] [-c cipher_spec] ...
    

That's exactly the kind of "SYNOPSIS" would make me want to stomp on puppies
when looking at a man page because I forgot some basic usage.

But actually, thanks for the key-combo tip on jumping straight to examples.

~~~
knolan
I find many manpages to be pretty obtuse. They could do a lot to help those of
us who need a bit more hand holding.

I like cheat.sh. You can curl it directly from your terminal and it offers the
quick examples I often need to get back to work.

Here is their ssh page: [http://cheat.sh/ssh](http://cheat.sh/ssh)

Also I am a huge fan of Matlab’s Documentation, at least up to the more recent
versions that became less usable. They give a clear description of the
function, list syntax options, give several examples and provide a see also
section with similar or related functions (greatly helping discoverability).
They usually include academic references at the end.

[https://uk.mathworks.com/help/matlab/ref/atand.html?s_tid=do...](https://uk.mathworks.com/help/matlab/ref/atand.html?s_tid=doc_ta)

------
avaika
> localhost:~$ ssh remoteserver "cat /var/log/nginx/access.log" | grep
> badstuff.php

It would be much more traffic (and execution time) friendly, if you put pipe
and grep to "" as well, so grep would be executed on remote server and ssh
won't have to send the entire log to your machine.

And I'd like to highlight the overwhelming awesomeness of ~/.ssh/config file.
If you haven't heard about it or use shell alias instead please please read
about it. It supports autocomplete, dynamic paths to key files and many other
cool things which can make your ssh client experience simply great.

~~~
j1elo
The article does touch on that optimization:

 _In this example the grep is being performed on the local system after the
log file has been pushed across the ssh session. If the file is large it would
be more efficient to run the grep on the remote side simply by enclosing the
pipe and grep in the double quotes._

~~~
rzzzt
While I myself am not a purist, some people would consider this an instance of
UUOC:
[http://porkmail.org/era/unix/award.html](http://porkmail.org/era/unix/award.html)

> localhost:~$ ssh remoteserver "grep badstuff.php /var/log/nginx/access.log"

~~~
Matt3o12_
The only reason I (and probably many other people) prefer cat | grep instead
of just using grep is because it is much easier to change the search term this
way. With cat, it’s only a ctrl-W away from using a different term. If I only
used grep, i would have to move my cursor which can get pretty annoying with a
long file path.

That being said, only using grep is my preferred approach (if I don’t forget
it) in script and “compact lines” (I.e ssh, watch, and everything that expects
the command as a string).

If you are grepping a file multiple times, I would recommend to connect to the
server anyways (because it is much faster). That being said, if this is a
single occurrence, and saves you from the pitfalls of using the local grep
instead of the remote one, your approach is preferable in that case.

~~~
owaty
> If I only used grep, i would have to move my cursor which can get pretty
> annoying with a long file path.

You can also do it like this:

    
    
        < myfile grep mypattern

------
mhogomchungu
There is a windows program named sshfs-win[1] that allows mounting of remote
SSH location as local folders and SiriKali[2] is currently its only GUI
frontend. SiriKali also supports sshfs on Linux.

[1] [https://github.com/billziss-gh/sshfs-win](https://github.com/billziss-
gh/sshfs-win)

[2]
[https://mhogomchungu.github.io/sirikali](https://mhogomchungu.github.io/sirikali)

------
jolmg
As an additional tip, I've seen people complain about scp's handling of spaces
and other special characters, causing one to use 2 layers of quoting. For
example:

    
    
      scp machine:'"file with spaces"' .
    

What people don't tend to realize is that this is because scp allows you to
specify the remote-side files with remote shell code. For example, to get all
pdfs in the remote home directory:

    
    
      scp machine:'*.pdf' .
    

To get file.xml and file.pdf from the remote:

    
    
      scp machine:'file.{xml,pdf}' .
    

To get the newest file (asumming that it has no whitespace or glob
characters):

    
    
      scp machine:'$(ls -t | head -1)' .
    

The same, but handling spaces and other characters, but not newlines:

    
    
      scp machine:'"$(ls -t | head -1)"' .
    

If you use zsh on the remote machine with extended globs, this is the safest
way:

    
    
      scp machine:'*(oc[1])' .

------
codeape
Is the first "Using a Configuration File" example a bit misleading? The
example is:

... Host remoteserver HostName remoteserver.thematrix.io User neo Port 2112
IdentityFile /home/test/.ssh/remoteserver.pub

IdentityFile typically (always?) specifies a file with a private key, right?

~~~
licebmi__at__
Unless you're using something like a smart card as identity with gpg-agent,
then you won't have a private key file. Because of that, you can specify a
public key file to identify this private key.

------
SpaceInvader
I've been using SSH tunnels for years, this keeps me safe and sane. Also at
work where my employer closed almost everything. Including well known web
pages with info useful for my work...

~~~
yjftsjthsd-h
I would think twice before violating policy like that. YMMV, of course.

------
opsdisk
Nice post...covers some good use cases. I wrote a book all about SSH tunneling
and port redirection use cases in depth...primarily for penetration testers.
"The Cyber Plumber's Handbook"
([https://cph.opsdisk.com/](https://cph.opsdisk.com/)) is _free_ (already
given away 250+ copies) for students that have an educational/student email
address. Simply send an email to cph-student@opsdisk.com and I'll send you a
discount code to download it for free.

It walks you through the basics of SSH tunneling (both local and remote port
forwards), SOCKS proxies, port redirection, and how to utilize them with other
tools like proxychains, nmap, Metasploit, and web browsers.

Advanced topics included SSHing through 4 jump boxes, throwing exploits
through SSH tunnels, scanning assets using proxychains and Metasploit's
Meterpreter, browsing the Internet through a SOCKS proxy, utilizing
proxychains and nmap to scan targets, and leveraging Metasploit's Meterpreter
portfwd command.

------
plg
Does anyone use OSSEC on their personal workstation or personal server? I have
some MacOS machines with public IP addresses with ssh access enabled, and I'm
wondering if I should use something like this. Presently I have the MacOS
firewall configured but that's it.

~~~
ficklepickle
It's not needed, IMO, if you disable password auth and only allow ssh from
white listed IPs. This has eliminated ssh login attempts for me.

------
wodny
I must admit that I have learned 2 new things from this article, i.e.:

\- -J to jump through multiple hosts (available since 7.3)

\- -R creating a reverse SOCKS proxy (available since 7.6)

New (from a Debian user's perspective) features[1] hide among all the
classics.

[1]:
[https://www.openssh.com/releasenotes.html](https://www.openssh.com/releasenotes.html)

------
LinuxBender
I would like to propose the author add a section for chroot sftp and ways to
replicate rsync-like behavior, thus allowing rapid file transfer without
providing a shell. [1] This is useful in situations where automated file
transfers and backups are required and minimizing risk of shell access is
desired.

[1] - [https://tinyvpn.org/sftp/#lftp](https://tinyvpn.org/sftp/#lftp)

This specific example can be used to set up public semi-anonymous file sharing
without providing shell access. there is a working live demo of the sftp
server that you can play around with using lftp to replicate rsync like
behavior.

------
ozychhi
Great article! One minor comment though, `folder` sounds so wrong in *nix
world, I'd suggest you use directory instead.

~~~
h1d
Not the author but I find it easier to type folder than directory on qwerty.
Not sure about other layout.

~~~
ozychhi
I don't think they are really interchangeable terms in this context, one is
rigth the other one is wrong

~~~
h1d
I assume Windows and MacOS use the term folder in place of directory, so at
this point, I'm assuming it's generally acceptable to use either one.

------
swah
Gah, just yesterday I had this crazy problem with SSH tunnels and psql
(Postgres client) crashing the tunnel. What solved it? Changing my interface
MTU...

[http://www.snailbook.com/faq/mtu-
mismatch.auto.html](http://www.snailbook.com/faq/mtu-mismatch.auto.html)

~~~
forinti
This is interesting. I sometimes have to connect to a VPN that crashes when
something provokes a burst of activity (if I cat a file or even ls a large
dir). I'll try this, but 576 seems so low; how did you get at this number?

~~~
swah
This is what I want to know - the article doesn't explain. I guess its a
number that particular (old?) routers / particular firewalls won't fragment
the packet..?

~~~
forinti
Wikipedia says 576 is the minimum for IPv4. I suppose then that the author
just went for the value all hosts should support.

------
subhajeet2107
Is there a way to combine screen/tmux with ssh ? like i always need to do some
long running tasks over ssh and forget to put it in a screen session, i would
like to open each ssh session in a screen session so that when i connect next
i should be able to proceed from where i left

~~~
corpMaverick
Pardon my ignorance. Why are screen/tmux so popular ? I just use a terminal
with tabs (i.e. Gnome terminal)

~~~
frankc
screen/tmux persist when you log out. Let's say you have 10 shells open to a
remote server in screen session and you reboot you client computer. If you ssh
back into the remote and run screen...pow, you have your 10 shells back.

------
known
Few more tips in
[https://www.commandlinefu.com/commands/matching/ssh/c3No/sor...](https://www.commandlinefu.com/commands/matching/ssh/c3No/sort-
by-votes)

------
AzzieElbab
Cool post and another remit that half of the software in this world would not
have existed if people bothered to learn Unix(s) tools

------
jaimehrubiks
Very nice article, so many useful things.

