SLUG Mini-Presentation on SSH Tips/Tricks

Friday, September 17, 2010 categories: linux, slug, ssh

I was asked if I could take the time to do a short, mini-presentation on SSH for a Siouxland Linux Users Group (SLUG) meeting. Like most things, it got put off until about a week before, and then put off until the week of the meeting. At least I started getting things ready the night before... Anyway, I figured I could put up here what I covered. Good excuse to post I guess.

For basic information, I covered syntax:

ssh host -l user
ssh user@host

Using scp and sftp to transfer files:

scp a slug02:
scp slug02:b ./
sftp slug02

Port Forwarding:

-D 12345
-L 12345:host:port

Optionally using less encryption for file transfers:

-c blowfish
-c none

And mentioned using compression for X forwarding, but didn't setup a VM with X running to demonstrate X forwarding:


Then, for more advanced topics, I talked about how ~/.ssh/config and what can be put in there.

For example, setting ControlMaster for connections to use a single SSH connection for multiple sessions:

Host *
   ControlMaster auto
   ControlPath /tmp/%r@%h:%p

I couldn't recall the syntax to disable ControlMaster for a specific connection from the command line, but it is:

ssh -o ControlMaster=no slug02

Creating a basic connection shortcut:

Host s1
   HostName slug01
   User user1

As well as showing that the various settings that can be used here are found in ssh_config(5), and the earlier command line parameter analogs for the file:

   LocalCommand blah
   DynamicForward 8080
   LocalForward 12345 otherpc:3389
   LocalForward 12346 otherpc:80

I also mentioned fail2ban and denyhosts as ways to protect your SSH server from unwanted brute forcing. I personally use denyhosts, and showed how it populates /etc/hosts.deny with the rogue failures, as well as how white listing in /etc/hosts.allow can be done.

I think it was a reasonably successful mini-presentation.