SSH
SSH with key
$ ssh -i Keypair.pem [email protected]
Password-less SSH
Keypair: one public key and one private key. Local machine has the private one, and remote machine has the public one.
- Remote: the public keys are stored in
~/.ssh/authroized_keyson the remote machine. - Local: use
ssh -i myPrivateKey foo@bazto specify which private key to use (in this casemyPrivateKey)- if use public clouds like Amazon AWS, you probably will get a file like
Keypair.pemfrom the platform, it is actually a private key. - if use
ssh-keygen, 2 files will be generated, the one without.pubis the private key. - if you do not specify which private key file to use(
-i), ssh will look for the file~/.ssh/id_rsa.
- if use public clouds like Amazon AWS, you probably will get a file like
.ssh/config
Specify User and IdentityFile
Host example1
HostName 10.xx.xx.xx
User root
IdentityFile /path/to/key.pem
Equivalent to
$ ssh -i /path/to/key.pem [email protected]
2 Hops: ProxyCommand
Host hop1
Hostname hop1.example.com
User root
Host hop2
ProxyCommand ssh -q hop1 nc hop2.example.com 22
where -q is quite mode (no log), 22 is the port of SSH, nc(netcat) is used to listen hop2.
Tunnel
local -> foo.example.com -> bar.example.com
~/.ssh/config
Host bar
HostName bar.example.com
ProxyCommand nc -X 5 -x localhost:9999 %h %p
User username
nc: netcat, anything related to TCP/UDP-X 5: use SOCKS v.5-x localhost:9999: connect to host via this proxy
tunnel.sh
#!/usr/bin/env bash
netstat -nlp 2> /dev/null | grep --color=auto 9999 > /dev/null 2>&1;
if [ $? -ne 0 ]; then
ssh -D0.0.0.0:9999 -f -N [email protected]
fi
SSH error
UNPROTECTED PRIVATE KEY FILE!
Error:
$ ssh <something>
The authenticity of host '10.xxx.xxx.xxx (10.xxx.xxx.xxx)' can't be established.
RSA key fingerprint is xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.xxx.xxx.xxx' (RSA) to the list of known hosts.
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0644 for '/path/to/key.pem' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key: /path/to/key.pem
Solution
$ chmod 600 /path/to/key.pem
REMOTE HOST IDENTIFICATION HAS CHANGED
Symptom
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
bc:95:f9:a4:....:45:ad:89.
Please contact your system administrator.
Problem: the fingerprint changed
In my case: Terminate an EC2 instance and start another one, while the ip remains the same.
Solution:
$ rm ~/.ssh/known_hosts
~/.ssh/config
Host <alias>
HostName <host_name or IP>
User <user_name>
IdentityFile /path/to/private/key.pem
For example
Host foo
HostName 10.xxx.xxx.xxx
User stack
IdentityFile /path/to/private/key.pem
then
$ ssh foo
is essentially the same as
$ ssh -i /path/to/private/key.pem [email protected]
sshuttle
Allows you to create a VPN connection from your machine to any remote server that you can connect to via ssh.
You must have root access on the local machine, but you can have a normal account on the server.
mosh
Use mosh instead of ssh
mosh + tmux
$ mosh -6 [dev-server-address or ssh alias] -- tmux a
You can create an alias in your bash profile so you don't need to type the above command
alias dev="mosh -6 [dev-server-address or ssh alias] -- tmux a"
Detached Sessions
You may see messages like this:
Mosh: You have a detached Mosh session on this server (mosh [12345]).
For security reasons, you can not reattach.
To kill the session:
$ kill 12345
To kill all mosh connections:
$ kill `pidof mosh-server`
Alternative: Eternal Terminal (et) https://github.com/MisterTea/EternalTerminal