WingNews logo WingNews GitHub [2]
top | item 32024735

SSH Cheat Sheet

80 points| marcobehler | 3 years ago |marcobehler.com

21 comments

order
[+] thedougd|3 years ago|reply
Favorites for scripting including the ability to run any command or script on the remote.

  ssh remotehost reboot
Heredoc syntax also works:

  ssh remotehost <<'EOF'
  ls
  cat /etc/passwd
  reboot
  EOF
[+] rollulus|3 years ago|reply
My favorite Konami code level of cheat: ssh escape sequences. On a new line: ~. to terminate a connection that’s stuck. Or ~? for more help.
[+] LeoPanthera|3 years ago|reply
Since it's sometimes unclear whether you are on a new line in a stuck terminal, I find it simpler to remember the sequence as [Return][~][.]
[+] thedougd|3 years ago|reply
Great one! This needs communicated more broadly. I spent too many years of my life killing terminals because of a dead ssh connection.
[+] marcobehler|3 years ago|reply
Thanks, indeed a great one! Will put it in the article.
[+] acatton|3 years ago|reply
PSA: scp is deprecated.[1] Please use sftp.[2]

[1] https://lwn.net/Articles/835962/

[2] https://man.openbsd.org/sftp.1

[+] neurostimulant|3 years ago|reply
scp uses sftp protocol by default since v8.8. You'll need to pass `-O` parameter to explicitly use the legacy scp protocol if you still need it for backward compatibility reason.
[+] dhsysusbsjsi|3 years ago|reply
As an scp user, this article was not a great advertisement for sftp. It listed a whole host of problems that don't apply to me, then finished with:

"[sftp] disadvantage is a much less friendly user experience, especially in cases where one simply wants to type a command and see files move."

I just want to copy a file. I'll keep using scp.

[+] LanternLight83|3 years ago|reply
IIRC, wasn't scp going to be rewritten in terms of SFTP behind the scenes?
[+] thefilmore|3 years ago|reply
The scp command uses the SFTP protocol since OpenSSH 9.
[+] marcobehler|3 years ago|reply
Didn't know that! Thank you, will update the post.
[+] kaliszad|3 years ago|reply
I like how this guide also takes Windows into account, it has some unique challenges.

I have written some notes especially on SSHFS (also for Windows!) and tunnels with SSH (e.g. SOCKS proxy) as an OrgPage: https://www.orgpad.com/s/wRIx3rNLZ6y These tricks saved my bacon so many times already. Most of it can be used with the FUDO PAM jump host appliance (https://fudosecurity.com/fudo-pam/) that is based on FreeBSD and one of the developers spoke about it and other things on https://www.bsdnow.tv/ I think. Some of it works with OpenWRT's Dropbear nicely as well.

[+] qwertox|3 years ago|reply
I also find `ssh-copy-id` useful.
[+] Daviey|3 years ago|reply
I like the idea for multiple Github accounts, but I have concerns over the suggestion:

``` Host github-work.com .. Host github-personal.com ```

Getting in the habit of using a fake FQDN (which right now aren't registered) feels pretty risky.

[+] cameronperot|3 years ago|reply
This is a nifty trick, but I recently had an issue where it would offer my other keys even with IdentitiesOnly yes specified in ~/.ssh/config. I found a solution [1], but it's not the most elegant.

[1] https://superuser.com/a/859719

[+] dandanua|3 years ago|reply
The most annoying "feature" of ssh for me is the discrepancy between public keys presentations. How I suppose to verify fingerprint of a new server if it uses a different presentation in the keys file?
[+] LeoPanthera|3 years ago|reply
> ssh-keygen -t rsa -b 4096 -C "[email protected]"

Is there any evidence that 2048 bit RSA keys are insufficient?

4096 bit keys are absolutely huge. I don't know if working with them is also slower, but I would guess so.