ssh
DESCRIPTION
Slides from a presentation I gave on SSH. Covers basics of ssh, password|keys|host-based authentication, agent/key forwarding, configuration files (global and user-specific), local/remote port forwarding, scp, rsync, and briefly mentions git's support.TRANSCRIPT
![Page 1: SSH](https://reader038.vdocuments.mx/reader038/viewer/2022102823/54840c69b4af9fbc6d8b48f3/html5/thumbnails/1.jpg)
SSH
Friday, September 2, 11
![Page 2: SSH](https://reader038.vdocuments.mx/reader038/viewer/2022102823/54840c69b4af9fbc6d8b48f3/html5/thumbnails/2.jpg)
An Overview
Friday, September 2, 11
![Page 3: SSH](https://reader038.vdocuments.mx/reader038/viewer/2022102823/54840c69b4af9fbc6d8b48f3/html5/thumbnails/3.jpg)
SSH was created in 1995 by Finland University Researcher
Was initially open source, went closed source in 1999
OpenSSH was created in 1999 as a fork of the last open source SSH code
Friday, September 2, 11
![Page 4: SSH](https://reader038.vdocuments.mx/reader038/viewer/2022102823/54840c69b4af9fbc6d8b48f3/html5/thumbnails/4.jpg)
SSH handles the set up and generation of an encrypted TCP connection
What SSH Does
Friday, September 2, 11
![Page 5: SSH](https://reader038.vdocuments.mx/reader038/viewer/2022102823/54840c69b4af9fbc6d8b48f3/html5/thumbnails/5.jpg)
SSH can handle secure remote logins (ssh)
SSH can handle secure file copy (scp)
SSH can even drive secure FTP (sftp)
...which means....
Friday, September 2, 11
![Page 6: SSH](https://reader038.vdocuments.mx/reader038/viewer/2022102823/54840c69b4af9fbc6d8b48f3/html5/thumbnails/6.jpg)
ssh is the client
sshd is the server
if sshd is not running you will not be able to connect to it with ssh
Core SSH programs
Friday, September 2, 11
![Page 7: SSH](https://reader038.vdocuments.mx/reader038/viewer/2022102823/54840c69b4af9fbc6d8b48f3/html5/thumbnails/7.jpg)
Password
Public/private keypair
Host-based authentication
SSH Authentication Methods
Friday, September 2, 11
![Page 8: SSH](https://reader038.vdocuments.mx/reader038/viewer/2022102823/54840c69b4af9fbc6d8b48f3/html5/thumbnails/8.jpg)
Password Authentication
Friday, September 2, 11
![Page 9: SSH](https://reader038.vdocuments.mx/reader038/viewer/2022102823/54840c69b4af9fbc6d8b48f3/html5/thumbnails/9.jpg)
Example Without SSH Keys
your-box box-1
ssh sshd
Friday, September 2, 11
![Page 10: SSH](https://reader038.vdocuments.mx/reader038/viewer/2022102823/54840c69b4af9fbc6d8b48f3/html5/thumbnails/10.jpg)
Prompts for Password
your-box box-1
ssh sshd
your-box> ssh box-1password:
box-1>
Friday, September 2, 11
![Page 11: SSH](https://reader038.vdocuments.mx/reader038/viewer/2022102823/54840c69b4af9fbc6d8b48f3/html5/thumbnails/11.jpg)
Keypair Authentication
Friday, September 2, 11
![Page 12: SSH](https://reader038.vdocuments.mx/reader038/viewer/2022102823/54840c69b4af9fbc6d8b48f3/html5/thumbnails/12.jpg)
Example With SSH Keys
your-box box-1
ssh sshd
Friday, September 2, 11
![Page 13: SSH](https://reader038.vdocuments.mx/reader038/viewer/2022102823/54840c69b4af9fbc6d8b48f3/html5/thumbnails/13.jpg)
Step 1: Generate Keys
your-box> ssh-keygen
Friday, September 2, 11
![Page 14: SSH](https://reader038.vdocuments.mx/reader038/viewer/2022102823/54840c69b4af9fbc6d8b48f3/html5/thumbnails/14.jpg)
Public / Private Keypair
your-box
~/.ssh/id_rsa~/.ssh/id_rsa.pub
Friday, September 2, 11
![Page 15: SSH](https://reader038.vdocuments.mx/reader038/viewer/2022102823/54840c69b4af9fbc6d8b48f3/html5/thumbnails/15.jpg)
Private Key: id_rsa
your-box
~/.ssh/id_rsa~/.ssh/id_rsa.pub
Private keys should be kept secret,do not share them with anyone
Friday, September 2, 11
![Page 16: SSH](https://reader038.vdocuments.mx/reader038/viewer/2022102823/54840c69b4af9fbc6d8b48f3/html5/thumbnails/16.jpg)
Public Key: id_rsa.pub
your-box
~/.ssh/id_rsa~/.ssh/id_rsa.pub
Public keys are meant to be shared.
Friday, September 2, 11
![Page 17: SSH](https://reader038.vdocuments.mx/reader038/viewer/2022102823/54840c69b4af9fbc6d8b48f3/html5/thumbnails/17.jpg)
Copy Public Key to box-1
your-box box-1
~/.ssh/id_rsa~/.ssh/id_rsa.pub ~/.ssh/authorized_keys
Friday, September 2, 11
![Page 18: SSH](https://reader038.vdocuments.mx/reader038/viewer/2022102823/54840c69b4af9fbc6d8b48f3/html5/thumbnails/18.jpg)
~/.ssh/authorized_keys
houses all public keys for people who can authenticate as a user on a machine
when copying public keys, append to the file, do not overwrite the file
Friday, September 2, 11
![Page 19: SSH](https://reader038.vdocuments.mx/reader038/viewer/2022102823/54840c69b4af9fbc6d8b48f3/html5/thumbnails/19.jpg)
No password required!
your-box box-1
ssh sshd
your-box> ssh box-1
box-1>
Friday, September 2, 11
![Page 20: SSH](https://reader038.vdocuments.mx/reader038/viewer/2022102823/54840c69b4af9fbc6d8b48f3/html5/thumbnails/20.jpg)
Host-based Authentication
Friday, September 2, 11
![Page 21: SSH](https://reader038.vdocuments.mx/reader038/viewer/2022102823/54840c69b4af9fbc6d8b48f3/html5/thumbnails/21.jpg)
Host-based Authentication
Doesn’t require user credentials (password or key)
Provides trust based on hostname and userid
Userid on both system has to be the same
Disabled by default -- not that useful
Friday, September 2, 11
![Page 22: SSH](https://reader038.vdocuments.mx/reader038/viewer/2022102823/54840c69b4af9fbc6d8b48f3/html5/thumbnails/22.jpg)
SSH Basics
Friday, September 2, 11
![Page 23: SSH](https://reader038.vdocuments.mx/reader038/viewer/2022102823/54840c69b4af9fbc6d8b48f3/html5/thumbnails/23.jpg)
Configuration Files
Friday, September 2, 11
![Page 24: SSH](https://reader038.vdocuments.mx/reader038/viewer/2022102823/54840c69b4af9fbc6d8b48f3/html5/thumbnails/24.jpg)
sshd config: /etc/sshd_config
Server Configuration Files
Based on installation method system config locations may vary. ie: macports installs in /opt/local/etc/ssh/
This is automatically by sshd when started.
Friday, September 2, 11
![Page 25: SSH](https://reader038.vdocuments.mx/reader038/viewer/2022102823/54840c69b4af9fbc6d8b48f3/html5/thumbnails/25.jpg)
system-side ssh config: /etc/ssh_config
user-specific ssh config: ~/.ssh/config
Client Configuration Files
Based on installation method system config locations may vary. ie: macports installs in /opt/local/etc/ssh/
These are automatically by ssh when executed.
Friday, September 2, 11
![Page 26: SSH](https://reader038.vdocuments.mx/reader038/viewer/2022102823/54840c69b4af9fbc6d8b48f3/html5/thumbnails/26.jpg)
You can put custom config files anywhere you want.
ssh -F /foo/bar/custom_ssh.cfg
Custom Client Configuration Filesssh will not read these on its own, use -F option
Friday, September 2, 11
![Page 27: SSH](https://reader038.vdocuments.mx/reader038/viewer/2022102823/54840c69b4af9fbc6d8b48f3/html5/thumbnails/27.jpg)
Secure Logins
Friday, September 2, 11
![Page 29: SSH](https://reader038.vdocuments.mx/reader038/viewer/2022102823/54840c69b4af9fbc6d8b48f3/html5/thumbnails/29.jpg)
ssh example.com
Login Example #2
What’s the difference between example #1 ?
Friday, September 2, 11
![Page 30: SSH](https://reader038.vdocuments.mx/reader038/viewer/2022102823/54840c69b4af9fbc6d8b48f3/html5/thumbnails/30.jpg)
ssh -p 45000 example.com
Login Example #3
What’s the default SSH port anyway?
Logging in on a non-default port.
Friday, September 2, 11
![Page 31: SSH](https://reader038.vdocuments.mx/reader038/viewer/2022102823/54840c69b4af9fbc6d8b48f3/html5/thumbnails/31.jpg)
ssh example.com <command here>
ssh example.com ls -l
ssh example.com hostname
Login Example #4
Anything with special characters such as quotes, backticks, etc. need to be escaped.
Log in, run a command, and exit.
Friday, September 2, 11
![Page 32: SSH](https://reader038.vdocuments.mx/reader038/viewer/2022102823/54840c69b4af9fbc6d8b48f3/html5/thumbnails/32.jpg)
Agent / Key Forwarding
Without them, With Them
Friday, September 2, 11
![Page 33: SSH](https://reader038.vdocuments.mx/reader038/viewer/2022102823/54840c69b4af9fbc6d8b48f3/html5/thumbnails/33.jpg)
Example Without SSH Keys
your-box
box-1
box-2
Friday, September 2, 11
![Page 34: SSH](https://reader038.vdocuments.mx/reader038/viewer/2022102823/54840c69b4af9fbc6d8b48f3/html5/thumbnails/34.jpg)
your-box> ssh box-1
your-box
box-1
box-2
your-box> ssh box-1password:
Password required
Friday, September 2, 11
![Page 35: SSH](https://reader038.vdocuments.mx/reader038/viewer/2022102823/54840c69b4af9fbc6d8b48f3/html5/thumbnails/35.jpg)
your-box> ssh box-2
your-box
box-1
box-2
your-box> ssh box-2password:
Password required
Friday, September 2, 11
![Page 36: SSH](https://reader038.vdocuments.mx/reader038/viewer/2022102823/54840c69b4af9fbc6d8b48f3/html5/thumbnails/36.jpg)
your-box to box-1 to box-2
your-box
box-1
box-2
your-box> ssh box-1password:
box-1> ssh box-2password:
Passwords required each step of the way!
Friday, September 2, 11
![Page 37: SSH](https://reader038.vdocuments.mx/reader038/viewer/2022102823/54840c69b4af9fbc6d8b48f3/html5/thumbnails/37.jpg)
Updated Example with SSH Keys
your-box
box-1
box-2id_rsa.pubid_rsa
authorized_keys
authorized_keys
your-box> ssh-keygen
copy public key to ~/.ssh/authorized_keys on each remote host
Friday, September 2, 11
![Page 38: SSH](https://reader038.vdocuments.mx/reader038/viewer/2022102823/54840c69b4af9fbc6d8b48f3/html5/thumbnails/38.jpg)
your-box> ssh box-1
your-box
box-1
box-2
your-box> ssh box-1box-1> success
Friday, September 2, 11
![Page 39: SSH](https://reader038.vdocuments.mx/reader038/viewer/2022102823/54840c69b4af9fbc6d8b48f3/html5/thumbnails/39.jpg)
your-box> ssh box-2
your-box
box-1
box-2
your-box> ssh box-2box-2> success
Friday, September 2, 11
![Page 40: SSH](https://reader038.vdocuments.mx/reader038/viewer/2022102823/54840c69b4af9fbc6d8b48f3/html5/thumbnails/40.jpg)
your-box
box-1
box-2id_rsa.pubid_rsa
authorized_keys
authorized_keys
your-box> ssh box-1box-1>success
box-1> ssh box-2password:
Password required at the second step!
your-box to box-1 to box-2
Friday, September 2, 11
![Page 41: SSH](https://reader038.vdocuments.mx/reader038/viewer/2022102823/54840c69b4af9fbc6d8b48f3/html5/thumbnails/41.jpg)
Enter Agent/Key Forwarding
Friday, September 2, 11
![Page 42: SSH](https://reader038.vdocuments.mx/reader038/viewer/2022102823/54840c69b4af9fbc6d8b48f3/html5/thumbnails/42.jpg)
your-box
box-1
box-2id_rsa.pubid_rsa
authorized_keys
authorized_keys
your-box> ssh -A box-1box-1>success
box-1> ssh -A box-2box-2>success
your-box to box-1 to box-2
Friday, September 2, 11
![Page 43: SSH](https://reader038.vdocuments.mx/reader038/viewer/2022102823/54840c69b4af9fbc6d8b48f3/html5/thumbnails/43.jpg)
your-box
box-1
box-2
Your SSH Key Gets Forwarded
id_rsa.pubid_rsa
Friday, September 2, 11
![Page 44: SSH](https://reader038.vdocuments.mx/reader038/viewer/2022102823/54840c69b4af9fbc6d8b48f3/html5/thumbnails/44.jpg)
Command Line Agent Forwarding
ssh -A example.com
Use -a to explicitly turn off forwarding for a ssh session.
Friday, September 2, 11
![Page 45: SSH](https://reader038.vdocuments.mx/reader038/viewer/2022102823/54840c69b4af9fbc6d8b48f3/html5/thumbnails/45.jpg)
Host Configured
Host inspire.stagingForwardAgent yes
Per-User ~/.ssh/config System-wide /etc/ssh_config
Friday, September 2, 11
![Page 46: SSH](https://reader038.vdocuments.mx/reader038/viewer/2022102823/54840c69b4af9fbc6d8b48f3/html5/thumbnails/46.jpg)
Capistrano Configured (Ruby)
ssh_options[:forward_agent] = true
Capistrano’s deploy.rbProvided by net/ssh library.
Friday, September 2, 11
![Page 47: SSH](https://reader038.vdocuments.mx/reader038/viewer/2022102823/54840c69b4af9fbc6d8b48f3/html5/thumbnails/47.jpg)
SSH Server has final say!
AllowAgentForwarding no
System-wide /etc/sshd_configDefaults to “yes” -- so pretty much ignore.
Friday, September 2, 11
![Page 48: SSH](https://reader038.vdocuments.mx/reader038/viewer/2022102823/54840c69b4af9fbc6d8b48f3/html5/thumbnails/48.jpg)
When/Why #1 - Everyday Usage
When SSH’ing from box to box to box. (ie: multiple servers)
Greatly reduces the need to copy over public/private key files
It (usually) just works!
Friday, September 2, 11
![Page 49: SSH](https://reader038.vdocuments.mx/reader038/viewer/2022102823/54840c69b4af9fbc6d8b48f3/html5/thumbnails/49.jpg)
When/Why #2 - Deploys
No need to manage additional SSH key pairs for machines that you want to deploy to
If you have access to it and you do the deploying, the remote machine will just SSH in as you!
It (usually) just works!
Friday, September 2, 11
![Page 50: SSH](https://reader038.vdocuments.mx/reader038/viewer/2022102823/54840c69b4af9fbc6d8b48f3/html5/thumbnails/50.jpg)
...remember...
You still need to copy public key file contents to ~/.ssh/authorized_keys
Agent forwarding doesn’t work for automated workflows where a user is taken out of the equation, ie: our automated deploy from TeamCity for Inspire
Friday, September 2, 11
![Page 51: SSH](https://reader038.vdocuments.mx/reader038/viewer/2022102823/54840c69b4af9fbc6d8b48f3/html5/thumbnails/51.jpg)
Port Forwarding
Local, Remote, Magic
Friday, September 2, 11
![Page 52: SSH](https://reader038.vdocuments.mx/reader038/viewer/2022102823/54840c69b4af9fbc6d8b48f3/html5/thumbnails/52.jpg)
Local Port Forwarding
Friday, September 2, 11
![Page 53: SSH](https://reader038.vdocuments.mx/reader038/viewer/2022102823/54840c69b4af9fbc6d8b48f3/html5/thumbnails/53.jpg)
your-box box-1 box-2
Local Port Forwarding Example
Private Network
wwwsshd
Friday, September 2, 11
![Page 54: SSH](https://reader038.vdocuments.mx/reader038/viewer/2022102823/54840c69b4af9fbc6d8b48f3/html5/thumbnails/54.jpg)
your-box box-1 box-2
your-box to www on box-2
Private Network
public IPlocal IP
local IP
wwwsshd
Friday, September 2, 11
![Page 55: SSH](https://reader038.vdocuments.mx/reader038/viewer/2022102823/54840c69b4af9fbc6d8b48f3/html5/thumbnails/55.jpg)
your-box box-1 box-2
Can’t access box-2 directly
Private Network
public IPlocal IP
local IPX wwwsshd
Friday, September 2, 11
![Page 56: SSH](https://reader038.vdocuments.mx/reader038/viewer/2022102823/54840c69b4af9fbc6d8b48f3/html5/thumbnails/56.jpg)
your-box box-1 box-2
With Local Port Forwarding
public IPlocal IP
local IP
your-box> ssh -L 8000:box-2:80 box-1box-1>success
wwwsshd
Friday, September 2, 11
![Page 57: SSH](https://reader038.vdocuments.mx/reader038/viewer/2022102823/54840c69b4af9fbc6d8b48f3/html5/thumbnails/57.jpg)
your-box box-1 box-2
A Tunnel is Made!
public IPlocal IP
local IP
wwwsshd
your-box> ssh -L 8000:box-2:80 box-1box-1>success
Friday, September 2, 11
![Page 58: SSH](https://reader038.vdocuments.mx/reader038/viewer/2022102823/54840c69b4af9fbc6d8b48f3/html5/thumbnails/58.jpg)
your-box box-1 box-2
box-2 doesn’t have to run sshd
public IPlocal IP
local IP
wwwsshd
Friday, September 2, 11
![Page 59: SSH](https://reader038.vdocuments.mx/reader038/viewer/2022102823/54840c69b4af9fbc6d8b48f3/html5/thumbnails/59.jpg)
Command Line Local Port Forwarding
ssh -L localport:host:hostport example.com
localport is the port on your machine,host is the remote box to tunnel to,
hostport is the port on the remote box to tunnel to
Friday, September 2, 11
![Page 60: SSH](https://reader038.vdocuments.mx/reader038/viewer/2022102823/54840c69b4af9fbc6d8b48f3/html5/thumbnails/60.jpg)
your-box box-1 box-2
Sharing Your Tunnel
public IPlocal IP
local IP
wwwsshd
your-box> ssh -L 8000:box-2:80 -g box-1box-1>success
bobs-box
Friday, September 2, 11
![Page 61: SSH](https://reader038.vdocuments.mx/reader038/viewer/2022102823/54840c69b4af9fbc6d8b48f3/html5/thumbnails/61.jpg)
Command Line Local Port Forwarding
ssh -L localport:host:hostport -g example.com
-g allows others to connect to your forwarded port
Friday, September 2, 11
![Page 62: SSH](https://reader038.vdocuments.mx/reader038/viewer/2022102823/54840c69b4af9fbc6d8b48f3/html5/thumbnails/62.jpg)
Host Configured
Host inspire.stagingLocalForward 8000:box-2:80
Per-User ~/.ssh/config System-wide /etc/ssh_config
Friday, September 2, 11
![Page 63: SSH](https://reader038.vdocuments.mx/reader038/viewer/2022102823/54840c69b4af9fbc6d8b48f3/html5/thumbnails/63.jpg)
SSH Server has final say!
AllowTcpForwarding no
System-wide /etc/sshd_configDefaults to “yes” -- so pretty much ignore.
Friday, September 2, 11
![Page 64: SSH](https://reader038.vdocuments.mx/reader038/viewer/2022102823/54840c69b4af9fbc6d8b48f3/html5/thumbnails/64.jpg)
When/Why
Access normally unreachable resources on an internal network from anywhere on the internet
Friday, September 2, 11
![Page 65: SSH](https://reader038.vdocuments.mx/reader038/viewer/2022102823/54840c69b4af9fbc6d8b48f3/html5/thumbnails/65.jpg)
Remote Port Forwarding
Friday, September 2, 11
![Page 66: SSH](https://reader038.vdocuments.mx/reader038/viewer/2022102823/54840c69b4af9fbc6d8b48f3/html5/thumbnails/66.jpg)
your-box box-1 box-2
Remote Port Forwarding Example
Private Network
sshd
Friday, September 2, 11
![Page 67: SSH](https://reader038.vdocuments.mx/reader038/viewer/2022102823/54840c69b4af9fbc6d8b48f3/html5/thumbnails/67.jpg)
your-box box-1 box-2
box-2 to your-box
Private Network
sshd
public IPlocal IP
local IP
Friday, September 2, 11
![Page 68: SSH](https://reader038.vdocuments.mx/reader038/viewer/2022102823/54840c69b4af9fbc6d8b48f3/html5/thumbnails/68.jpg)
your-box box-1 box-2
box-2 can’t talk to your-box
Private Network
sshd
public IPlocal IP
local IP
X
Friday, September 2, 11
![Page 69: SSH](https://reader038.vdocuments.mx/reader038/viewer/2022102823/54840c69b4af9fbc6d8b48f3/html5/thumbnails/69.jpg)
With Remote Port Forwarding
your-box box-1 box-2sshd
public IPlocal IP
local IP
your-box> ssh -R 8000:localhost:80 box-1box-1>
success
Friday, September 2, 11
![Page 70: SSH](https://reader038.vdocuments.mx/reader038/viewer/2022102823/54840c69b4af9fbc6d8b48f3/html5/thumbnails/70.jpg)
A Reverse Tunnel Is Made!
your-box box-1 box-2sshd
public IPlocal IP
local IP
800080http://box-1:8000
your-box> ssh -R 8000:localhost:80 box-1box-1>
success
Friday, September 2, 11
![Page 71: SSH](https://reader038.vdocuments.mx/reader038/viewer/2022102823/54840c69b4af9fbc6d8b48f3/html5/thumbnails/71.jpg)
Command Line Remote Port Forwarding
ssh -R remoteport:host:hostport example.com
remoteport is the port on the machine you ssh into,host is the local box to tunnel to,
hostport is the port on the local box to tunnel to
Friday, September 2, 11
![Page 72: SSH](https://reader038.vdocuments.mx/reader038/viewer/2022102823/54840c69b4af9fbc6d8b48f3/html5/thumbnails/72.jpg)
-g is not supported for remote forwarding
Friday, September 2, 11
![Page 73: SSH](https://reader038.vdocuments.mx/reader038/viewer/2022102823/54840c69b4af9fbc6d8b48f3/html5/thumbnails/73.jpg)
Host Configured
Host inspire.stagingRemoteForward 8000:localhost:80
Per-User ~/.ssh/config System-wide /etc/ssh_config
Friday, September 2, 11
![Page 74: SSH](https://reader038.vdocuments.mx/reader038/viewer/2022102823/54840c69b4af9fbc6d8b48f3/html5/thumbnails/74.jpg)
SSH Server has final say!
AllowTcpForwarding no
System-wide /etc/sshd_configDefaults to “yes” -- so pretty much ignore.
Friday, September 2, 11
![Page 75: SSH](https://reader038.vdocuments.mx/reader038/viewer/2022102823/54840c69b4af9fbc6d8b48f3/html5/thumbnails/75.jpg)
When/Why
Allow outside resources to connect to your box, or another machine on a private network
Example: testing web callbacks
Friday, September 2, 11
![Page 76: SSH](https://reader038.vdocuments.mx/reader038/viewer/2022102823/54840c69b4af9fbc6d8b48f3/html5/thumbnails/76.jpg)
~/.ssh/config
User-specified SSH configuration
Friday, September 2, 11
![Page 77: SSH](https://reader038.vdocuments.mx/reader038/viewer/2022102823/54840c69b4af9fbc6d8b48f3/html5/thumbnails/77.jpg)
Host Configuration
your-box> ssh example.com
Host inspireHostName staging.inspirehq.comUser inspire
Host inspire.productionHostName inspirehq.comUser inspire
Host is the section identifier
Any time Host shows up a new section is started
Host is whatever you want to refer to the connection as
~/.ssh/config
Friday, September 2, 11
![Page 78: SSH](https://reader038.vdocuments.mx/reader038/viewer/2022102823/54840c69b4af9fbc6d8b48f3/html5/thumbnails/78.jpg)
HostName Configuration
your-box> ssh example.com
HostName is the real host name to log into
Can be IP address or domain name
Host inspireHostName staging.inspirehq.comUser inspire
Host inspire.productionHostName inspirehq.comUser inspire ~/.ssh/config
Friday, September 2, 11
![Page 79: SSH](https://reader038.vdocuments.mx/reader038/viewer/2022102823/54840c69b4af9fbc6d8b48f3/html5/thumbnails/79.jpg)
User Configuration
your-box> ssh example.com
User is the user to log in as
Can be overridden on the command line
Host inspireHostName staging.inspirehq.comUser inspire
Host inspire.productionHostName inspirehq.comUser foobar ~/.ssh/config
Friday, September 2, 11
![Page 80: SSH](https://reader038.vdocuments.mx/reader038/viewer/2022102823/54840c69b4af9fbc6d8b48f3/html5/thumbnails/80.jpg)
Port Configuration
your-box> ssh example.com
Port defines what port for SSH connect on
Can be overridden on the command line
Host inspireHostName staging.inspirehq.comUser inspirePort 45000
~/.ssh/config
Friday, September 2, 11
![Page 81: SSH](https://reader038.vdocuments.mx/reader038/viewer/2022102823/54840c69b4af9fbc6d8b48f3/html5/thumbnails/81.jpg)
Local/Remote Port Forwarding
your-box> ssh example.com
LocalForward
RemoteForward
Host inspireHostName staging.inspirehq.comUser inspireLocalForward 8080:example.com:80RemoteForward 8080:example.com:80
~/.ssh/config
Friday, September 2, 11
![Page 82: SSH](https://reader038.vdocuments.mx/reader038/viewer/2022102823/54840c69b4af9fbc6d8b48f3/html5/thumbnails/82.jpg)
GatewayPorts
your-box> ssh example.com
GatewayPorts specifies whether or not remote hosts can connect to local forwarded ports
Works in conjunction with LocalPortForward
Defaults to no
Host inspireHostName staging.inspirehq.comUser inspireLocalForward 8080:example.com:80GatewayPorts yes
~/.ssh/config
Friday, September 2, 11
![Page 83: SSH](https://reader038.vdocuments.mx/reader038/viewer/2022102823/54840c69b4af9fbc6d8b48f3/html5/thumbnails/83.jpg)
ServerAliveInterval
your-box> ssh example.com
ServerAliveInterval sets a time interval in seconds after which if no data has been received from the server ssh will send a message to the server
Defaults to 0, meaning this will never be sent
This can be used to keep SSH connections alive
Host inspireHostName staging.inspirehq.comUser inspireLocalForward 8080:example.com:80GatewayPorts yesServerAliveInterval 5
~/.ssh/config
Friday, September 2, 11
![Page 84: SSH](https://reader038.vdocuments.mx/reader038/viewer/2022102823/54840c69b4af9fbc6d8b48f3/html5/thumbnails/84.jpg)
> ssh inspire
Friday, September 2, 11
![Page 85: SSH](https://reader038.vdocuments.mx/reader038/viewer/2022102823/54840c69b4af9fbc6d8b48f3/html5/thumbnails/85.jpg)
man ssh_config
Friday, September 2, 11
![Page 86: SSH](https://reader038.vdocuments.mx/reader038/viewer/2022102823/54840c69b4af9fbc6d8b48f3/html5/thumbnails/86.jpg)
Overuse ~/.ssh/config
SSHing into an IP more than once?
SSHing into crazy domains? (ie: Amazon)
Looking up IP or hostname routinely?
save it in ~/.ssh/config
Friday, September 2, 11
![Page 87: SSH](https://reader038.vdocuments.mx/reader038/viewer/2022102823/54840c69b4af9fbc6d8b48f3/html5/thumbnails/87.jpg)
...skipping server configuration...
Friday, September 2, 11
![Page 88: SSH](https://reader038.vdocuments.mx/reader038/viewer/2022102823/54840c69b4af9fbc6d8b48f3/html5/thumbnails/88.jpg)
SSH and Other apps
Friday, September 2, 11
![Page 89: SSH](https://reader038.vdocuments.mx/reader038/viewer/2022102823/54840c69b4af9fbc6d8b48f3/html5/thumbnails/89.jpg)
scp: secure file copy
Friday, September 2, 11
![Page 90: SSH](https://reader038.vdocuments.mx/reader038/viewer/2022102823/54840c69b4af9fbc6d8b48f3/html5/thumbnails/90.jpg)
copy single file
scp file1 example.com:
Friday, September 2, 11
![Page 91: SSH](https://reader038.vdocuments.mx/reader038/viewer/2022102823/54840c69b4af9fbc6d8b48f3/html5/thumbnails/91.jpg)
copy multiple files
scp file1 file2 example.com:
Friday, September 2, 11
![Page 92: SSH](https://reader038.vdocuments.mx/reader038/viewer/2022102823/54840c69b4af9fbc6d8b48f3/html5/thumbnails/92.jpg)
copy to other locations
scp file1example.com:foo/bar
scp file1example.com:/foo/bar
Friday, September 2, 11
![Page 93: SSH](https://reader038.vdocuments.mx/reader038/viewer/2022102823/54840c69b4af9fbc6d8b48f3/html5/thumbnails/93.jpg)
scp doesn’t copy directories
scp dir/ example.com:foo/bar
dir/: not a regular file
Friday, September 2, 11
![Page 94: SSH](https://reader038.vdocuments.mx/reader038/viewer/2022102823/54840c69b4af9fbc6d8b48f3/html5/thumbnails/94.jpg)
rsync: remote file copying
Friday, September 2, 11
![Page 95: SSH](https://reader038.vdocuments.mx/reader038/viewer/2022102823/54840c69b4af9fbc6d8b48f3/html5/thumbnails/95.jpg)
copy single file
rsync -avz file1 example.com:
Friday, September 2, 11
![Page 96: SSH](https://reader038.vdocuments.mx/reader038/viewer/2022102823/54840c69b4af9fbc6d8b48f3/html5/thumbnails/96.jpg)
copy directory
rsync -avz dir/ example.com:
Friday, September 2, 11
![Page 97: SSH](https://reader038.vdocuments.mx/reader038/viewer/2022102823/54840c69b4af9fbc6d8b48f3/html5/thumbnails/97.jpg)
incremental file transfers (only transfers what’s different)
include/exclude files and directories
include/exclude file name patterns
can copy files from a remote box to a local box
can copy files from a local box to a remote box
rsync does so much more
Friday, September 2, 11
![Page 98: SSH](https://reader038.vdocuments.mx/reader038/viewer/2022102823/54840c69b4af9fbc6d8b48f3/html5/thumbnails/98.jpg)
git
Friday, September 2, 11
![Page 99: SSH](https://reader038.vdocuments.mx/reader038/viewer/2022102823/54840c69b4af9fbc6d8b48f3/html5/thumbnails/99.jpg)
Can run over SSH
Supports SSH client configuration files
Can set to specific SSH binary using GIT_SSH environment variable
git/ssh info
Friday, September 2, 11
![Page 100: SSH](https://reader038.vdocuments.mx/reader038/viewer/2022102823/54840c69b4af9fbc6d8b48f3/html5/thumbnails/100.jpg)
The End
Friday, September 2, 11