16 ultimate SSH hacks

Page 3 of 3

SSH tip #6: Give SSH keys informative comments

Another useful way to label keys is with a comment:

$ ssh-keygen -t rsa -C "downtown lan webserver" -f .ssh/web-admin

Then you can read your comment which is appended to the end of the public key.

SSH tip #5: Read public key comments

$ less .ssh/web-admin.pub


[snip] KCLAqwTv8rhp downtown lan webserver

SSH tip #4: Logging in with server-specific keys

Then when you log in, specify which key to use with the


$ ssh -i .ssh/web-admin.pub user@webserver

SSH tip #3: Fast easy known_hosts key management

I love this one because it's a nice time-saver, and it keeps my

files tidy: using
to remove host keys from the
file. When the remote machine gets new SSH keys you'll get a warning, when you try to log in, that the key has changed. Using this is much faster than manually editing the file and counting down to the correct line to delete:

$ ssh-keygen -R remote-hostname

Computers are supposed to make our lives easier, and it's ever so lovely when they do.

SSH tip #2: SSH tunnel for road warriors

When you're at the mercy of hotel and coffee shop Internet, a nice secure SSH tunnel makes your online adventures safer. To make this work you need a server that you control to act as a central node for escaping from hotspot follies. I have a server set up at home to accept remote SSH logins, and then use an SSH tunnel to route traffic through it. This is useful for a lot of different tasks. For example I can use my normal email client to send email, instead of hassling with Web mail or changing SMTP server configuration, and all traffic between my laptop and home server is encrypted. First create the tunnel to your personal server:

carla@hotel:~$ ssh -f carla@homeserver.com -L 9999:homeserver.com:25 -N

This binds port 9999 on your mobile machine to port 25 on your remote server. The remote port must be whatever you've configured your server to listen on. Then configure your mail client to use localhost:9999 as the SMTP server and you're in business. I use Kmail, which lets me configure multiple SMTP server accounts and then choose which one I want to use when I send messages, or simply change the default with a mouse click. You can adapt this for any kind of service that you normally use from your home base, and need access to when you're on the road.

#1 Favorite SSH tip: Evading silly web restrictions

The wise assumption is that any public Internet is untrustworthy, so you can tunnel your Web surfing too. My #1 SSH tip gets you past untrustworthy networks that might have snoopers, and past any barriers to unfettered Web-surfing. Just like in tip #2 you need a server that you control to act as a secure relay; first setup an SSH tunnel to this server:

carla@hotel:~$ ssh -D 9999 -C carla@homeserver.com

Then configure your Web browser to use port 9999 as a SOCKS 5 proxy. Figure 1 shows how this looks in Firefox.

Figure 1: Configuring Firefox to use your SSH tunnel as a SOCKS proxy.

An easy way to test this is on your home or business network. Set up the tunnel to a neighboring PC and surf some external Web sites. When this works go back and change the SOCKS port number to the wrong number. This should prevent your Web browser from connecting to any sites, and you'll know you set up your tunnel correctly.

How do you know which port numbers to use? Port numbers above 1024 do not require root privileges, so use these on your laptop or whatever you're using in your travels. Always check

first to find unassigned ports. The remote port you're binding to must be a port a server is listening on, and there has to be a path through your firewall to get to it.

To learn more try the excellent Pro OpenSSH by Michael Stahnke, and my own Linux Networking Cookbook has more on secure remote administration including SSH, OpenVPN, and remote graphical sessions, and configuring firewalls.

This article, "16 ultimate SSH hacks," was originally published at ITworld. For the latest IT news, analysis and how-tos, follow ITworld on Twitter and Facebook.

Now read:
A crash course in PostgreSQL
8 strange places to find USB ports
The 10 best open source apps you never heard of

| 1 2 3 Page 3
ITWorld DealPost: The best in tech deals and discounts.
Shop Tech Products at Amazon