The document discusses various SSH tricks and configurations, including setting up port forwarding tunnels for a "poor man's VPN", configuring SSH keys and host fingerprints, and using the ~/.ssh/config file to define SSH connection settings and aliases. It also covers enabling SSH autocompletion and disabling host key checking for automated deployments.
6. Enter ~/.ssh/config
$ cat /home/lotr/.ssh/config
Host moria.middle.earth
User gandalf
Port 1234
Host mordor.middle.earth
User gollum
IdentityFile ~/.ssh/smeagol.rsa
Port 666
Host *.middle.earth
User hobbits
KexAlgorithms diffie-hellman-group1-sha1
7. Enter ~/.ssh/config
$ cat /home/lotr/.ssh/config
Host moria.middle.earth
User gandalf
Port 1234
Host mordor.middle.earth
User gollum
IdentityFile ~/.ssh/smeagol.rsa
Port 666
Host *.middle.earth
User hobbits
KexAlgorithms diffie-hellman-group1-sha1
You can put almost any ssh config option in there, and use wildcard
expansion. It’s respected by scp and ssh and anything using libssh
8. Enter ~/.ssh/config
$ cat /home/lotr/.ssh/config
Host moria.middle.earth
User gandalf
Port 1234
Host mordor.middle.earth
User gollum
IdentityFile ~/.ssh/smeagol.rsa
Port 666
Host *.middle.earth
User hobbits
KexAlgorithms diffie-hellman-group1-sha1
You can put almost any ssh config option in there, and use wildcard
expansion. It’s respected by scp and ssh and anything using libssh
This is just the beginning of what you can do in .ssh/config
17. ssh user@remote_host -L 8000:127.0.0.1:9091 -N -f
user@remote host: . . .
8000: port opened on MY machine
18. ssh user@remote_host -L 8000:127.0.0.1:9091 -N -f
user@remote host: . . .
8000: port opened on MY machine
127.0.0.1:9091: address referred to the REMOTE network
19. ssh user@remote_host -L 8000:127.0.0.1:9091 -N -f
user@remote host: . . .
8000: port opened on MY machine
127.0.0.1:9091: address referred to the REMOTE network
-N: don’t execute anything on remote host
20. ssh user@remote_host -L 8000:127.0.0.1:9091 -N -f
user@remote host: . . .
8000: port opened on MY machine
127.0.0.1:9091: address referred to the REMOTE network
-N: don’t execute anything on remote host
-f: execute in background
21. The other way round
ssh user@remote_host -R 8111:127.0.0.1:80 -N -f
25. >THIS< fingerprint
The authenticity of host ’178.36.62.115 (178.36.62.115)’ can’t b
ECDSA key fingerprint is SHA256:F0B6XIdcukwjjkI+edez42aQt6W73f+O
Are you sure you want to continue connecting (yes/no)
26. >THIS< fingerprint
The authenticity of host ’178.36.62.115 (178.36.62.115)’ can’t b
ECDSA key fingerprint is SHA256:F0B6XIdcukwjjkI+edez42aQt6W73f+O
Are you sure you want to continue connecting (yes/no)
This is a great security feature, protecting against MITM attacks, but
can be a real PITA especially when automatically deploying/copying
something and maybe remote server got reinstalled without preserving
the old keys
29. Solution?
ssh -o UserKnownHostsFile=/dev/null
-o StrictHostKeyChecking=no
somebody@somewhere
This line will disable fingerprint checking (StrictHostKeyChecking=no)
and route to the void content directed to the Known Hosts file
(UserKnownHostsFile=/dev/null)