SSH

SSH-Keygen

4096 RSA, no PW, inline comment, default location:

ssh-keygen -t rsa -b 4096 -N '' -C "$USER@$HOSTNAME"

Create passwordless throw-away key:

ssh-keygen -t rsa -b 4096 -N '' -C '' -f /path/to/key

This creates two files: /path/to/key and /path/to/key.pub.

authorized_keys

umask 077
mkdir -p ~/.ssh
cat >> ~/.ssh/authorized_keys
<paste stuff here, exit with C-d>

Tunneling

I want to use daemon at localhost on port 8080 which is running on serv on port 80:

ssh -NfL 8080:localhost:80 serv
echo $!  # the PID

Daemon running on foo on port 1234. Reachable via gate. Mission: Tunnel foo:1234 to localhost:5678:

ssh -NfL 5678:foo:1234 gate
echo $!  # the PID

SOCKS5-Proxy

Listens on localhost:1080 and proxies via s3:

ssh -ND 1080 s3

Test:

curl -I --socks5 localhost:1080 felixhummel.de

Config

# keep connections alive
ServerAliveInterval 60
# re-use connections to the same host
ControlMaster auto
ControlPath /tmp/%r@%h:%p
# use ``ssh -o ControlPath=none`` to disable this temporarily

# example entry
Host enterprise
  Hostname 10.1.1.1
  User picard
  Port 1701
  IdentityFile ~/.ssh/picards_id

# use `enterprise` as proxy and the local IdentityFile (shuttle.lan is reachable from enterprise)
# Warning: Use with care (see ForwardAgent in `man ssh_config`)
Host shuttle
  Hostname shuttle.lan
  ForwardAgent yes
  ProxyCommand ssh -qW %h:%p enterprise