Unlocking the Full Potential of SSH: Advanced Commands You Should Know
Uncover SSH's hidden superpowers 🚀
Introduction
SSH, or Secure Shell, is a versatile tool that allows you to securely interact with remote systems. Whether you’re a system administrator, developer, or a techie who loves to tinker with servers, you’ve probably used commands like ssh user@host
to log into a remote machine or scp
to transfer files.
But did you know that SSH has a treasure trove of lesser-known features that can make your life a lot easier and your work more efficient?
Below, we’ll dive into some advanced SSH commands and techniques that can prove to be incredibly useful.
Prerequisites
Before you start, you should have:
- A basic understanding of SSH and how to navigate the shell.
- An SSH client installed on your local machine.
- Access to a remote server where you can practice these commands.
Ready? Let’s get started!
1. Persistent SSH Connections with ControlMaster and ControlPath
What’s the Benefit?
Creating a new SSH connection every time can be slow.
Picture this: You’ve just SSH-ed into your server and realize you need to open another terminal tab, which means going through the authentication process all over again. It’s especially cumbersome if you’re using password authentication for each session, and need to open multiple tabs.
Wouldn’t it be convenient to have a sort of “Single Sign-On” experience for your SSH sessions? Imagine being able to open a new terminal tab and simply entering ssh <connection>
to seamlessly access your server without the need for reauthenticating each time.
Well, that’s precisely what the ControlMaster and ControlPath options allow you to do.
How to Use It?
First, establish the “master” connection:
ssh -o ControlMaster=yes -o ControlPath=/tmp/ssh_mux_%h_%p_%r user@host
Now, you can open another terminal and use the established master connection:
ssh -o ControlMaster=no -o ControlPath=/tmp/ssh_mux_%h_%p_%r user@host
Using the -M and -S flags:
Another way is to use -M
and -S
:
Use -M
to start a master connection:
ssh -M -S /tmp/ssh_socket user@host
Use -S
to specify the created socket for subsequent connections – here’s an example of running a quick command over an existing connection:
ssh -S /tmp/ssh_socket user@host ls
Voila! Faster subsequent connections.
Using the SSH Config file to establish a Master Connection
You can also define a master connection via ~/.ssh/config
– for example:
Host my_host
User root
HostName 147.168.81.21
ControlMaster auto
ControlPath ~/.ssh/sessions/%r@%h:%p
In the above:
Host my_host
Defines a host alias named “my_host”.User root
Specifies the username to be used when logging into the remote host.HostName 147.168.81.21
Specifies the actual hostname to connect to.ControlMaster auto
Automatically uses a master connection if one exists but falls back to creating a new connection if it doesn’t. This provides some fault tolerance.ControlPath ~/.ssh/sessions/%r@%h:%p
Sets the path for the control socket, using variables for the remote username (%r), hostname (%h), and port (%p).- Note: You’ll notice here I put the session in a
sessions
folder. You can keep your sessions anywhere you like (such as /tmp), but I find this way to be more organized. - Storing the sessions this way also adds a layer of security, as the
.ssh
directory has restrictive permissions.
- Note: You’ll notice here I put the session in a
Keep in mind, when using a persistent SSH tunnel using ControlMaster and ControlPath, anytime you kill the master ssh connection (the first one you started), you will kill all subsequent connections.
-
Using
tmux
orscreen
can be a workaround to this, but we’ll cover those tools later. -
That said, it’s best to use use ControlMaster only for specific hosts where you frequently make multiple connections.
Additional Options:
ControlPersist
sets a timeout for how long the master connection should stay alive after the last multiplexed session is closed.- If you specify a time, like
ControlPersist 60
, it means the main connection will hang around for an extra amount of time (in this example it would be 60 seconds) after you’ve closed all the other sessions. - If you set
ControlPersist
toyes
, then the main connection stays open indefinitely. You’ll need to manually shut it down, use a special command ( -O ), or wait for an automatic timer to kick in and close it.
- If you specify a time, like
2. Local and Remote Port Forwarding
What’s the Benefit?
Ever wanted to expose a local web server to the Internet or access a database that is only reachable from a specific server? Port forwarding is your friend.
How to Use It?
For local port forwarding:
ssh -L local_port:remote_host:remote_port user@host
For remote port forwarding:
ssh -R remote_port:local_host:local_port user@host
Using the -J flag
You can also use the -J
flag instead, followed by the ‘jump’ server and the destination server:
ssh -J user@jumphost user@destination
3. Dynamic Port Forwarding (SOCKS Proxy)
What’s the Benefit?
Need to browse the web securely? A SOCKS proxy via SSH is a handy solution.
How to Use It?
Set the -D
flag and specify any port not already in use on your local machine, such as in the example below:
ssh -D 8080 user@host
Now, set your browser’s SOCKS proxy to localhost:8080
, and you’re good to go.
4. X11 Forwarding
What’s the Benefit?
If you need to run a graphical application from a remote server and display it on your local machine, X11 forwarding is the tool for the job.
How to Use It?
First make sure X11 Forwarding is enabled in /etc/ssh/sshd_config
on your remote machine by making sure the following line is uncommented:
X11Forwarding yes
Then restart ssh on the remote machine:
service sshd restart
Afterwords, to use X11 forwarding in a session, use the -X
flag when connecting to the remote machine:
ssh -X user@host
To test an app (such as xclock) download the x11-apps
package:
apt -y install x11-apps
Then run xclock
from an X11 enabled session – if you see a clock rendered in a new window, then X11 forwarding is working properly!
5. Use ssh-keyscan to Retrieve Public Keys
What’s the Benefit?
Adding the public key of a host you frequently connect to can save you from potential man-in-the-middle attacks.
How to Use It?
ssh-keyscan host >> ~/.ssh/known_hosts
6. Use SSHFS for Filesystem Mounting
What’s the Benefit?
Mount a remote directory as a local filesystem, making it easier to manipulate files. Comes in handy when working with remote dev or testing environments.
How to Use It?
First you’ll need to install SSHFS:
Run:
sudo apt update && sudo apt install sshfs
The easiest way to install is via MacPorts – if you don’t have MacPorts already, you can install it using this guide.
Once you have MacPorts installed, just run:
sudo port install sshfs
Once SSHFS is installed, you can mount a remote directory by running:
sshfs user@host:/remote/directory /local/directory
Conclusion
SSH is more than just a tool to connect to remote servers; it’s a Swiss Army knife for network communication and file management.
Now that you’re armed with these advanced SSH commands and techniques, go ahead and make your workflow more efficient.
Cheers!