Performing daily tasks of the system administrator is considered safe when working through the SSH session. This article will discuss modern tools for conducting MITM attacks on the SSH protocol and how to protect against them.
This article describes the advanced OpenSSH features, which can greatly simplify the lives of system administrators and programmers who would like to use Secure SHell. Unlike most manuals, which explain only keys and L/D/R options, I tried to gather all the interesting features, which SSH has to offer.
Warning: The article is very long, but I have decided not to cut it into the pieces.
Table of contents:
- Key management
- Copying files over SSH
- Stream forwarding of I/O
- Mounting a remote FS using SSH
- Remote code execution
- Aliases and options for connections to .ssh / config
- Default options
- X-server forwarding
- SSH as a socks-proxy
- Port forwarding - direct and reverse
- Reverse socks-proxy
- Tunneling L2/L3 traffic
- Authorization agent forwarding
- SSH through SSH tunnel
- Untrusted server
The web developer needs a console, but not that much that he/she should drop everything and start reading thick books about Linux. That's why I have learned occasionally some console tricks, and many of my coworkers do the same. I will reveal a few useful secrets without which I cannot live anymore.
1) Use ssh keys!
I discovered the keys a long time, but regularly there are people who never heard about them. SSH keys allow adapting the connection once, and then passwords do not have to be stored to all sites in a notepad.
$ ssh-keygen -t dsa