OSNews

Really like RSA-key (aka password-less) login. Makes it much easier to implement automated stuff involving more than one machine.

The author has a nice list of tricks, I even learned a thing or two, like how mc (midnight commander handles fish and ssh protocols). My favorite ftp client lftp handles ftp, fish(sftp), and http protols and makes it easy to get and upload files to remote box.

You can find my list of favorite ssh tips at
uadmin.blogspot.com/2006/02/ssh-tips.html it includes how to access boxes behind a firewall, like they are on your own system. I even includes a script that automates logging into a box behind a firewall, using lftp, another trick it has, is if you need shell access, just shell out with "!", and type ssh 2200, and it will give you a full shell to the remote box, that is behind the firewall, not two steps like it would usually take to get to the box.

Gotta love the power of ssh.

SSH is powerful, useful, and I couldn't live without it. I am constantly moving files between my machines over SSH, I do all the installing and administration usually over SSH, and I have already setup some automatic scripts on both machines to run over SSH when certain conditions are met. More specifically, NFS is faster than SSH, so I like to make the stuff available on PC1 available on PC2 over NFS, so PC2 checks on boot if PC1 is on, and mounts the NFS share. If PC1 is off, it will check on boot if PC2 is on, and mount the NFS share, using SSH and automatic login. Also, when PC1 is going down/rebooted, it checks again if PC2 is on, and unmounts the NFS share on it. This is just *so* useful.

Nautilus rocks when I gotta use SSH to manage files..

Which tricks ?
He is just using ssh just as every sysadmin every day.
All is described in the man page. Why reinvent the wheel ?

If you set up passwordless logins, anyone who gets ahold of your key can login to anywhere you've put as an authorized key -- this is a horrible security hole and should be highly discouraged.

What is FAR better is to use ssh-agent (or the windows equivilant peagant) to keep your passcode so you only have to input once -- this means you functionally have passwordless logins for your session after to type it in once, but you are still not hosed if someone steals your key.

This should be SSH 101, not some "tip" to undermine the security of the system you log into.

There's a new SSH standard for using Kerberos for host and user authentication. It's called gssapi-keyexchange. With it, you don't need to manage ssh-specific host kets and known_hosts files, which can be a real win for very large sites. It's a shame the author didn't mention it.

interesting article...
nothing amazingly new but certainly something that not everyone is familar with...

An oldy that I use alot is the tar pipe over ssh. Eg. :

$ tar cf - /home/myuser | compress -c | ssh user@host " ( uncompress -c | tar xvf - ) "

Surprised not to see it mentioned.

Numerous other apps can use SSH. I use svn for version control over ssh with password-less auth. Rsync is another big one -- excellent for transfering a whole website to the host securely. And, rsync only transfers modified files, which makes the whole process of updating a huge site secure and painless.

svn co svn+ssh://repo/module
svn commit # and svn commits over ssh tunnel

rsync -e ssh src [user@host:]dest

Why the extra pipes with compress? Just add -j (BZip2) or -z (GZip) to the tar command to do the compression/uncompression automatically in one go.

"It's a shame the author didn't mention it."

Maybe he didn't want to write a 5000 word essay on how to configure kerberos.

"When the program asks for the key password, we should just press ENTER - this way, a passwordless key will be created."

This is such bad advice it hurts my brain. Hasn't this guy heard of ssh-agent?

maybe he is using ssh only on his local network where a password isnt needed? maybe???

Using SSHFS in a wireless local network is a lot more secure than NFS or Samba shares. Couple it with ssh-agent and you get hassle-free and very secure file sharing between your computers in the network.

Except for one minor issue I've had: For some reason, SSHFS crashes and sometimes even makes the whole system crash. At least if you're running Ubuntu (tested in Hoary, Breezy and Dapper). I've tried it with several machines and it's always the same thing. When you unmount shares, it says "Segmentation fault" and sometimes the graphics in your X session gets garbled and the whole system crashes. If anyone knows what's wrong, any advice would be much appreciated.

I must share a tip I'm using daily. Commuting to work, I sometimes need to spend half an hour waiting for a train on a public train station. They have a wireless Internet connection you may use if you pay for it. However, by changing the SSH port on my server to e.g. 7722, I can now connect to it using 'ssh -p 7722 my.server.com' and use the Internet connection for free! I know, it may not be perfectly legal, but in my opinion they should blame themselves for not disabling the traffic on the port.

Anyway, if you often spent time on public paid-for wireless spots, go ahead and try it out!

"maybe he is using ssh only on his local network where a password isnt needed? maybe???"

That's no excuse for teaching bad and insecure habits.

"picking your nose is a bad habit....nothing wrong with doing it at home though!"

Noone's actively trying to teach you to pick your nose though.