ssh, the Secure SHell : Practical examples

ssh

Introduction

This post lists examples of ssh comands for every day use. It is updated whenever i discover new features / tips.
Note : Please see “ssh, the Secure SHell : Generalities & Concept” for ssh concepts and general informations!

 

 

 

 

 

 

 

1 Basic ssh usage

1.1 Connect to a remote machine using the same user (on localhost and remote host)

[user@local_machine Testdir] $ ssh remote_machine

 

1.2 Connect to a remote machine using a different user (on localhost and remote host)

In those examples local account is user and remote account is root.

[user@local_machine Testdir] $ ssh root@remote_machine

or

[user@local_machine Testdir] $ ssh remote_machine -l root # this syntax may be useful when you don't know where the "@" key is on your keyboard (yes it happens!)

 

1.3 Add X11 Forwarding to your connection

This allow you to launch applications that requires a X server

[user@local_machine Testdir] $ ssh root@remote_machine -X

 

1.4 Copy a public key to remote machine to activate password less connection

This can be achieve either by using the ssh-copy-id utility or through combined use of cat, pipe and ssh. (see “ssh, the Secure SHell : Generalities & Concept” for infos).
The following examples will allow the connection of user1 as user2 on remote_machine2 without password.

  • Using ssh-copy-id
    ssh-copy-id -i /user1_home/id_rsa.pub user2@remote_machine2
  • Using combined command
    cat /user1_home/.ssh/id_rsa.pub |ssh user2@remote_machine2 'cat >> ~/.ssh/authorized_key'

 

 

2 Advanced ssh usage

 

2.1 Diff / compare files located on remote host(s)

  • first file is local , second is on a remote machine
    diff <(ssh user1@remote_machine1 'cat /path/to/file_1') /path/to/local/file
  • Both files are located on remote machine
    diff <(ssh user1@remote_machine1 'cat /path/to/file_1') <(ssh user2@remote_machine2 'cat /path/to/file_2')

2.2 Using tail -f on remote machine

This can be done using the -t ssh option (force a pseudo tty allocation), this is a really useful option when running screen-based software… As follows.

ssh -t user1@server "tail -f /var/log/messages"

Output example :

user@computer ~$ ssh -t user1@server  "tail -f /var/log/messages"
root@server's password: 
Jan 10 18:41:40 server pulseaudio[2326]: pid.c: Daemon already running.
Jan 10 18:41:41 server dbus-daemon: [system] Rejected send message, 1 matched rules; type="method_call", sender=":1.11" (uid=500 pid=2245 comm="kded4) interface="org.freedesktop.Hal.Device.CPUFreq" member="GetCPUFreqAvailableGovernors" error name="(unset)" requested_reply=0 destination="org.freedesktop.Hal" (uid=0 pid=1620 comm="hald))
Jan 10 18:41:41 server dbus-daemon: [system] Rejected send message, 1 matched rules; type="method_call", sender=":1.11" (uid=500 pid=2245 comm="kded4) interface="org.freedesktop.Hal.Device.CPUFreq" member="GetCPUFreqAvailableGovernors" error name="(unset)" requested_reply=0 destination="org.freedesktop.Hal" (uid=0 pid=1620 comm="hald))
Jan 10 18:41:41 server dbus-daemon: [system] Rejected send message, 1 matched rules; type="method_call", sender=":1.11" (uid=500 pid=2245 comm="kded4) interface="org.freedesktop.Hal.Device.CPUFreq" member="GetCPUFreqAvailableGovernors" error name="(unset)" requested_reply=0 destination="org.freedesktop.Hal" (uid=0 pid=1620 comm="hald))
Jan 11 20:55:32 server kernel: kjournald starting.  Commit interval 5 seconds
Jan 11 20:55:32 server kernel: EXT3-fs (sde1): warning: maximal mount count reached, running e2fsck is recommended
Jan 11 20:55:32 server kernel: EXT3-fs (sde1): using internal journal
Jan 11 20:55:32 server kernel: EXT3-fs (sde1): recovery complete
Jan 11 20:55:32 server kernel: EXT3-fs (sde1): mounted filesystem with ordered data mode
## There is a prompt here...

 

 

2.3 Using ssh within a shell script ?

The following options may be handy.

  • Batch mode + quiet mode
ssh -q -o "BatchMode=yes"  user@remote_machine "exit"
# in this example we just test the password-less connection adn then "exit" the remote host connection
#+ for an even more "silent" test just add a redirection as : &>/dev/null this way even error(s) are silenced.

– The “-q” option is used to ensure that the ssh command will not print any “warning” or “diagnostic” messages (as stated in man ssh).
– The “-o “BatchMode=yes”” (this option would only be useful if passwordless connection are configured) will print an error message (instead of asking for a password) if password-less connection is not enabled, the error message looks like this :

Permission denied (publickey,password,keyboard-interactive).

It will also return an exit code easy to handle within a shell script.

 

2.4 Executing a local script on a remote machine

No copy needed.
Note
: There is three (maybe more ?) way of running a local script on remote machine, BUT only the first one (the ‘bash -s‘ syntax) allows you to pass arguments to the local script.

ssh user@remote_machine 'bash -s' < script.bash
# the bash "-s" option makes the shell to read its input from stdin

or

ssh user@remote_machine < ./script.bash
# the "./" notation is required with this syntax

or

cat script.bash |ssh user@remote_machine
Tagged on: , ,

Leave a Reply

Your email address will not be published. Required fields are marked *

This site supports SyntaxHighlighter via WP SyntaxHighlighter. It can highlight your code.
How to highlight your code: Paste your code in the comment form, select it and then click the language link button below. This will wrap your code in a <pre> tag and format it when submitted.