SSH Commands
Setting Up ssh keys (assuming Linux as the home machine)
On your home machine, run the following command to generate a public/private DSA key pair:
ssh-keygen -d
Accept the default save location (i.e. /home/username/.ssh/id_dsa)
You will then be asked to supply a passphrase. Do not use your Unix password,
choose another passphrase. After confirming the passphrase, you will receive a
a message similar to the following:
Your identification has been saved in /home/username/.ssh/id_dsa.
Your public key has been saved in /home/username/.ssh/id_dsa.pub.
In order to proceed, we need to copy your newly generated public key (id_dsa.pub)
to your .ssh directory under your CS HOME directory
We will also need to rename id_dsa.pub to authorized_keys2
The safest way to do this is to use secure copy or scp from your home machine.
cd into .ssh and run the following command:
scp id_dsa.pub username@qew.cs.toronto.edu:.ssh/my_new_pub_key
Note: Don't be tempted to rename it as authorized_keys2 because
you run the risk of clobbering a previously existing authorized_keys2
file.
Next, ssh to qew.cs and cd to .ssh
Run the command:
cat my_new_pub_key >> authorized_keys2
Exit qew.cs. From your home machine, ssh to qew.cs again.
This time you should be prompted for your private key passphrase, and not
your Unix password.
We are now half-way there.
Now let us set you up to use ssh-agent.
The main idea behind ssh-agent is that it will negotiate ssh authentication
on your behalf.
Add the following lines to your .bash_login file on your Linux box.
eval `ssh-agent` && ssh-add .ssh/id_dsa
Logout and log in again.
Note that you are now prompted for your private key's passphrase.
Once you have been authenticated by the ssh-agent, ssh to qew.cs
You should be now able to login without using a passphrase.
Copying Files from a remote machine using SSH but not SCP
File to be copied from remote server is called: simontestfile
File to be copied to locally is: testcopy
ssh root@antiope.sytes.net cat simontestfile > testcopy
Here are some additional examples:
Neil and I played around with the two following ways
of taking the output of locally run command and
piping it to ssh in order to complete it remotely.
cat FoundryIPs | ssh pavise.dev2.local 'cat >>/etc/pf/SIMON'
or:
cat FoundryIPs | ssh pavise.dev2.local 'cat - >>/etc/pf/SIMON'
Both seemed to work.
FWIW, so would this:
ssh pavise.dev2.local 'cat >>/etc/pf/SIMON' < FoundryIPs
==============================================================
You can run one or more remote commands on a remote machine and then log out immediately.
This is useful if, for example, you need to write a script to run a command on several
machines. However, you can not run interactive commands (commands that do not exit immediately).
$prompt$> ssh user@remote.host.name command
$prompt$> ssh user@remote.host.name "command1; command2; command3; .. commandn"
If you want run multiple commands on the remote machine, separate the commands with semicolons.
However, if you do this, make sure you put the command list in quotes, or else only the first
command will run on the remote machine.
And you can pipe or redirect (see definition in the next section on piping) the output:
$prompt$> ssh user@remote.host.name "ls -l /tmp"|less
This above example will take the output of the ls commmand run on the remote machine and pipe it
to less on the local machine. Since less (and more) require you to press "q" to quit it, it's
interactive and won't work if you try to run it on the remote machine. So this won't work:
$prompt$> ssh user@remote.host.name "ls -l /tmp|less"
Piping
Piping with SSH allows you to run a command and redirect the output to a remote machine through
an ssh tunnel. I'll provide three examples.
Example 1
The first example transfers files and directories. Experienced users will probably notice that you
can do the same thing (much more easily, in fact), using scp (secure copy) with the -r flag.
However, there are times when scp may not work due to compatibility issues or non-standard
path locations. If you have a directory structure dir1/ that you want to transfer from machine
L (local) to machine R (remote), you can type in the following:
$prompt$> tar -cf - dir1|ssh user@remote.host.name "tar -xf -"
The above command will tar the contents of dir1/ and output to stdout. The pipe redirects
the stdout to ssh, and after logging into the remote machine, will execute the command in quotes
and exit. Even though I could have compressed the tar file, I didn't since usually,
ssh supports compression by default. It's important to note that some machines (Solaris, as far
as I know) don't like the trailing slash after a directory name. It's subtle, but important.
So the identical command:
$prompt$> tar -cf - dir1/|ssh user@remote.host.name "tar -xf -"
will not work unless you change dir1/ to dir1. Linux and FreeBSD seem to be OK with it.
But suppose you wanted to transfer the files to a different directory instead of your home directory,
which is the default. All you have to do is change the directory in the command and you're set:
$prompt$> tar -cf - dir1|ssh user@remote.host.name "cd /dir2; tar -xf -"
The change is italicized.
Example 2
In the second example, we'll concatenate a file on our local machine (logfile1) to a file on the remote machine
(logfile2). We'll do something pretty similar:
$prompt$> cat logfile1|ssh user@remote.host.name "cat>>logfile2"
Example 3
In the last example, we'll tar a directory and transfer it over to the remote machine without extracting it.
It would basically perform something that takes multiple steps in a single command:
$prompt$> tar -cf - dir1|ssh user@remote.host.name "dd of=dir1.tar"
--------------------------------------------------------------------
To transfer a (large, complicated) file tree from one machine to another,
using stuff which is usually supported:
tar cf - stuff | ssh bob@wendy.no.where.com tar xf - -C /home/brian
Autopsy:
(tar cf - stuff) - tar stuff to the standard output
(| ssh bob@wendy.no.where.com) - pipe this to an ssh connection to wendy - where
(tar xf - -C /home/brian) - is run - which will untar the standard input and
place the result in /home/brian....
--------------------------------------------------------------------
ssh -p 2235 root@antiope.sytes.net tar -I FRED -cf - | dd of=FW.tar
---------------------------------------------------------------------