- Installs (30 days) ssh-copy-id: 5,846: Installs on Request (30 days) ssh-copy-id: 5,633: Build Errors (30 days) ssh-copy-id: 0: Installs (90 days) ssh-copy-id.
- Ssh-copy-id uses the SSH protocol to connect to the target host and upload the SSH user key. The command edits the authorizedkeys file on the server. It creates the.ssh directory if it doesn't exist. It creates the authorized keys file if it doesn't exist.
- $ brew install openssh $ /usr/local/bin/ssh -V OpenSSH7.1p2, OpenSSL 1.0.2e 3 Dec 2015 Making Homebrew OpenSSH Client the default Now that we have OpenSSH installed using Homebrew we need to make sure it is the default SSH client. By default the system SSH client is installed in /usr/bin/ssh.
- Install your RubyGems with gem and their dependencies with brew. “To install, drag this icon” no more. Homebrew Cask installs macOS apps, fonts and plugins and other non-open source software.
Now we’ll use step ssh certificate locally (you can brew install step) to generate a new key pair, get a certificate from the CA using SSO, and automatically add the certificate and private key to ssh-agent. That sounds like a lot, but it’s just one command.
There are two fantastic tools to install on you new Mac: After you install iTerm2, it’s time to install Homebrew!
Homebrew is a package manager – think apt-get for OS X. It is trivial to install and instantly gives you access to thousands of open source tools and utilities. According to the creators of Homebrew, “Homebrew installs the stuff you need that Apple didn’t.”
Visit http://brew.sh right now to get started!
Homebrew installs the stuff you need that Apple didn’t.
Top 10 (or more) most useful Homebrew apps to get you started. (Paste this list into your terminal once you get Homebrew installed.)
Screenshot showing Homebrew installing mtr on Mac OS X.
(mtr is a fun and useful ICMP tool which combines ping and traceroute into a realtime display of packet loss across all the path entries returned by traceroute.)
Enjoy!
- PDF Link: cheatsheet-ssh-A4.pdf, Category: tools
- Blog URL: https://cheatsheet.dennyzhang.com/cheatsheet-ssh-A4
- Related posts: Tmux/Tmate Cheatsheet, #denny-cheatsheets
File me Issues or star this repo.
1.1 SSH general
| Name | Summary |
|---|---|
| ssh without input password | sshpass -p '<your-passwd>' ssh <username>@<ssh_host>, brew install sshpass |
| Install sshd server | apt-get install openssh, apt-get install openssh-server |
| Restart sshd server | service sshd restart, systemctl reload sshd.service |
| Run ssh command | ssh -o StrictHostKeyChecking=no -p 2702 root@172.17.0.8 date |
| SSH with verbose ouptut | ssh -vvv -p 2702 root@45.33.87.74 date 2>&1 |
| Setup ssh tunnel for your web browsing | sshuttle -r kubo@10.92.21.17 30.0.0.0/16 192.168.150.0/24 -e ... |
| SSH passwordless login | ssh-copy-id <username>@<ssh_host>, Or manually update ~/.ssh/authorized_keys |
Remove an entry from known_hosts file | ssh-keygen -f ~/.ssh/known_hosts -R github.com |
| Diff local file with remote one | diff local_file.txt <(ssh <username>@<ssh_host> 'cat remote_file.txt') |
| Diff two remote ssh files | diff <(ssh user@remote_host 'cat file1.txt') <(ssh user2@remote_host2 'cat file2.txt') |
| Upload with timestamps/permissions kept | scp -rp /tmp/abc/ ec2-user@<ssh-host>:/root/ |
| SSH agent load key | exec ssh-agent bash && ssh-add /tmp/id_rsa, ssh-add |
| SSH list all loaded key | ssh-add -l |
| SSH agent create and load key | exec ssh-agent bash && ssh-keygen, ssh-add |
| Emacs read remote file with tramp | emacs /ssh:<username>@<ssh_host>:/path/to/file |
| Generate a new key pair | ssh-keygen, ssh-keygen -C 'your_email@example.com' -t rsa |
| Generate key pair without interaction | ssh-keygen -t rsa -f /tmp/sshkey -N ' -q |
1.2 SSH Advanced
| Name | Summary |
|---|---|
| Add passphrase protection to ssh keyfile | ssh-keygen -p -f id_rsa |
| configure SSH to avoid trying all identity files | ssh -o IdentitiesOnly=yes -i id1.key myuser@myserver.com |
| Convert OpenSSL format to SSH-RSA format | ssh-keygen -f my_ssh.pub -i |
| Critical ssh files/folders | ~/.ssh/authorized_keys, ~/.ssh/config, ~/.ssh/known_hosts |
| SSH config file | /etc/ssh/ssh_config, /etc/ssh/sshd_config |
| SSH key file permission | chmod 600 ~/.ssh/id_rsa |
| SSH folder permission | chmod 700 ~/.ssh, chown -R $USER:$USER ~/.ssh |
| Authorizedkeys file permission | chmod 644 ~/.ssh/authorized_keys |
Mute Warning: Permanently added | ssh -o LogLevel=error |
1.3 SSH tunnel & ssh proxy
| Name | Summary |
|---|---|
| SSH port forward to a local port | ssh -N -i <ssh-keyfile> -f root@54.179.178.214 -L *:18085:localhost:8085 -n /bin/bash |
| Reverse port forward to remote server | ssh -R *:40099:localhost:22 root@54.179.178.214, ssh -p 40099 root@54.179.178.214 |
| Setup ssh tunnel for your web browsing | sshuttle -r kubo@10.92.21.17 30.0.0.0/16 192.168.111.0/24 192.168.150.0/24 192.167.0.0/24 |
1.4 SSH security
| Name | Summary |
|---|---|
| Disable ssh by password | sed -i 's/PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config |
| Disable root login | sed -i 's/^PermitRootLogin yes/#PermitRootLogin yes/' /etc/ssh/sshd_config |
| Enable/Disable SSH Host Key Checking | StrictHostKeyChecking yes change ~/.ssh/config |
| Protect SSH server from brute force attacks | fail2ban command line tool |
1.5 SCP
| Name | Summary |
|---|---|
| Download a remote folder | scp -r ec2-user@<ssh-host>:/home/letsencrypt-20180825 ./ |
| Upload a file | scp -i <ssh-keyfile> /tmp/hosts ec2-user@<ssh-host>:/root/ |
| Upload a folder | scp -r /tmp/abc/ ec2-user@<ssh-host>:/root/ |
| Upload with timestamps/permissions kept | scp -rp /tmp/abc/ ec2-user@<ssh-host>:/root/ |
| Mount remote directory as local folder | sshfs name@server:/path/remote_folder /path/local_folder |
1.6 Parse ssh log file
| Name | Command |
|---|---|
| Events of ssh down | grep -R 'ssh.*Received signal 15' /var/log/auth.log |
| Events of ssh up | grep -R 'sshd.*Server listening' /var/log/auth.log |
| Events of ssh failed login | grep -R 'sshd.*Failed password for invalid user' /var/log/auth.log |
| Events of ssh break-in attemp | grep -R 'sshd.*POSSIBLE BREAK-IN ATTEMPT!' /var/log/auth.log |
| Events of ssh port scap | grep -R 'sshd.*Bad protocol version identification' /var/log/auth.log |
| Events of ssh login by public key | grep -R 'sshd.*Accepted publickey for' /var/log/auth.log |
| Events of ssh login by password | grep -R 'sshd.*Accepted password for' /var/log/auth.log |
| Events of ssh logout event | grep -R 'sshd.*pam_unix(sshd:session): session closed for' /var/log/auth.log |
1.7 SSH tools
| Name | Summary |
|---|---|
| Export local env to Internet | ngrok.com |
| Reverse ssh proxy | sshuttle |
| SSH by auto input password | sshpass sshpass -p “$PASSWORD” ssh -o StrictHostKeyChecking=no $username@$sship= |
1.8 Scripts
- Inject local key to remote ssh server server
Brew Sshfs
- SSH Config file
- Use expect to run ssh command with credential auto input
- ssh reverse tunnel
Brew Shops Near Me
1.9 More Resources
Brew Sshuttle
License: Code is licensed under MIT License.
Brew Sshpass