ahssh
--------
MYSCRIPTS
PORT_FORWARDING
SETTING UP HOST KEYS
SETTING_UP_IDENTITY
IF YOU GET MESSAGES ABOUT MISMATCHED HOST KEYS
IF_YOU_GET_MESSAGES_ABOUT_MISMATCHED_HOST_KEYS
IF_IT_DOES_NOT_WORK
ssh_install_key - create key and push to remote host. Run from client machine.
X11 forwarding
ssh -X <server>
forwarding client -> server
To forward a port, so that on the client machine you can use localhost:1234 to get to <server>:111 (so the server will see the connection coming locally, as if from inside the server) do
ssh -L 1234:localhost:111 <server>
To forward a port, so that on the client machine you can use localhost:1234 to get to <other-server>:111 (where <other-server> will see the connection coming from <server>) do
ssh -L 1234:<other-server>:111 <server>
forwarding server -> client
To forward a port, so that on the server machine you can use localhost:1234 to get to <client>:111 (so the client will see the connection coming locally, as if from the client) do
ssh -R 1234:localhost:111 <server>
To forward a port, so that on the server machine you can use localhost:1234 to get to <other-server>:111 (where <other-server> will see the connection coming from <server>) do
ssh -R 1234:<other-server>:111 <server>
Fancier port forwarding
If you want the connection to actually come from any source (instead of just the client (-L) or the server (-R)), specify *: as a prefix to the above addresses. For example:
ssh -R '*:1234:<other-server>:111' <server>
(Note: you need the 'quotes' to keep the shell from interpreting the *)
To remove a host from known_hosts
ssh-keygen -R [hostname]
ssh-keygen -R [ip_address]
ssh-keygen -R [hostname],[ip_address]
To add a host to known_hosts
ssh-keyscan -H [hostname],[ip_address] >> ~/.ssh/known_hosts
ssh-keyscan -H [ip_address] >> ~/.ssh/known_hosts
ssh-keyscan -H [hostname] >> ~/.ssh/known_hosts
NOTE: try ssh_install_key script.
On the machine you want to login FROM, do the following:
ssh-keygen -t rsa -N "" -f $HOME/.ssh/id_rsa
This creates
~/.ssh/id_rsa
~/.ssh/id_rsa.pub
Now scp the id_rsa.pub files to the target machine (the machine you will be logging in TO) and cat it into ~/.ssh/authorized_keys2 as follows:
On the FROM machine
scp ~/.ssh/id_*.pub user@remotehost:
ssh user@remotehost
(you will need a password)
On remotehost:
mkdir ~/.ssh
chmod 700 ~/.ssh
touch ~/.ssh/authorized_keys
ln ~/.ssh/authorized_keys ~/.ssh/authorized_keys2
chmod 600 ~/.ssh/authorized_keys
cat ~/id_rsa.pub >> ~/.ssh/authorized_keys
rm ~/id_*sa.pub
exit
Now you will be able to use ssh to login from the FROM machine to the TO machine without having to supply a password.
This will mention a line in the known_hosts file. Edit the file and delete the offending lines. Then try again. You will be prompted to be sure you want to connect to the unknown host. If you are sure you are not being spoofed, say yes.
Sshd may use "authorized_keys" or "authorized_keys2" or something else. Check /etc/ssh/sshd_config on the server. Look for a line with "AuthorizedKeysFile" which tells sshd which filename to use.
Try using ~/ssh2 in place of ~/.ssh (rename the directory).
Try the following
chmod 700 ~/.ssh
chmod go-w ~ # may make ssh happy
ssh-vulnkeys # will show if any keys are vulnerable