OpenSSH is a popular suite of software utilities implementing Secure Shell (SSH) protocol. OpenSSH includes the ability to set up a TCP secured channel and it is widely use as a replacement for not secured telnet and secure replacement of file transfers such as rcp and ftp. OpenSSH offers a great number of features including ssh session multiplexing. 
The OpenSSH suite includes the following command-line utilities and daemons:
- ssh, ssh client and TCP secure replacement for rlogin, rsh and telnet to allow shell access to a remote machine.
- scp, a replacement for rcp (Unix)
- sftp, a replacement for ftp to copy files between computers
- sshd, the SSH server daemon which allows shell access and file transfers to a remote machine.
- ssh-keygen, a tool to inspect and generate the RSA, DSA and Elliptic Curve keys that are used for user and host authentication
- ssh-agent and ssh-add, utilities to ease authentication by holding keys ready and avoid the need to enter passphrases every time they are used
- ssh-keyscan, which scans a list of hosts and collects their public keys
- ssh-copy-id, copy local keys to remote machine.
Readings[edit | edit source]
ssh clients[edit | edit source]
OpenSSH includes an ssh client:
ssh. Others clients are available such us putty, mosh, paramiko and
autossh main feature not include in OpenSSH ssh client is the capability to monitor an ssh connection and restart it if necessary.
- Loop waiting to connect to server:
AUTOSSH_POLL=5 AUTOSSH_GATETIME=0 autossh -M 0 -o ServerAliveInterval=5 -o ServerAliveCountMax=1 YOUR_SERVER_NAME_OR_IP
Ssh clients in Linux are frequently executed inside a terminal or using any kind of terminal multiplexer such as tmux or screen.
Activities[edit | edit source]
Basic[edit | edit source]
- Convert a putty ssh key format to Openssh format, you can follow the following instructions http://www.codeblocq.com/2016/05/Convert-a-putty-ppk-key-to-a-pem-file-on-OSX/, https://stackoverflow.com/questions/3475069/use-ppk-file-in-mac-terminal-to-connect-to-remote-connection-over-ssh
- Open a reverse ssh tunnel, follow the following instructions https://www.howtoforge.com/reverse-ssh-tunneling
- Configure OpenSSH to reuse ssh connections
ControlMaster, follow the following instructions https://stackoverflow.com/questions/20410252/how-to-reuse-an-ssh-connection and how to use them in https://en.wikibooks.org/wiki/OpenSSH/Cookbook/Multiplexing
- Generate a public Key from a private Key: 
ssh-keygen -f ~/.ssh/id_rsa -y > ~/.ssh/id_rsa.pub(example for RSA keys but can be applied to other key types)
- Configure OpenSSH to allow Public-key authentication
- Activate SSH on macos:
sudo systemsetup -setremotelogin on
Intermediate[edit | edit source]
- Learn about different client connection options, such us:
- Connect to remote server temporarily turning off host key checking, (security implications):
ssh -oStrictHostKeyChecking=no SERVER_NAME
Advanced[edit | edit source]
- Read ssh documentation about multiplexing https://en.wikibooks.org/wiki/OpenSSH/Cookbook/Multiplexing and its implementation details: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/PROTOCOL.mux?annotate=HEAD
- Configure ssh session multiplexing
ProxyJumpdirective to connect using a "Jump Server"
- Run a shell script on a remote machine using ssh:
ssh root@MachineB 'bash -s' < local_script.sh. See also: parallel
- Read https://github.com/openssh/openssh-portable source code
See also[edit | edit source]
- Wikipedia: Secure Shell
- Telnet (deprecated use), netcat
sslh Applicative Protocol Multiplexer (e.g. share SSH and HTTPS on the same port)
brew install http://git.io/sshpass.rb)
conchclient written in python
References[edit | edit source]