Create a key

• from https://www.ssh.com/ssh/keygen/#choosing-an-algorithm-and-key-size

~$ ssh-keygen -t rsa -b 4096 -N "" -f "${HOME}/.ssh/id_rsa" -C "YOURLABEL"
~$ ssh-agent bash # run the authentication agent
~$ ssh-add # adds private key identities to the authentication agent

SSH keep alive

from

• Keep Your Linux SSH Session From Disconnecting - How-To Geek
• Manual Pages: ssh_config(5)

nano .ssh/config

# note: this config must be the last one
# the first match wins!
Host *
    ServerAliveInterval 30
    ServerAliveCountMax 10

SSH tunneling

• To open remote port 80 as local port 8080:

ssh -v -C -N -L 8080:localhost:80 <REMOTEUSER>@<REMOTESERVER>

• To open remote port 80 as remote port 8080:

ssh -v -C -N -R 8080:localhost:80 <REMOTEUSER>@<REMOTESERVER>

-v : verbose

-C : compression (useful only for slow networks)

-N : don't open a remote shell

-L : local

-R : remote

Tunneling a proxy

ssh -v -C -N -g -D 3128 <REMOTEUSER>@<REMOTESERVER>

SSH port forwarding for X remote session

open remote app to local X server (ex Oracle graphic installation on remote server without X)

On local host

X :2
ssh -C -c blowfish-cbc,arcfour -R 6000:localhost:6002 <REMOTEUSER>@<REMOTESERVER>

On remote host

export DISPLAY=:0
xterm

Config example

client side

mkdir -p ~/.ssh
chmod 700 ~/.ssh
cat > ~/.ssh/config << 'EOF'
####                                                                                                                                                          
# Commons (must be the last ones: the first match wins)                                                                                                       
####                                                                                                                                                          

Host *
    ServerAliveInterval 10
    ServerAliveCountMax 30

    Compression no

    IdentityFile ~/.ssh/id_rsa
    IdentitiesOnly yes

    PreferredAuthentications publickey
    PubkeyAuthentication yes
    PasswordAuthentication yes

    ChallengeResponseAuthentication no
    GSSAPIAuthentication no
    GSSAPIDelegateCredentials no
    GSSAPIKeyExchange no

    ForwardAgent no
    ForwardX11 no
    ForwardX11Trusted no

    SetEnv LC_CTYPE=C
EOF
chmod 600 ~/.ssh/config

server side

mkdir -p ~/.ssh
chmod 700 ~/.ssh
touch ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
# put your key.pub there ...
cat > ~/.profile << 'EOF'
# history
export HISTTIMEFORMAT='%F %T ';
export HISTSIZE=10000;
export HISTFILESIZE=10000;
export HISTCONTROL=ignorespace;

# aliases
alias ls="ls -A -F -s -h --color --group-directories-first";
export LS_COLORS="no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arj=01;31:*.taz=01;31:*.lzh=01;31:*.zip=01;31:*.bz2=01;31:*.rpm=01;31:*.deb=01;31:*.z=01;31:*.Z=01;31:*.gz=01;31:*.jpg=01;35:*.gif=01;35:*.bmp=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.mpg=01;37:*.avi=01;37:*.mov=01;37:";
EOF
chmod 700 ~/.profile
ln -s -f -T .profile ~/.bashrc
ln -s -f -T .profile ~/.bash_profile
touch ~/.hushlogin

Install SSH Server on a different port

apt-get install openssh-server
systemctl stop sshd
cd /etc
sed -i 's|#Port 22|Port 10022|g; s|#PasswordAuthentication yes|PasswordAuthentication no|g' ssh/sshd_config
systemctl start sshd

Links

• [1]
• [2]
• HOWTO: SSH Tunneling Made Easy