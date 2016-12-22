Secure Shell, of course. Besides the obvious OpenSSH link, this page will hold some of the less obvious (and more useful) stuff:
Resources:
Essentials:
- fail2ban – block script kiddies and other pests from trying to do dictionary-based attacks on your server (on the internet, nobody knows that you only use key-based authentication – not even morons).
HOWTOs:
- An Illustrated Guide to SSH Agent Forwarding – everything but SOCKS, but pretty useful to hand out to newbies.
- Restricted Shell for scp/sftp
- scponly
- Using ssh-agent
Tools:
- sshrc – take your environment with you
- Gnome SSH Tunnel Manager
Clients:
- PuTTY, Symbian port (updated on Mar 5 for S60)
- SSH Tools – includes a secure VNC client in Java, sources
- MindTerm – oldie but goodie Java applet
- JavaSSH – another (smaller) applet
- MIDP SSH
Libraries:
- org.keyphrene – Python wrapper
- sshfs, a FUSE / VFS -based filesystem layer atop SSH (FUSE has a BSD port, and there are now plenty of equivalents for Mac OS X)
Useful tricks:
macOS keychain:
SSH key handling has been changing throughout the years, but in Sierra (10.12.2) things can be restored to a modicum of sanity with these settings:
Host * UseKeychain yes AddKeysToAgent yes
Automatic session forwarding
If you routinely need to access a host behind another (or a VM inside a host), this is a relatively painless way to do so (won’t allow you to do SFTP, though, since that’s a different subsystem):
cat ~/.ssh/authorized_keys | grep command command="ssh [email protected]" ...rest of key
Keepalives
Using the built-in keepalive feature to maintain tunnels with a TCP keepalive and a 30s internal (in-band) client active check (will try 10 times before disconnecting):
KeepAlive yes ClientAliveInterval 30 ClientAliveCountMax 10
Speeding up connections to the same host (thanks to Melo):
$ head -3 ~/.ssh/config Host * ControlMaster auto ControlPath /tmp/501/mux-%h-%p-%r
(on my machine the socket file is in 502 – more similar tips here)