Rui CarmoSecure Shell, of course. Besides the obvious OpenSSH link, this page will hold some of the less obvious (and more useful) stuff:
Resources
| Category | Date | Link | Notes |
|---|---|---|---|
| Clients | MIDP SSH | ||
| SSH Tools | includes a secure VNC client in Java, sources |
||
| JavaSSH | another (smaller) applet |
||
| PuTTY Symbian port | |||
| MindTerm | oldie but goodie Java applet |
||
| PuTTY | |||
| ssheven | a modern SSH client for Mac OS 7/8/9. |
||
| Essentials | fail2ban | block script kiddies and other pests from trying to do dictionary-based attacks on your server (on the internet, nobody knows that you only use key-based authentication – not even morons). |
|
| HOWTOs | Restricted Shell for scp/sftp | ||
| Using ssh-agent | |||
| scponly | |||
| An Illustrated Guide to SSH Agent Forwarding | everything but SOCKS, but pretty useful to hand out to newbies. |
||
| Libraries | sshfs | a FUSE / VFS -based filesystem layer atop SSH (FUSE has a BSD port, and there are now plenty of equivalents for Mac OS X) |
|
| org.keyphrene | Python wrapper |
||
| Servers | 2024 | tinyssh | a minimalistic SSH server which implements only a subset of SSHv2 features. |
| Tools | Gnome SSH Tunnel Manager | ||
| sshrc | take your environment with you |
||
| secretive | a tool to store keys in the macOS Secure Enclave |
||
| 2023 | ssh-crypt | a tool to encrypt/decrypt data using your ssh key from ssh-agent |
|
| 2024 | dracut-sshd | an initramfs plugin to remotely decrypt root filesystems upon boot |
Useful tricks
macOS keychain
SSH key handling has been changing throughout the years, but in Sierra (10.12.2) things can be restored to a modicum of sanity with these settings:
Host *
UseKeychain yes
AddKeysToAgent yes
Automatic session forwarding
If you routinely need to access a host behind another (or a VM inside a host), this is a relatively painless way to do so (won’t allow you to do SFTP, though, since that’s a different subsystem):
cat ~/.ssh/authorized\_keys | grep command
command="ssh user@host" ...rest of key
Keep-alives
Using the built-in keep-alive feature to maintain tunnels with a TCP keep-alive and a 30s internal (in-band) client active check (will try 10 times before disconnecting):
KeepAlive yes
ClientAliveInterval 30
ClientAliveCountMax 10
Speeding up connections to the same host (thanks to Melo):
$ head -3 ~/.ssh/config
Host *
ControlMaster auto
ControlPath /tmp/501/mux-%h-%p-%r
(on my machine the socket file is in 502 – more similar tips here)