5 cool things you can do with SSH besides logging in

You probably already know ssh and that you can use it to log on to remote machines with “ssh user@example.com.” Type in the password and It Just Works™.

But that’s not all you can do. You can also…

Transfer files. The OpenSSH client comes with the file transfer programs sftp and scp. They use the SSH protocol so no additional software is needed on the server. With sftp you can browse the files on the remote system and upload and download files interactively. Scp is for one-off transfers, and works even with two remote hosts. For example:

sftp user@remote
scp user@remote:/path/to/source destination

# Copy ~/.bashrc from remote1 to remote2
scp user1@remote1:.bashrc user2@remote2:

Log in without typing the password. Generate a pair of “public” and “private” keys. Upload the public key to remote machines, and keep the private key secret. The next time you log in ssh checks the private key against the public key instead of asking for a password. Sounds complicated? It’s really easy:

ssh-keygen -t rsa                 # Generate public/private key pair
ssh-copy-id user@remote           # Upload public key to remote
ssh user@remote                   # Look ma, no password!

Run remote console programs. If all you want to do is execute one command you can save a step and have SSH run the command instead of a shell. If the command needs a terminal (text editors, IRC, …) use the -t switch. For example to execute irssi:

ssh user@remote -t irssi

Run remote GUI programs. If you enable “X11 redirection” with the -X switch you can use GUI programs that run on the remote machine. Other useful switches are -C (enable compression) and -f (run in background after logging in). For example, to execute virt-manager, the libvirt virtual machine manager, on a remote host:

ssh user@remote -XCf virt-manager

You’re not limited to running random applications. You can also get a “desktop in a window” on the remote machine, kind of like VNC or Windows Remote Desktop Connection. You only need an X server in a window, such as Xephyr, and start the desktop on the remote machine:

Xephyr :1 -ac &
DISPLAY=:1 ssh user@remote -XCf gnome-session

Use remote services through local ports and the other way around. Is the remote network behind a NAT or firewall that blocks access? No problem; make the SSH client listen on a local port and forward connections from there to a host and port on the remote machine’s network. For example, this makes MySQL at dbhost look like it runs locally:

ssh user@remote -L 3306:dbhost:3306

You can use -R to make reverse connections. For example, CUPS the printer daemon listens for connections on the TCP port 631. To print to local printers from the remote machines:

ssh user@remote -R 631:localhost:1631

# Once you are logged in:
export CUPS_SERVER=localhost:1631

Bonus: clean up known_hosts with sed. This isn’t really an SSH tip, but here goes. When an SSH server’s host key changes, like when the machine is reinstalled, the client notices that something fishy is going on. It prints an error message like below and doesn’t let you continue.

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
[...snip...]
Offending key in /home/joni/.ssh/known_hosts:28
[...snip...]

To correct the situation the easiest way is to remove the offending line 28 from known_hosts:

sed -i 28d ~/.ssh/known_hosts