banner
 

Path: content/Tips/Linux/SSH.md

SSH tips

Ignore unknown keys

Sometimes you need to connect without the 'accept unknown key' message, for example in automation inside a transient container or build agent. This option allows that:

ssh -o "StrictHostKeyChecking no"

This is not recommended for interactive sessions as it is designed to protect against MITM / DNS attacks

Speed up connections

Slow ssh connections are frequently related to DNS. As well as making sure forward and reverse DNS records are correct for client and server, and that the resolver is set correctly at both ends, try adding this to the end of /etc/resolv.conf:

options single-request-reopen

This covers a bug in some network implementations where the resolver makes a single request for both A and AAAA records but one of the responses gets squashed, so it waits for the second response (which never arrives). This option forces the resolver to make two separate requests.

Another option is to disable dns resolution in sshd_config with:

UseDNS no

Forward ports

ssh can forward ports to a host hidden behind a firewall, so long as you can access a bastion host inbetween. You can then map that remote port to a local port on your local device. Eg:

ssh -L8888:anotherremotehost:1111 user@remotehost

Connecting to localhost:1111 will bounce your TCP connection to anotherremotehost:8888 via remotehost . Handy for connecting to remote rdp sessions for example

Mount remote filesystem over ssh

sshfs is a lifedsaver. Given a single tcp port (which can be one forwarded with ssh -L) you can mount a filesystem from a remote server. sshfs may need to be installed (eg apt install sshfs):

sshfs user@remove.address:/path/to/mount

useful options:

-p- set the port number to connect to`

'-o ssh_command='ssh -C'` - set ssh command options - in this casse, to enable compression

timeout prevention

On the server in /etc/ssh/sshd_config:

ClientAliveInterval 30
ClientAliveCountMax 4

On the client in /etc/ssh/ssh_config / $HOME/.ssh/config

ServerAliveInterval 30
ServerAliveCountMax 4

Links in this section

Filesystems
SSH
Systemd
VI

Last updated : 14 November 2024