SSH
SSH tips¶
Ignore unknown keys¶
Sometimes you need to connect without the 'accept unknown key' message, for example in automation inside a transient container or build agent. This option allows that:
ssh -o "StrictHostKeyChecking no"
This is not recommended for interactive sessions as it is designed to protect against MITM / DNS attacks.
Speed up connections¶
Slow ssh connections are frequently related to DNS. As well as making sure forward and reverse DNS records
are correct for client and server, and that the resolver is set correctly at both ends, try adding this
to the end of /etc/resolv.conf:
options single-request-reopen
This covers a bug in some network implementations where the resolver makes a single request for both A and AAAA records but one of the responses gets squashed, so it waits for the second response (which never arrives). This option forces the resolver to make two separate requests.
Another option is to disable dns resolution in sshd_config with:
UseDNS no
Forward ports¶
ssh can forward ports to a host hidden behind a firewall, so long as you can access a bastion host inbetween. You can then map that remote port to a local port on your local device. Eg:
ssh -L8888:anotherremotehost:1111 user@remotehost
Connecting to localhost:1111 will bounce your TCP connection to anotherremotehost:8888 via remotehost.
Handy for connecting to remote RDP sessions for example.
Mount remote filesystem over ssh¶
sshfs is a lifesaver. Given a single TCP port (which can be one forwarded with ssh -L) you can mount a
filesystem from a remote server. sshfs may need to be installed (eg apt install sshfs):
sshfs user@remote.address:/path/to/mount
Useful options:
-p— set the port number to connect to-o ssh_command='ssh -C'— set ssh command options - in this case, to enable compression
Timeout prevention¶
On the server in /etc/ssh/sshd_config:
On the client in /etc/ssh/ssh_config / $HOME/.ssh/config: