ssh


CentOS 6: install / start and stop / enable and disable ssh server

Install

To install the openssh-server, you need to install the openssh-server package:

sudo yum install -y openssh-server;

Start

To start the sshd daemon (openssh-server) in the current session:

sudo service sshd start;

Stop

To stop the active (if any) sshd daemon in the current session:

sudo service sshd stop;

Enable

To configure the sshd daemon to start automatically at boot time:

sudo chkconfig sshd --add;
sudo chkconfig sshd on --level 2,3,4,5;

Disable

To configure the sshd daemon to stop automatic initialization at boot time:

sudo chkconfig sshd off;
sudo chkconfig sshd --del;

How to instruct SSH use only my password and ignore my (rsa) key

Recently, we wanted to connect to a machine via SSH without using the default RSA key that was available in the client’s profile (~/.ssh/id_rsa).

We needed to avoid using the public key authentication method for two reasons:

  1. The client did not want to share the passphrase with us
  2. We did not want to move the key, not even temporarily

So, to connect via SSH while ignoring the key completely we connected using the following command

ssh -o PreferredAuthentications=keyboard-interactive,password -o PubkeyAuthentication=no [email protected];

Explanation of parameters:

  • -o Was used to give options in the format used in the configuration file (/etc/ssh/ssh_config). It is useful for specifying options for which there is no separate command-line flag available.
  • -o PreferredAuthentications can be used to change the default order of authentication and bypass the GSSAPI-based authentication, the host-based authentication, the public key authentication and the challenge-response authentication.
    -o PreferredAuthentications=keyboard-interactive,password instructs the server to perform the authentication through the keyboard-interactive method and if that method is not available to use the password method.
    The keyboard-interactive authentication method is a request for all different pieces of information needed for the authentication. The server can specify, which inputs need to be hidden when user types them and which are not.
    The password authentication is a request for a single password. There is no configuration sent by the server. So the client decides how to format the prompt.
  • -o PubkeyAuthentication=no Specifies whether to try public key authentication. By setting the value to no it disables it.

Using aliases for SSH

An extremely helpful feature of ssh is the ability to define aliases using its configuration files:

  • ~/.ssh/config
  • /etc/ssh/ssh_config

~/.ssh/config contains configuration that is only available to your user and any user can create one for themselves.
/etc/ssh/ssh_config contains configuration that applies to all users of the system and only administrators can modify it.

Note: ~/.ssh/config should only have read and write access rights by its owner only!
Be sure to execute the following after your create it:

chmod 600 ~/.ssh/config;

Example 1 – Creating an alias for a host name:

Assuming we are too bored to type the full domain of a server, we can define a shorter name as follows:

Host bf
    HostName bytefreaks.net

by having this configuration lines in your ~/.ssh/config file, you can shorten the command ssh bytefreaks.net; to ssh bf;.

Example 2 – Creating an alias for a host name with specific username:

In the next example, we create a new alias that not only will automatically set the host name but also the username

Host bf
    HostName bytefreaks.net
    User george

by having this configuration lines in your ~/.ssh/config file, you shorten the command ssh [email protected]; to ssh bf;.

Example 3 – Creating an alias for a host name with specific username and port:

In the next example, we create a new alias for a specific host name, username and ssh port number

Host bf
    HostName bytefreaks.net
    User george
    Port 22300

The above will shorten ssh [email protected] -p 22300 to ssh bf;.

Example 4 – Creating an alias for a host name with specific username and identity file:

Host bf
    HostName bytefreaks.net
    User george
    IdentityFile /path/to/needed/private/key/id_rsa

The above will shorten ssh [email protected] -i /path/to/needed/private/key/id_rsa; to ssh bf;

For more information on the capabilities of the configuration files, please review the following documentation page as it has a whole lot more of useful information: http://man.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man5/ssh_config.5

Repeated note: ~/.ssh/config should only have read and write access rights by its owner only!
Be sure to execute the following after your create it:

chmod 600 ~/.ssh/config;

Fedora 25: install / start / enable ssh server

Install

To install the openssh-server, you need to install the openssh-server package:

sudo dnf install -y openssh-server;

Start

To start the sshd daemon (openssh-server) in the current session:

sudo systemctl start sshd.service;

Stop

To stop the active (if any) sshd daemon in the current session:

sudo systemctl stop sshd.service;

Enable

To configure the sshd daemon to start automatically at boot time:

sudo systemctl enable sshd.service;

You will get an output similar to this:

ln -s '/usr/lib/systemd/system/sshd.service' '/etc/systemd/system/multi-user.target.wants/sshd.service'

Disable

To configure the sshd daemon to stop automatic initialization at boot time:

sudo systemctl disable sshd.service;

[GitLab.com] Clone all repositories in your account

GitLab.com offers a public API that allows us to get information related to our accounts. One of the API calls available is the account projects call (http://gitlab.com/api/v3/projects).

This call will return a JSON object describing the projects available to your account.

To clone all of the projects available to you, you can use the following:

TOKEN="PASTE_YOUR_PRIVATE_TOKEN_HERE"; PREFIX="ssh_url_to_repo"; curl --header "PRIVATE-TOKEN: $TOKEN" http://gitlab.com/api/v3/projects | grep -o "\"$PREFIX\":[^ ,]\+" | awk -F ':' '{printf "ssh://"; for (i=2; i<NF; i++) printf $i "/"; print $NF}' | xargs -L1 git clone

The above code will bring the JSON object, filter out everything except for the “ssh_url_to_repo” member of each project and then it will use it to clone the project by fixing up the URL to be used by git.

To get the above code working: the GitLab API requires that you use a token that is related to your account instead of using your credentials to make the call to the API.

To get your private token, visit this page http://gitlab.com/profile/account , the private token is the random sequence of characters in the white box:

[GitLab.com] Private TokenYou need to copy that value in the place of the variable TOKEN in the above script.

In case you have a lot of projects (more than 10), the default call will only produce the results for the first 10 repositories only.

To list all available repositories you have two options:

  1.  Set the per_page query parameter to a value big enough to fetch all your projects information if they are less than 100. e.g http://gitlab.com/api/v3/projects?per_page=100
  2. Follow the link headers from the initial response to make all the next calls.

[BitBucket.org] Clone all repositories of your account 2

Clone all bitbucket projects

 BBA=MyUserName; curl --user ${BBA} https://api.bitbucket.org/2.0/repositories/${BBA} | grep -o '"ssh:[^ ,]\+' | xargs -L1 git clone 

The above curl call will connect to the server using your username and return the list of repositories that are available to your account.

Please note that you need to provide you username NOT your email.
If you make these calls using the email that was used to register the account, then the call will fail.

After the call succeeds, the results will be filtered and each repository will be cloned to the current folder.
In case your ssh key is locked via a password, each time a clone operation will start, you will be asked for the password.

Example:

BBA="bytefreaks"; curl --user ${BBA} https://api.bitbucket.org/2.0/repositories/${BBA} | grep -o '"ssh:[^ ,]\+' | xargs -L1 git clone
Enter host password for user 'bytefreaks':
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  3834  100  3834    0     0   4414      0 --:--:-- --:--:-- --:--:--  4411
Cloning into 'bluetoothclicker'...
Warning: Permanently added the RSA host key for IP address '104.192.143.1' to the list of known hosts.
Enter passphrase for key '/home/bytefreaks/.ssh/BitBucket/id_rsa': 
warning: You appear to have cloned an empty repository.
Checking connectivity... done.
Cloning into 'watch'...
Enter passphrase for key '/home/bytefreaks/.ssh/BitBucket/id_rsa': 
warning: You appear to have cloned an empty repository.
Checking connectivity... done.

List all bitbucket projects

In case what you want is just to list your repositories, execute the following:

 curl --user ${BBA} https://api.bitbucket.org/2.0/repositories/${BBA} | grep -o '"ssh:[^ ,]\+' | xargs -L1 echo 

Usage instructions: set your username to the BBA variable and execute.

BBA="bytefreaks"; curl --user ${BBA} https://api.bitbucket.org/2.0/repositories/${BBA} | grep -o '"ssh:[^ ,]\+' | xargs -L1 echo
Enter host password for user 'bytefreaks':
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  3834  100  3834    0     0   3543      0  0:00:01  0:00:01 --:--:--  3546
ssh://[email protected]/bytefreaks/bluetoothclicker.git
ssh://[email protected]/bytefreaks/watch.git

How to list all available repositories on a Git server via ssh 9

ssh [email protected] info

The above ssh call will connect to a Git hosting server that has gitolite installed and will return the list of repositories that are available to your account along with the access rights of each.

Note: This command should work even if remote login via ssh is blocked on the server.

The command should return a list similar to this:

hello bytefreaks, this is [email protected] running gitolite3 v3.5.3.1-1-gf8776f5 on git 1.7.1

 R W	Repo1
 R W	Repo2
 R W	Repo3
 R  	Repo4

The first column in the results is the read flag, the second the write flag and the third column is the name of the repository.

In order to clone (get a local copy) a repository from the above list (for the example lets use Repo1) you have to issue the following command

git clone ssh://[email protected]/Repo1

To clone all of the repositories in the current directory with one command, as it is shown in this guide, issue the following command:

ssh [email protected] info | cut -f 2 | tail -n +3 | xargs -I {} -n 1 git clone ssh://[email protected]/{}


How to call ‘top’ on a remote machine using ssh 8

Some times it is not straight forward to call some remote commands using ssh (example of syntax here). Commands like top will not execute as is because they need some environment variables modified due to their interactive nature.

Usage example of wrong remote call to top and its result:

ssh remoteMachine 'top'
TERM environment variable not set.

We cannot really describe all of the solutions available but since we are talking about top, we will present a very simple solution.
Luckily, top can be executed in batch mode, which is used for sending output from top to other programs or files by invoking the -b parameter and thus changing the command syntax to:

ssh remoteMachine 'top -b'

This will work just fine but give you a full page of results which might be too much info. To limit the results that you are receiving you can filter the top command results with other commands like head. In the following example we use head to limit the number of rows retrieved to 8, so that we get the system status and the most computational intensive command of our system.

ssh remoteMachine 'top -b | head -n 8'

Which will result to something like this:

top - 07:29:38 up 1:04, 0 users, load average: 2.85, 2.83, 2.24
Tasks: 62 total, 2 running, 60 sleeping, 0 stopped, 0 zombie
Cpu(s): 27.8%us, 0.4%sy, 0.0%ni, 71.7%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
Mem: 1022116k total, 68960k used, 953156k free, 4364k buffers
Swap: 3905532k total, 0k used, 3905532k free, 22776k cached

PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
842 userName 20 0 32212 1320 1120 R 188 0.1 46:51.91 application.binary