Some Useful SSH tips

Executing commands remotely and returning results

One of the common usage is to log into remote machine and check some process stat to see if some program is running or not. Instead of logging in, executing command and then returning back, we can do it in a single shot by providing the command to be executed as an argument.

ssh loguser@$x.x.x "ps -ef | grep kafka"
loguser  12214 12213  0 23:47 ?        00:00:00 bash -c ps -ef | grep kafka
loguser  12224 12214  0 23:47 ?        00:00:00 grep kafka
root     22194     1  0 Feb16 ?        00:00:31 /sbin/dhclient -1 -q -lf /var/lib/dhclient/dhclient--eth0.lease -pf /var/run/dhclient-eth0.pid -H some-kafka-machine eth0
root     32641     1  0 Mar11 ?

This actually happens via something called ssh tunnel.

One more example: (having trouble reading logs in remote machine? Just copy them over in one shot)

ssh user@x.x.x.x "cat /var/log/application/my-app.log" >> testing.log
#This will copy over the content
#You can scp too (This is just an example)
#You can save process stat, memory usage and many more

NB: Saltstack, ansible make use of this ssh feature while executing (orchestrating commands) remotely.

SSH configs

If you are on a linux machine and your daily job is to log into a bunch of servers and do some task then it might be little cumbersome to keep track of all the server IPs,ports, usernames, keys/passwords etc. That’s where you can use ssh config.

ssh user@$ipAddress -p $portNumber -i $identityFile

This can be pretty cumbersome if you have more than a handful of servers.

Enter, ssh configs.

This file is stored under ssh in your home directory i.e ~/.ssh/config

Host falcon
    HostName falcon.first.com
    Port 22000
    User joey
    IdentityFile ~/.ssh/falcon.key

Now you can ssh into falcon by just using: ssh falcon

This can save a lot of your time.

What’s inside ~/.ssh/authorized_keys ?

You can allow users to log in to remote machines using two ways:

username/password ssh keys While using ssh keys, the user generates his/her ssh keys (pair of private public keys) using ssh key-gen. Those keys are stored as:

~/.ssh/id_rsa.pub (public key)
~/.ssh/id_rsa (private key)

Now in order to allow that user ssh login, we can add his/her public key inside ~/.ssh/authorized_keys file.

Whenever a user tries to log in, his ‘session/activity’ is signed using his/her private key. At the remote server, the respective public key verifies the identity and if it’s matched user is allowed access.

Public Key Encryption

comments powered by Disqus