ssh

Use tar and ssh to copy files and directories across systems

Snippet kitt decided around 08:04 on 7 June 2015 to publish this:

To save on disk space, and be able to retain file permissions and directory structures, use tar and ssh to copy files and directories across systems.

This works better than scp because the files are compressed (gzipped) before sending across the wire.

Use if you have lots of small files (think, "git repositories").

# general case
$ ssh user@machine-where-precious-data-is "tar czpf - /some/important/data" | tar xzpf - -C /new/root/directory
 
# specific example
$  ssh mgs "sudo tar czpf - /home/sites" | tar xzpf - -C sites
 
# this will create sites/home/sites/...
 
# If you need root and (correctly) have root ssh login turned off, use this:
$ ssh remotehost "echo 'PASSWORD' | sudo -S tar czpf - /remote-path-to-copy" | tar xvpf - -C local-path
 
# back the other way
$ tar cpf - /path/to/data | ssh user@remote "tar xpf - -C /path/do/final/location/"

ssh key fingerprint information

Blog Written with a loving hand by kitt some time around 11:54 on 8 March 2012

Use ssh-keygen with the -l option (that's a lowercase L). You'll need to specify the -f [file] option, too, as you could have more than one .pub file (dsa, rsa, etc.).

dymock[1030]% ssh-keygen -lf ~/.ssh/id_dsa.pub
1024 2a:12:ab:34:cd:56:ef:44:78:aa:9a:bb:dd:cc:66:f8 /home/kitt/.ssh/id_dsa.pub (DSA)

When in doubt, man ssh-keygen

% man ssh-keygen
...
  -l  Show fingerprint of specified public key file.  Private RSA1 keys
      are also supported.  For RSA and DSA keys ssh-keygen tries to find
      the matching public key file and prints its fingerprint.  If combined
      with -v, an ASCII art representation of the key is supplied with the
      fingerprint.
...

ssh configuration to prevent timeout auto-logouts

Blog kitt decided around 08:49 on 8 March 2012 to publish this:

I have a couple remote systems with really short ssh login timeouts. By the time I stand up, walk into the other room to retrieve a reference book and sit back down, the system has logged me out for being idle too long.

By default, the idle auto-logout timeout is set by the administrator in the /etc/ssh_config file. Since most people don't lock their screens before they move away from their computers (though, they really should, and if you have client work on your laptop, you owe it to your client to protect their work by locking your screen every time you leave it), short timeouts will reduce the security risk by auto-logging out idle connections more quickly, reducing the window of opportunity.

I do have the habit of locking my screen as I stand up to move away from it, thanks to Mike Gull. Thanks, Mike!

For one particular system, however, the timeout is too short (it's less than 2 minutes, might be less than one, I haven't timed it).

Rather than changing the config file, I can send null packets to the server letting it know that my connection is still open, that I'm not idle. On the command line, that options is -o:

% ssh -o ServerAliveInterval=5 bounceout

It is, however, slightly annoying to have to remember that -o option.

Fortunately, I can save it in the ssh configuration file:

% man ssh
...
  -F configfile
      Specifies an alternative per-user configuration file.  If a configuration file is given on the
      command line, the system-wide configuration file (/etc/ssh_config) will be ignored.  The
      default for the per-user configuration file is ~/.ssh/config.
...

Excellent.

One quick

% emacs ~/.ssh/config

later and I have this in my file:

Host bounceout.hodsden.net
     ServerAliveInterval        5

I could have used an = instead of white space to separate the values, which eliminates the need for double quotes around the value if there is space in the value:

Host bounceout.hodsden.net
   ServerAliveInterval=5

but my config file is simple enough I don't need to.

And now, no more quick time-outs for that box. Yay!

I also could have used a wild card on that Host parameter. This is a special case that I don't want applied to every server I ssh into, so limiting to one host seems prudent.

Update: If you have aliases in your /etc/host file for your servers, you will need to use the alias in the Host parameter:

Host bounceout
   ServerAliveInterval=5

Use alternate identity file for svn access with ssh

Snippet kitt decided around 21:30 on 23 September 2009 to publish this:

If you need a different identity file for ssh access when using svn (say, using your personal computer on a work project and need to keep the two identities separate when accessing a personal remote server), define the SVN_SSH shell variable to use the different identity file.

To specify a different identity file with ssh, use -i:

ssh -i /path/to/id_rsa

And define the SVN_SSH var.

export SVN_SSH="ssh -i /path/to/identity/file"