SSH Tips

Just yesterday, a fellow co-worker was having a tough time figuring out the syntax to a very complex command. At its most basic level, the command would run a “bash for loop”, tar up a list of directories and pipe the output to a remote host via SSH keeping all the proper file ownerships and permissions intact. We use those types of commands all the time here at work to do network backups but once in a while everyone gets a “brain fart”. Once I was able to figure out the issue with the syntax, I told myself that I was going to document it one day. Well, that day is today. 😉

The tips below are very basic examples of the issue we experienced above. If you know what SSH is, then these tips are for you. Otherwise, I suggest you skip this blog entry all together since it wont matter to you much. These tips are some of my own collection of all the SSH commands that I have used throughout the years of being a Linux Jr. Systems Administrator. They all have been tested and known to work with OpenSSH 3.8p1. or later. If you have a better way of doing it, I would like to know.

NOTE: The dash “-” is used to reference either standard input or standard output depending on where its being used in the command. Also, please replace all variables that start with a “$” with their respective value. I have tried to make the variable names as obvious as possible. Let me know if I need to explain them.

Ok, On to the tips:

PUSH it!

  1. Tar up a directory and push it to a remote host via SSH.

    $ tar cpf - $local_dir | ssh $user@$remote_host "tar -C $remote_dir -xpf -"

    The above command will tar up a $local_dir and save it to stdin. It’s then piped to SSH which then makes the connection to the $remote_host and extracts the contents to $remote_dir. The “-C” option tells tar where to extract the contents too.

    You can even copy the entire contents of a directory from $local_host and extract them on the $remote_host and keep all the ownerships and permissions intact. Assume that the directory you wish to copy is located in /home/$user/www/

    $ cd /home/$user/; tar cpfz - www/ | ssh $user@$remote_host "cd /home/$user/; mv www www.bak; tar xpfz -"

    Same as the first example but before it extracts the contents of stdin, it renames the “www” directory to “www.bak” on the $remote_host first. The potential is endless.

PULL it!

  1. Connect to a remote host and retrieve a file

    $ ssh $user@$remote_host cat $remote_file > $local_file

    I know, I know… this is what SCP is for but this is cooler. Since OpenSSH allows you to add options after the connection string, you can execute any command on the $remote_host locally. The command above runs SSH from your local machine, connects to the $remote_host and since we gave SSH additional options after the connections string, it “cat’s” the $remote_file and redirects the output to the local machine to a file called $local_file. This will work with pretty much any file type including tarballs, images, and even audio/video files.

UPDATE 04-28-2005: Click on the “more” link below to see it.

Executing Commands

  1. Listing files remotely

    $ ssh $user@$remote_host 'ls -al /etc/'

    If you have the privileges, this command logs into $remote_host and lists the contents of the /etc directory and prints it to your screen without actually starting an interactive session on $remote_host.
  2. Edit a file remotely

    $ ssh -t $user@$remote_host 'vi /etc/passwd'

    This will open the remote file “/etc/passwd” locally which then can be edited then saved remotely. The man pages say that the “-t” option will:

    Force pseudo-tty allocation. This can be used
    to execute arbitrary screen-based programs on a
    remote machine, which can be very useful, e.g.,
    when implementing menu services.
    Multiple -t options force tty allocation, even
    if ssh has no local tty.

X11Forwarding

  1. Export your DISPLAY

    $ ssh -X $user@$remote_host

    At first look, the command above may seem innocent enough until you follow it up with:

    gaim &

    and realize that Gaim is now running on $local_host directly from $remote_host!! The “-X” tells SSH to export the display and to forward “X” over the SSH connection. This is a cool way to run your IM client (or any other app for that matter) from your home machine and have it be displayed on your work box. That way, if your snooping boss is capturing your network packets, all they will see is the encrypted SSH connection data. Good luck decrypting that Mr. Boss!

Thats it for now. If I remember more tips and tricks, I will add them here. If you have a cool SSH trick and/or hack that you would like to share, I would like to know about it.

UPDATE 04-28-2005:

I left out one very potentially important tip. Here is the scenario:

  • What if you have a large archive, say 2 Gigs worth, on $local_host and you wanted to restore it to $remote_host without having to copy the entire 2 Gig archive to $remote_host first. This comes in handy when you have enough disk space for the extracted archive but not enough room for both the archive and the extracted contents of said archive.

    $ ssh $user@$remote_host "cd /home/$user/; tar xpvfz -" < $really_big_archive.tgz

    You can also do it in the other direction:

    $ ssh $user@$remote_host "cat $really_big_archive.tgz" | tar xpvfz -

Agian, if I remember anything else, I will just keep adding it here.


About this entry