The sshd process for your connection is still present on the server and looks like: "sshd: username@notty". You can find it easily with a grep of running processes.
That's an excellent litmus test on whether there is likely to be anything actually valuable there. On the other hand, I wonder how much more traffic they might get from the people who visit just to affirm, "I do too know them..." :-)
Tech folks are sensitive to arrogance and jabs at pride in context of knowledge. It seems like every other top ten list poster seems to be standing on the shoulders of giants we never knew of.
Wow, this is fantastic, thanks! I was looking for something like this a while ago and the closest I could find was transocks, which is Linux-only, not overly stable, not actively maintained, and TCP-only.
sshuttle is currently TCP-only i remember seeing some people discussing about UDP, and DNS forwarding on top of sshuttle but it hasn't gotten very far.
Forward transparently your traffic using iptables. So, if you use sshuttle on your gateway all the tcps connections to the specified subnets are forwarded using ssh for the gateway and all the machines using that gateway.
Because the author made the same mistake so many Wordpress users do which is going absolutely crazy with add-ons. I managed to get the page to load after about 3 minutes and I can count at least 8-9 add-ons he is using that are sucking up tons of server resources. The owner of this blog would be extremely well served by removing unnecessary add-ons and installing something like WP Super Cache to serve content significantly faster and lower the server load.
For security he might want to relocate the admin login URL as well since he still has it set to /wp-admin/ .
Then again, for security he might want to use something else.
Is it only me who is amused by the irony of someone using a system with such a poor security track record to talk about ssh which is intended to provide secure connections?
Like running sshd on another port (to stay on topic), it doesn't make the service more secure against someone who knows it's there, but it makes it less visible to automated scripts probing the standard location for known bugs.
The tilde-escape offers significantly more than just termination, actually. Hit '~?' for the available escape sequences:
Supported escape sequences:
~. - terminate connection (and any multiplexed sessions)
~B - send a BREAK to the remote system
~C - open a command line
~R - Request rekey (SSH protocol 2 only)
~^Z - suspend ssh
~# - list forwarded connections
~& - background ssh (when waiting for connections to terminate)
~? - this message
~~ - send the escape character by typing it twice
(Note that escapes are only recognized immediately after newline.)
If you open the command line (~C), another '?' shows its available commands:
Open a ssh session opened forever, great on laptops losing Internet connectivity when switching WIFI spots.
24) Transfer SSH public key to another machine in one step
ssh-keygen; ssh-copy-id user@host; ssh user@host
This command sequence allows simple setup of (gasp!) password-less SSH logins. Be careful, as if you already have an SSH keypair in your ~/.ssh directory on the local machine, there is a possibility ssh-keygen may overwrite them. ssh-copy-id copies the public key to the remote host and appends it to the remote account’s ~/.ssh/authorized_keys file. When trying ssh, if you used no passphrase for your key, the remote shell appears soon after invoking ssh user@host.
Just put a space before you execute the command, then it doesn't get saved in history. Alternatively, delete it from your history file as the other commenter suggests.
At least under ZSH (on Ubuntu), I don't appear to have the HISTCONTROL environment variable set and yet it still ignores anything prepended with a space.
If you're on OS X, you can get ssh-copy-id through homebrew. (And if you're on OS X and not using homebrew, go install it now: https://github.com/mxcl/homebrew )
Compiling it yourself takes a lot more work than `brew install ssh-copy-id`.
Here's a pretty good expression of the main complaint I've heard about MacPorts:
> The system [homebrew] is much better than MacPorts, the idea is that for example, Mac OS X comes with python installed. Brew will try to use the default python installation instead of trying to make it's own in /usr/opt/whatever ... so, homebrew premise, is to respect the Mac OS X installed packages and use them to it's favor + respecting the Mac OS X structure ( don't re create a whole new structure like fink and mac ports )
Last time I tried to use it I was burned when it came to removing packages. Sure, I can remove them by hand, but then what good is my package management system? The hairier installation is, the more configuration files it creates and modifies all over the system, the more urgent is the need for reliable management system. And there are packages that can't not write all over the system. SSH is one. Sage's another.
And now I have a local SOCKS proxy running. I just have to change the proxy configuration in my browser using SOCKS4a at localhost:9999 and I can surf as if I were on remotehost
Does anyone know: Is it recommended to mount a directory via sshfs? My idea: Mount whole server filesystems into /mnt/servers/<server_ip> ... and then conveniently work with it using desktop tools.
The biggest thing to remember is that any command you run will be in a local context. For example, if you want to do things like updating a SVN repo that's located on the server you've mounted, you should SSH directly into the server and perform it. Otherwise, your _local_ SVN software will try to read in tons of files FROM the server to establish changes in the checkout before it can even try to commit. This can be very slow!
On OSX with MacFuse and SSHFS, I've done plenty of remote work before on LAN servers and "internet" servers. It definitely works, but is slow. But for being able to open up a "local" file in Vim/text editor and then save it, the only time you are hitting the network is during the save and that can be slow.
Transmit 4 integrated this functionality into their FTP client, auto-mounting of SSH connections, but it definitely seems more crashy than MacFuse to me.
If remote editing vim is your only requirement, it should be noted that up-to-date versions of vim will handle scp://, as in "vim scp://hostname/file_to_edit". (Emacs users have Fish) (you should already have ssh keys setup)
Thanks for that. You've just removed 90% of my use cases for opening an actual shell on the remote server.
I've been using vim for a decade or more. I guess it's a salutary lesson for experienced users. I should read the Changelog more carefully when upgrading.
As already noted, commands that deal with a lot of data will copy that data to your machine to process, and copy it back. This is a drawback of both NFS and sshfs.
NFS, however, doesn't encrypt, while sshfs does, so if you don't care about encryption, NFS will be a lot faster.
The proper way to do what you want is to install those desktop tools on the remote machine, and then use ssh X forwarding (ForwardX11 and ForwardX11Trusted in the manual, also -X and -Y) to have those programs run on the remote machine, but display their GUIs on your local desktop. This way you get the nice graphical interfaces while still doing all the hard work on the remote machine, without copying tons of data back and forth.
I have never managed to make sshfs properly handle network problems (at least as well as NFS), especially after suspend & resume, I'd quite too often end with unusable machine where half of all desktop apps are hanging on some blocking syscall via that sshfs, that will _never_ timeout. Also, sshfs is quite inefficient. It's main advantage is being almost setupless, both client- and serverside. But you don't need that if you want to permanently mount your servers somewhere. I think that properly setting up NFS is worth it, in your case.
A dead NFS server can also stall a local desktop. This was a huge issue at Google, where homedirs are mounted on NFS. Turns out almost all window managers need frequent access to dotfiles or they will freeze. This is stupid.
Sure, but it can at least timeout, reutrn EIO, seamlessly reconnect when the connection is reestablished and few other remedies (you can't really do anything else, if this happens), something that I've never managed to make sshfs do properly.
A lot of window managers don't really deal with NFS timeouts/errors very well. One solution is something like AFS, but that comes with a whole host of issues.
If you read the context, this isn't really a specific criticism of ssh, but rather a general criticism of Unix's network model (or lack of it). Maybe we should all be using Plan 9, but as we're not ssh helps a lot.
See: An almost invisible ssh connection
This connects you to a box with no TTY allocation. If someone types 'w', they will not see your connection.