DIY SSH Bastion Host -

AWS Bastion host quick start -

Security recomendations for OpenSSH -

Generate SSH public key from SSH private key:

# to file
ssh-keygen -f ~/.ssh/id_rsa -y > ~/.ssh/

# to stdout
ssh-keygen -f ~/.ssh/id_rsa -y

Disable SSH host key checking

The authenticity of host ‘ (’ can’t be established. RSA key fingerprint is 3f:1b:f4:bd:c5:aa:c1:1f:bf:4e:2e:cf:53:fa:d8:59. Are you sure you want to continue connecting (yes/no)?

Add following lines in ssh config:

Host 192.168.0.*
    StrictHostKeyChecking no

SSH options anf features

ssh [options] <user>@<host>
    -L                  tunneling
    -N                  non entering to bash
    -f                  background run
    -i  <private_key>   path to private key
    -p  <port>

# remove existing entry
ssh-keygen -R "hostname"

# change connection timeout limit (seconds)
ssh -o ConnectTimeout=10  <hostName>

X11 application

Run GUI app;ication on remote desctop. Connect, export the display in-line and start the application in a way that won’t close it after the ssh session dies:

ssh <user@server> "DISPLAY=:0 nohup firefox"

Run remote GUI application on local desktop:

ssh -XC <user@server> firefox
# or
ssh -YC <user@server> firefox

Multiple SSH private keys on one client

EXPERIMENTAL Add into your ~/.profile to add all id_rsa* keys from your home .ssh dir. Applied after system relogin.:

find $HOME/.ssh/ -type f -name "id_rsa*" ! -name "*.*" -exec ssh-add "{}" \;
# Also you can manually run this command


Host myshortname
    IdentityFile ~/.ssh/realname_rsa # private key for realname
    User remoteusername

Host myother
    IdentityFile ~/.ssh/realname2_rsa
    User remoteusername


ssh-add <path_to_private_key>

SSH tunneling

ssh -NL <local_port>:<remote_address>:<remote_port> <remote_user>@<remote_host>

SSH aliases

Type following in ~/.ssh/config:

Host <name>
  Hostname      <host>
  User          <username>
  IdentityFile  <path_to_private_ssh_key>


ssh <name>