ssh
Contents
ssh escape characters
A little, often unknown but very useful feature of openssh!
1 ESCAPE CHARACTERS
2 When a pseudo-terminal has been requested, ssh supports a number of func‐
3 tions through the use of an escape character.
4
5 A single tilde character can be sent as ~~ or by following the tilde by a
6 character other than those described below. The escape character must
7 always follow a newline to be interpreted as special. The escape charac‐
8 ter can be changed in configuration files using the EscapeChar configura‐
9 tion directive or on the command line by the -e option.
10
11 The supported escapes (assuming the default ‘~’) are:
12
13 ~. Disconnect.
14
15 ~^Z Background ssh.
16
17 ~# List forwarded connections.
18
19 ~& Background ssh at logout when waiting for forwarded connection /
20 X11 sessions to terminate.
21
22 ~? Display a list of escape characters.
23
24 ~B Send a BREAK to the remote system (only useful if the peer sup‐
25 ports it).
26
27 ~C Open command line. Currently this allows the addition of port
28 forwardings using the -L, -R and -D options (see above). It also
29 allows the cancellation of existing port-forwardings with
30 -KL[bind_address:]port for local, -KR[bind_address:]port for re‐
31 mote and -KD[bind_address:]port for dynamic port-forwardings.
32 !command allows the user to execute a local command if the
33 PermitLocalCommand option is enabled in ssh_config(5). Basic
34 help is available, using the -h option.
35
36 ~R Request rekeying of the connection (only useful if the peer sup‐
37 ports it).
38
39 ~V Decrease the verbosity (LogLevel) when errors are being written
40 to stderr.
41
42 ~v Increase the verbosity (LogLevel) when errors are being written
43 to stderr.
keyboard-interactive authentication
sshpass
- Please try pubkey-authentication first,
before trying keyboard-interactive auth with sshpass.
Never use option -ppassword because everybody can read it the password ps or top (using a race condition before obfuscation by sshpass)
1 aptitude install sshpass
via file descriptor
Source: Serverfault: How to automate ssh login with password
1 #!/bin/bash
2 # Generate a name for a pipe (-u|--dry-run)
3 PIPE="$(mktemp -u)"
4 # Create FIFO pipe
5 mkfifo -m 600 "$PIPE"
6 # Opened pipe for both reading and writing on file descriptor 3
7 exec 3<>"$PIPE"
8 # Delete the directory entry
9 rm "$PIPE"
10 UIDNAME="user"
11 HOST="host"
12 FILE="path/to/file"
13 # Write your password to the pipe.
14 # You may even use gpg at this point.
15 echo 'my_secret_password' >&3
16 # Read password with sshpass from file descriptor 3 and
17 # connect via sftp
18 sshpass -d3 sftp "$UIDNAME"@"$HOST":"$FILE"
19 # Close the pipe when done
20 exec 3>&-
environment variable
1 #!/bin/bash
2 # MAKE VARIABLE SSHPASS AVAILABLE
3 # IN THE ENVIRONMENT OF ANY SUBSEQUENT COMMAND
4 export SSHPASS="my_secret_password"
5 # SSHPASS ENVIRONMENT VARIABLE MAY BE READ
6 # FROM "/proc/$PID/environ"
7 # BY THE INVOKING USER AND ROOT
8 sshpass -e sftp user@host:path/to/file
9 unset SSHPASS
password file
Make sure Unix-permissions are correct (replace "$OWNER")!