Skip to Content

Work Smarter, Not Harder: Advanced SSH Techniques to Save Time and Effort

By: Author David Cao

Posted on Last updated:

0 Comments

Categories Linux

Secure Shell (SSH) is a powerful and widely used protocol that enables secure communication over a network.

Whether you’re managing servers, deploying code, transferring files, or running remote applications, SSH is an essential tool for every IT professional and developer.

While the basic ssh [email protected] command is familiar to many, SSH offers a wide array of advanced features that can drastically improve your workflow and security.

This article explores several of these advanced SSH capabilities and how they can help simplify your daily routine.

Get Your Free Linux training!

Join our free Linux training and discover the power of open-source technology. Enhance your skills and boost your career! Learn Linux for Free!

Understanding SSH Configuration

Before diving into advanced SSH techniques, it’s essential to understand how SSH configurations work. SSH uses a hierarchical approach to determine its settings:

  • Command-line options take the highest precedence and override configurations in files.
  • User-specific configurations are stored in the ~/.ssh/config file.
  • System-wide configurations are located in /etc/ssh/ssh_config for the client and /etc/ssh/sshd_config for the server.

If you modify the server-side configuration in /etc/ssh/sshd_config, make sure to reload the SSH service for changes to take effect. On Debian-based systems, you can do this with the command:

systemctl reload sshd

1. Secure File Transfer with SFTP

When it comes to securely transferring files, SFTP (SSH File Transfer Protocol) is an indispensable tool. Many graphical FTP clients, such as FileZilla, support SFTP, enabling you to upload and download files securely with just a few clicks.

For command-line users, you can invoke SFTP directly from the terminal:

sftp [email protected]

This opens an interactive console where you can navigate directories, upload, download, and manage files. While this is useful for many scenarios, note that not all SSH commands are available in this mode.

SFTP provides a safe, encrypted alternative to FTP, ensuring your data remains secure during transit. This is especially critical when transferring sensitive files over insecure networks.

2. Maintaining Persistent Connections with Keep-Alive

Sometimes, SSH connections are interrupted due to network instability or aggressive firewalls. Thankfully, SSH provides several mechanisms to keep your connections alive, preventing premature disconnections:

  • TCPKeepAlive: In both client and daemon configurations, this directive controls whether SSH will send TCP keep-alive messages to maintain the connection. Setting it to no might be helpful if a firewall is disconnecting your session.
  • ServerAliveInterval: In the client configuration, this directive sets the number of seconds the client will wait before sending a packet to the server to check if the connection is still live. Setting it to 0 disables this feature.
  • ServerAliveCountMax: This option determines how many times the client will attempt to check the server’s availability before dropping the connection.
  • ClientAliveInterval: Set on the server, this directive controls how frequently the server will send packets to the client to ensure the connection remains active.
  • ClientAliveCountMax: This option specifies how many times the server will send keep-alive packets before terminating the connection if no response is received.

For example, adding the following lines to your ~/.ssh/config file will send a packet every 30 seconds and try up to 10 times before disconnecting:

ServerAliveInterval 30
ServerAliveCountMax 10

3. Streamlining Authentication with SSH Agent

SSH keys are much more secure than passwords, but entering your SSH key passphrase each time you connect can be tedious. This is where ssh-agent comes in. It stores your private keys in memory, so you don’t have to re-enter your passphrase each time you initiate a connection.

To check if ssh-agent is running, use:

ps x | grep ssh-agent

If it’s not running, start it with:

eval $(ssh-agent)

To add a key to the agent, run:

ssh-add /path/to/your/privatekey

You can also use the IdentityFile directive in your ~/.ssh/config file to specify which key to use for specific hosts. Additionally, adding IdentitiesOnly yes ensures that SSH will only use the keys defined in the configuration or terminal.

If you need to use your keys across multiple servers, agent forwarding allows you to forward your keys to remote hosts securely. To enable this, add the following lines to your configuration:

ForwardAgent yes

However, use agent forwarding with caution, as it can be a security risk on untrusted machines.

4. Securing Traffic with Port Forwarding (Tunneling)

SSH port forwarding is a feature that allows you to securely tunnel traffic from your local machine to a remote server or vice versa. This is particularly useful for accessing services behind firewalls or encrypting traffic from legacy applications.

To enable port forwarding, ensure that the following line is present in your server’s /etc/ssh/sshd_config:

AllowTcpForwarding yes

Here are a few common types of port forwarding:

  • Local Port Forwarding: This forwards a port from your local machine to a remote machine. For example, to connect to a remote PostgreSQL database: 
    ssh -L 5000:psql.server.ip:5432 [email protected]

    Then, you can connect to the database using:

    psql -p 5000 -h 127.0.0.1 -U postgres
  • Remote Port Forwarding: This forwards a port from the remote server to your local machine. For example, to forward HTTP traffic from a remote web server to your local machine: 
    ssh -R 8080:localhost:80 [email protected]
  • Dynamic Port Forwarding: This works like a SOCKS proxy and forwards traffic for any application. To create a SOCKS proxy, use: 
    ssh -D 1080 [email protected]

5. Utilizing Remote GUI Applications with X11 Forwarding

If you need to run graphical applications remotely but display them locally, X11 forwarding can help. This feature allows remote X11 applications to be displayed on your local machine, as if they were running locally.

To use X11 forwarding, ensure the xauth package is installed on your server, and enable X11 forwarding in /etc/ssh/sshd_config:

X11Forwarding yes

Next, connect to your server with:

ssh -X [email protected]

Once logged in, you can run graphical applications such as xclock to test:

xclock

Your remote GUI application will be displayed on your local machine.

6. Simplifying Multi-Hop Connections with ProxyJump

When accessing servers that aren’t directly accessible from the internet, you often need to use a “bastion” or “jump” host. SSH’s ProxyJump feature makes this process seamless by allowing you to specify one or more jump hosts.

To use ProxyJump, simply use the -J option in the ssh command:

ssh -J proxy.server.tld:22 yourserver.tld

Alternatively, you can configure jump hosts in your ~/.ssh/config file:

Host yourserver.tld
  HostName yourserver.tld
  ProxyJump [email protected]

You can chain multiple jump hosts, as shown in the following example:

Host yourserver.tld
  HostName yourserver.tld
  ProxyJump [email protected],[email protected]

For older SSH versions that don’t support ProxyJump, you can use the ProxyCommand directive instead.

Conclusion

By exploring and implementing these advanced SSH features, you can dramatically enhance your workflow, increase security, and simplify interactions with remote servers. Whether it’s maintaining persistent connections, streamlining authentication, securely transferring files, or tunneling traffic, SSH offers a wide array of tools to improve your daily routine. Embrace these features to make your SSH experience more efficient and secure.

By Author David Cao

Posted on Last updated:

Categories Linux