Tunnelling SSH/SCP through intermediate host when two hosts can’t directly communicate

Posted by & filed under Linux.


We need to scp a file between two hosts. The problem is that the two hosts (A & C) cannot directly communicate. We can solve this using a SSH tunnel and an intermediate host (B) that can communicate with both. This also means, the command for Host B needs to run first, then the scp command for host A.:


Host A (source)

This will scp to localhost on port 3000 which is actually our tunnel to host c — /destination_file is the path on host C

scp -P 3000 /source/file username@localhost:/destination_file

Host B (intermediate)

ssh -R 3000:ip.of.host.a:22 ip.of.host.c

Host C (destination)



Also, if you have spaces in the paths make sure to escape the space with \ e.g.

scp -P 3000 "/source/file/some\ directory/" username@localhost:/destination_file


Mosh: MObile SHell

Posted by & filed under Networking, Server Admin.

Remote terminal application that allows roaming, supports intermittent connectivity, and provides intelligent local echo and line editing of user keystrokes.

Mosh is a replacement for SSH. It’s more robust and responsive, especially over Wi-Fi, cellular, and long-distance links.

Mosh is free software, available for GNU/Linux, FreeBSD, and Mac OS X.


16 Ultimate SSH hacks

Posted by & filed under Server Admin.

So you think you know OpenSSH inside and out? Test your chops against this hit parade of 16 expert tips and tricks, from identifying monkey-in-the-middle attacks to road warrior security to attaching remote screen sessions. Follow the countdown to the all-time best OpenSSH command!


Kippo — SSH Honeypot

Posted by & filed under Uncategorized.

Kippo is a medium interaction SSH honeypot designed to log brute force attacks and, most importantly, the entire shell interaction performed by the attacker.

Some interesting features:

* Fake filesystem with the ability to add/remove files. A full fake filesystem resembling a Debian 5.0 installation is included
* Possibility of adding fake file contents so the attacker can ‘cat’ files such as /etc/passwd. Only minimal file contents are included
* Session logs stored in an UML compatible format for easy replay with original timings
* Just like Kojoney, Kippo saves files downloaded with wget for later inspection
* Trickery; ssh pretends to connect somewhere, exit doesn’t really exit, etc

Sounds like fun!


Stream audio over SSH

Posted by & filed under BASH, Linux.

Ok this is sweet:

ssh user@server.com “cat /Torrents/Complete/15\ years\ of\ Essential\ Mix\ Sasha\ \&\ Digweed/Essential\ Mix\ 137\ -\ Sasha\ -\ Live\ @\ radio\ 1\ on\ tour\ from\ Sanctuary\ -\ [30.06.1996].mp3” | mpg123 –

And here is a more advanced version to find multiple files (unworking)
ssh user@server.com “find /Torrents/Complete -wholename \*Essential\*.mp3 -print0 | xargs -0 cat” | mpg123 –

this finds fines in /Torrents/Complete and pipes them to mpg123