Learning SSH: Options and Configuration Parameters – Part I

Linux Post Install

8 minutes

Learning SSH: Options and Configuration Parameters

Learning SSH: Options and Configuration Parameters

In this third installment on "Learning SSH" we will begin the exploration and knowledge of the SSH command options and parameters of the OpenSSH program, available for use by running the command in the terminal.

Which will be very useful, since, OpenSSH It is the most installed and used of the remote and secure connection protocols, about most of the Free and open operating systemsas GNU / Linux.

Learning SSH: Installation and Configuration Files

Learning SSH: Installation and Configuration Files

But before starting this present publication the configuration options and parameters for the OpenSSH application, to continue "Learning SSH", we recommend that at the end of reading this, explore the following previous related posts:

Related article:
Learning SSH: Installation and Configuration Files
 Open Secure Shell (OpenSSH): A bit of everything about SSH technology
Related article:
Open Secure Shell (OpenSSH): A bit of everything about SSH technology

Learning SSH: Towards an advanced use of the protocol

Learning SSH: Towards an advanced use of the protocol

Learning about SSH options and parameters

The most basic and essential about the SSH command is to know that it allows it to be executed using certain options or parameters, which are according to their current user manual, the following:

ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-B bind_interface] [-b bind_address] [-c cipher_spec] [-D [bind_address:]port] [-E log_file] [-e escape_char] [-F configfile] [-I pkcs11] [ -i identity_file] [-J destination] [-L address] [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port] [-Q query_option] [-R address] [ -S ctl_path] [-W host:port] [-w local_tun[:remote_tun]] destination [command [argument …]]

So, next we will explore some of the most important ones to know, practice and master, in case it is necessary or useful at any time. And these are the following:

Latest version and SSH options

Basics

  • -4 and -6: Forces the SSH protocol to only use IPv4 or IPv6 addresses.
  • -A and -a: Enable or disable connection forwarding from an authentication agent, such as ssh-agent.
  • -C: Request compression of all data (including stdin, stdout, stderr, and data for connections).
  • -f: Allows SSH requests to go to the background just before command execution. That is, it puts the client in the background before the execution of a command. ORuseful for entering background passwords.
  • -G: Allows you to obtain, as a response from the destination host, the printing of your local SSH configuration.
  • -g: Allows remote hosts to connect to local forwarded ports. If used on a multiplexed connection, this option must be specified in the master process.
  • -K and -k: Enables or disables GSSAPI authentication and forwarding of GSSAPI credentials to the server.
  • -M: Allows you to place the SSH client in "master" mode to share the TCP/IP connection with other successive ones.
  • -N: Allows you to block the execution of remote commands. Useful for just configuring port forwarding.
  • -n: Redirects standard input from /dev/null. useful for when SSH sand runs in the background.
  • -q: Activate silent mode. Causing most warning and diagnostic messages to be suppressed.
  • -s: Allows you to request the invocation of a subsystem (remote command set) on the remote system.
  • -T and -t: Disables and enables mapping of a pseudo-terminal on a remote machine.
  • -V: Allows you to view the version number of the installed OpenSSH package.
  • -v: Allows you to activate the verbose mode, pcausing it to print debug messages about its progress.
  • -X and -x: Enable and disable X11 server forwarding, to access the remote host's local X11 screen.
  • -Y: Enables trusted X11 forwarding, which they are not subject to X11 security extension controls.
  • -y: Submit registration information using the system module syslog.

You advanced

  • -B bind_interface: It allows bind an IP address to an SSH connection, before trying to connect to the destination host. Which will be used as the source address of the SSH connection. Useful on systems with more than one destination network address.
  • -b bind_address: Allows you to specify in the local host, the network interface that will be the source address of the connection. Useful on computers (systems) with more than one source network address.
  • -c cipher_spec: Allows you to select the cipher specification that will be used to encrypt the session. This (cipher_spec) is a comma-separated list of ciphers listed in order of preference.
  • -D bind_address:port: Allows andLocally specify dynamic port forwarding at the application level. Allocating a socket to listen port on the local side, bound to the specified network address.
  • -E log_file: It allowsadd debug logs to the error file, instead of the traditional standard errors handled by the operating system.
  • -e escape_char: Allows you to set the escape character for terminal sessions. Default is a tilde ' ~'. The value "none" disables any escaping and makes the session completely transparent.
  • -F configfile: Allows you to specify a configuration file for each alternate user. If one is provided, the general configuration file ( / Etc / ssh / ssh_config ).
  • -I pkcs11: Allows you to specify the PKCS#11 shared library that SSH should use to communicate with a PKCS#11 token. That is, the selecting a file with private key for public key authentication.
  • -J destination: Allows andSpecify a ProxyJump configuration directive, to cconnect to a target host by first making an SSH connection with a jump host described by the destination host.
  • -L addresses: Allows andSpecify that connections to the given TCP port or Unix socket on the local host (client) will be forwarded to the given host and port, or Unix socket, on the remote side.
  • -l login_name: Allows you to specify the user to log in to the remote machine. This can also be specified per host in the configuration file.
  • -m mac_spec: Allows you to specify one or more MAC algorithms (message authentication code) separated by commas to use on an SSH connection to be executed.
  • -Or ctl_cmd: Control a multiplexing master process over an active connection, by allowing an argument (ctl_cmd) to be parsed and passed to the master process.
  • -o option: It allows use options specified in the configuration file. This is useful for specifying options for which there is no separate command line prompt.
  • -p port: Allows you to specify a port to connect to on the remote host. This can be specified per host in the configuration file. However, the default value is 22, which is the standard value for SSH connections.
  • -Q query_option: Allows to execute a cAsk about supported algorithms, including: cipher, cipher-auth, help, mac, key, key-cert, key-plain, key-sig, protocol-version, and sig.
  • -R address: Allows andSpecify that connections to the given TCP port or Unix socket on the remote host (server) should be forwarded to the local side. Assigning a socket to listen to a port/socket on the remote side.
  • -S ctl_path: Allows you to specify the location of a control socket for connection sharing, or the string "none" to disable connection sharing.
  • -W host: port: Requests that standard input and output from the client be forwarded to the host through a specified port through the secure channel.
  • -w local_tun[:remote_tun]: Request tunnel device forwarding with the specified Tun devices between the client (local_tun) and the server (remote_tun).

Explain Shell

More information

And in this third installment for expand this information We recommend exploring the following SSH WalkthroughIn English, in addition to practicing some examples on the syntax of some SSH command orders in Explain Shell. And just as, in the first and second installments, continuing to explore the following official content and trustworthy online about SSH and OpenSSH:

  1. Debian Wiki
  2. Debian Administrator's Manual: Remote Login / SSH
  3. Debian Security Handbook: Chapter 5. Securing services running on your system

Roundup: Banner post 2021

Summary

In short, this new installment on "Learning SSH" It will surely be very useful to those Linux users who already work with this application. Above all, to clarify certain doubts about the advanced, efficient and effective handling of said tool. For this, perform better and more complex remote connections, and run more secure and reliable settings on their own equipment and platforms, using said remote and secure connection protocol.

We hope that this publication is very useful for the entire «Comunidad de Software Libre, Código Abierto y GNU/Linux». And be sure to comment on it below, and share it with others on your favorite websites, channels, groups, or communities on social networks or messaging systems. Also, remember to visit our home page at «DesdeLinux» to explore more news. And join our official channel Telegram from DesdeLinux to keep you informed, or group for more information on today's topic or others.


Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: Miguel Ángel Gatón
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.