If for some reason you want to disable public key authentication temporarily when SSH’ing into a machine, type :
ssh -o PubkeyAuthentication=no user@machine
You should get the prompt for the password.
This goes without saying, but ChallengeResponseAuthentication (at least on Debian) must be set to yes on the server side for this to work.
Thanks to Philip for proof-reading this post 
Excerpt from the man page :
The interesting part is in bold.
When a pseudo-terminal has been requested, ssh supports a number of functions through
the use of an escape character.
A single tilde character can be sent as ~~ or by following the tilde by a character
other than those described below. The escape character must always follow a newline
to be interpreted as special. The escape character can be changed in configuration
files using the EscapeChar configuration directive or on the command line by the -e
option.
The supported escapes (assuming the default ‘~’) are:
~. Disconnect.
~^Z Background ssh.
~# List forwarded connections.
~& Background ssh at logout when waiting for forwarded connection / X11 sessions
to terminate.
~? Display a list of escape characters.
~B Send a BREAK to the remote system (only useful for SSH protocol version 2 and
if the peer supports it).
~C Open command line. Currently this allows the addition of port forwardings
using the -L and -R options (see above). It also allows the cancellation of
existing remote port-forwardings using -KR[bind_address:]port. !command
allows the user to execute a local command if the PermitLocalCommand option is
enabled in ssh_config(5). Basic help is available, using the -h option.
~R Request rekeying of the connection (only useful for SSH protocol version 2 and
if the peer supports it).EscapeChar also allows disconnection of an SSH session, for example when it is hanging and is not giving you the prompt back (~.).
Yannick over at http://blog.uggy.org always comes up with interesting and valuable tips.
Following his latest post regarding sshrc, I made my own sshrc script.
Unlike his example, I didn’t make SSH email me whenever a connection is made. That would be overkill given the number of connections I can make on a single day.
Instead I’m just logging dates and IP in a log file of its own, which I plan on keeping forever.
My /etc/ssh/sshrc :
DATE=`date "+%d.%m.%Y %Hh%Mm"`
IP=`echo $SSH_CONNECTION | awk '{print $1}'`
echo "$DATE - $IP" >> /var/log/ssh_connections.log
I’m talking about the banner displayed BEFORE connecting, not the MOTD
By default :
$ ssh root@server
***************************************************************************
NOTICE TO USERS
This computer system is the private property of its owner, whether
individual, corporate or government. It is for authorized use only.
Users (authorized or unauthorized) have no explicit or implicit
expectation of privacy.
Any or all uses of this system and all files on this system may be
intercepted, monitored, recorded, copied, audited, inspected, and
disclosed to your employer, to authorized site, government, and law
enforcement personnel, as well as authorized officials of government
agencies, both domestic and foreign.
By using this system, the user consents to such interception, monitoring,
recording, copying, auditing, inspection, and disclosure at the
discretion of such personnel or officials. Unauthorized or improper use
of this system may result in civil and criminal penalties and
administrative or disciplinary action, as appropriate. By continuing to use
this system you indicate your awareness of and consent to these terms
and conditions of use. LOG OFF IMMEDIATELY if you do not agree to the
conditions stated in this warning.
****************************************************************************
Last login: Sat Mar 14 21:38:01 2009 from marsUsing ssh -q :
$ ssh -q root@server
Last login: Sat Mar 14 21:39:00 2009 from mars
This is particularly interesting when you use rsync with ssh from a cronjob.. if you don’t use -q you’ll likely get the banner sent to you by email.
SSH connections made from behind my Linksys WAG54G NAT gateway like to die after idling for something like 5 minutes.
The fix :
Add in /home/USER/.ssh/config
Host *
ServerAliveInterval 60
ServerAliveCountMax 60The SSH client will send a packet every 60 seconds in order to keep the connection alive.
The second option means that after 60 keepalive packets sent, it will stop trying to keep the connection alive, and the connection will eventually die.
See what OpenSSH FAQ has to say about it :
2.12 – My ssh connection freezes or drops out after N minutes of inactivity.
This is usually the result of a packet filter or NAT device timing out your TCP connection due to inactivity. You can enable ClientAliveInterval in the server’s sshd_config, or enable ServerAliveInterval in the client’s ssh_config (the latter is available in OpenSSH 3.8 and newer).
Enabling either option and setting the interval for less than the time it takes to time out your session will ensure that the connection is kept “fresh” in the device’s connection table.
Link :
polishlinux.com has a great article about SSH and its powerful functions.
Original link : http://polishlinux.org/apps/ssh-tricks/#
Here’s an excerpt about X forwarding…
Posted by JoshTriplett on Mon 23 Oct 2006 at 12:35
From : http://www.debian-administration.org/articles/449
SSH has numerous uses beyond just logging into a remote system. In particular, SSH allows you to forward ports from one machine to another, tunnelling traffic through the secure SSH connection. This provides a convenient means of accessing a service hosted behind a firewall, or one blocked by an outgoing firewall.
Say you need to forward UDP packets between two remote networks securely.
E.g : dns queries from your home machine to your dns servers at work.
You should use a VPN between the networks in order to do so (see : http://www.wains.be/index.php/2008/06/07/routed-openvpn-between-two-subnets-behind-nat-gateways/)
Otherwise, you can use the following way :
rsync -vaz -e ssh user@server.domain.be:/home/user/ /home/user/
Source : user@server.domain.be:/home/user/
Target : /home/user/
-a : archive mode, preserve owner/group and permissions
-v : verbose
-z : compress data during transfer
-e : the remote shell to use
Output :
receiving file list ... done
created directory /home/user
./
28403/
BEXX0014/
28403.xml
error.xml
.
sent 876 bytes received 1294165 bytes 2590082.00 bytes/sec
total size is 1644823 speedup is 1.27
“Permission denied (publickey,keyboard-interactive)”
I’m not satisfied by SSH clients under Linux (like putty and the likes), the only ssh client I really enjoy is SecureCRT under Windows, it’s a great piece of software (okay it works with wine, I have tested it, but I want to stick withthe CLI under Linux).
SSH agent forwarding ?
