From LinuxReviews
Jump to navigationJump to search

SSH allow you to access remote machines and use them as if they were a local system.

It allow allows you to easily copy files from one machine to the other:

scp localfile.tar.bz2 remoteuser@remotebox.tld:/path/to/placeit/

All KDE programs allow you to use remote SSH filesystems using KDE's fish in the file dialogs:


...will allow you to open and edit remote files as if they were local.

SSH Tips

Use aliases

You can use aliases in .ssh/config to make your SSH experience easier. Add something like this:

 Host alias1
     Hostname hostname
     User username
     [add extra options like authentication method, X11 forwarding, agent forwarding, private key to use and so on]

This will allow you to do scp file.tar.bz2 alias1:/path or fish://alias1/some/path (and get a password prompt). Less typing - and works with bash completion too.

Major thanks to ScriptedReplay

Security Tips

  • Run sshd on a different port. The scripts won't find you there. I don't like this option, because it requires me to specify the alternative port every time i ssh, scp, rsync, or svn. It's still about the easiest and most effective method.
  • Limit the connection rate to the port you're running sshd on. In many scenarios, it won't hurt you if you can't connect to it more than once in 5 seconds, but this will make a dictionary attack from a single machine very tedious. In OpenBSD 3.7, you can use pf with max-src-conn-rate.
  • Use a script like DenyHosts ( or Daemonshield ( to monitor your authentication log, and add suspicious hosts to a block list (either temporarily or permanently) or ScanAssassin ( This looks like a very nice solution to me.
  • I got this one from my girlfriend: disable password authentication and use key-based authentication instead. This is my prefered solution, except that I have to solve some problems with public key authentication not working from some of the machines I use.
  • Limit the number of connections allowed to the ssh port during short intervals using iptables.

Major thanks to inglorion

Manual pages

External Links