ssh – host hopping (with Jump host)

Most of the times I need to jump hosts with ssh. What do I mean by that. Let me try to explain :

Host Hopping

If I need to got to host h3 then I need to first login to h1 and from there to host h2 and finally to host h3. This can be done with .ssh/config file but for that I need to have some program like nc installed on all the hosts in between which might not be practical in all cases. So, here is something that I found very useful.

ssh -tt h1 ssh -tt h2 ssh -tt h3

In the above command, we can add usernames, if needed. And now for the best part, if we add entry for h2 in h1 and h3 in h2 in the .ssh/config file, then we don’t need to add usernames. Similarly setup passwordless ssh from h2 to h3 and h1 to h2 and you don’t need password for any of the hosts, how cool is that 🙂

Send history of current host to some other host over ssh

Sometimes I want to save the history of current host on another host. This is to ensure that I can use copy/paste on other host to run the commands. To this, I found a simple solution –

history| ssh <user>@<host> 'cat - > /tmp/history'

And on the new host, you can find the history in file “/tmp/history”, cool :). Now I can quick edit this file to create this as shell script as well if required. How cool is that.

ssh – remove offending key.

Whenever a system/server is re-installed or the host key changed for any reason, you would have seen the “host key verification failed”. And as usual you would have to go to known_hosts file and delete the offending key. I will show you 2 simple ways to do this here.

The output that you get in such scenario is:

Offending ECDSA key in ~/.ssh/known_hosts:4

First, you can use sed to directly delete the offending key with a command like this :

sed -i 4d ~/.ssh/known_hosts

So, if you see, we are using “-i” to do the changes inline and using “4d” command to delete the 4th line.

But being on Linux has the advantage that everything can be automated. So, lets do this in simpler way.

We will be using command called xclip for this, so get that intalled.

sudo dnf install xclip

Once that is done, add a alias in your bashrc file like this:

alias ssh-remove-key='a=( $(xclip -o|sed "s,:, ,") ) ; sed -i -e "${a[1]}d" ${a[0]}'

After this is done, whenever you get that error, copy the “<file>:line” portion and execute “ssh-remove-key” and the key is gone from file 🙂