Secure Shell Protocol

🔗 Allowed Commands

It’s possible to specify allowed commands in the ~/.ssh/authorized_keys file. See mozey/allowed-commands, the regex in allowed-commands.env allows listing any directory or file, and that is the only command that is allowed

🔗 Mosh

SSH can be unstable over public wifi or mobile networks, use the mosh client as a drop-in replacement for ssh.

Install it locally

brew install mosh

And on the server. Allow UDP ports 60000 to 60010 on the firewall if there is one

sudo apt install mosh

Troubleshooting mosh on macOS: “Did not find mosh server startup message. (Have you installed mosh on your server?)” See this comment: “Mac sends LC_CTYPE to the Ubuntu server”, comment out sending of locale env vars in ssh_config

sudo vi /etc/ssh/ssh_config
#    SendEnv LANG LC_*

Scroll back doesn’t work with mosh, see workaround using tmux. Also set color prompt

echo 'set -g history-limit 30000
set -g default-terminal "screen-256color"
set-window-option -g mouse on
' > ~/.tmux.conf

# Then use mosh like this
mosh -- tmux new

🔗 Sudoers File

The sudoers file can be used to allow groups or users to run sudo without being prompted for a password

Use this command to edit /etc/sudoers

sudo visudo

Allow all members of a group to sudo without a password

%admin ALL=(ALL) ALL

Allow a specific user


Limit to certain files

ubuntu ALL=(ALL) NOPASSWD: /path/to/files/*.sh

Limit to a specific command

ubuntu ALL=(ALL) NOPASSWD: /path/to/bin/command