Sunday, March 05, 2006

Some SSH tips

First connecting to a remote host : (althoug trivial)
ssh username@remote_host_ip
The first time around it will ask you if you wish to add the remote host to a list of known_hosts, for that you have to say yes . But if case is that it asks such think again than remote server's host key is changed (such as if SSH was upgraded or the server itself was upgraded). But if there is no upgrade n server side than this may be to trick you into logging into their machine instead so that they can sniff your SSH session.

Now Generating Key :
ssh-keygen -t dsa // here -t specifies type of key

Generating public/private dsa key pair.
Enter file in which to save the key (/home/localuser/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/localuser/.ssh/id_dsa.
Your public key has been saved in /home/localuser/.ssh/id_dsa.pub.
The key fingerprint is:
93:58:20:56:72:d7:bd:14:86:9f:42:aa:82:3d:f8:e5 localuser@mybox.home.co

The reason why you would generate a keyfile is so that you can increase the security of your SSH session by not using your system password. When you generate a key, you are actually generating two key files. One private key and one public key, which is different from the private key. Whenever you connect via ssh to a host that has your public key loaded in the authorized_keys file, it will use a challenge response type of authentication which uses your private key and public key to determine if you should be granted access to that computer It will ask you for your key passphrase though. Now you need to copy to remote machine as :

scp ~/.ssh/id_dsa.pub username@remote_machine_ip:.ssh/authorized_keys

Now if ssh-agent is running on your machine (Most recent distributions will automatically start ssh-agent) then you can do

ssh-add


Now you can try logging into that remote machine again and this time you will notice that it just logs you right in without prompting you for any password or passphrase.

X11 -Session Forwarding

ssh -X username@remote_machine_ip
now you be able to transmit window and bitmap information over a network connection. So essentially you can login to a remote desktop machine and run some X windows program like Gnumeric, Gimp or even Firefox and the program will run on the remote computer, but will display its graphical output on your local computer. If this doen't work then you may need to change file /etc/ssh/sshd_config change the following

X11Forwarding yes
X11DisplayOffset 10
X11UseLocalhost yes

TCP Port Forwarding :

you can setup a port forward for your connection from your home machine to arvo.suso.org so that it will take connections to localhost port 3066 and forward them to the remote side mysql.suso.org port 3066. for this you can uses
ssh -L 3066:mysql.suso.org:3066 username@arvo.suso.org
The -L (which means Local port) takes one argument of ::, so you specify what host and port the connection will go to on the other side of the SSH connection. When you make a connection to the port, it sends the data through the SSH connection and then connects to : on the other side. From the point of view of , its as if the connection came from the SSH server that you login to. In the case above, arvo.suso.org.

Another useful one is for when you are away from home and can't send mail through your home ISP's mail server because it only allows local connections to block spam. You can create an SSH tunnel to an SSH server that is local your ISP and then have your GUI mail client like Thunderbird make a connection to localhost port 8025 to send the mail. Here is the command to create the tunnel:
ssh -L 8025:smtp.homeisp.net:25 username@shell.homeisp.net


Running command over ssh

ssh username@remotehost_ip ls -al /
Then you can process the output however you want using the normal shell conventions

Using SCP
if you want to copy a file to a directory relative to the home directory for the remote user specified.
scp filename username@remote.host.net:some_dir/new_filename

To copy the file back from the server, you just reverse the from and to
scp username@remote.host.net:some_dir/new_filename filename

for copying some director
scp -r dir_namel username@remote.host.net:


Updated : http://dag.wieers.com/howto/ssh-http-tunneling/
for more on ssh tunneling

2 comments:

Kshitij said...

Put those things also...about how to define colors and change color of the shell prompt.

Ajit said...

Post has been updated
shell tweaks