Archive

For the SSH category

Port forwarding using SSH

No Comments

SSH port forwarding let you connect to a server using another server a relay.

For example, if you host a web server in a DMZ behind your office router, you will not be able to access it using its public URL if your workstation is behind the same router.

You can easily implement a workaround if you have access to a server on the Internet. Issue this command on one of the machines connected on the same network as your workstation.

ssh -fN -t -C -D 192.168.1.50:2080 example.com

where

  • 192.168.1.50 is the address of the machine that will accept connections from your LAN on port 2080.
  • example.com is the machine on the Internet that will establish connections to the final destination

You may need to add the port number on which example.com listen to using the -p option. If SSH listens to port 8787 on example.com, the command would be:

ssh -p 8787 -fN -t -C -D 192.168.1.50:2080 example.com

You may also need to supply a user name to connect to example.com. The command would then look like:

ssh -p 8787 -fN -t -C -D 192.168.1.50:2080 remoteuser@example.com

You can use this setup with a browser if you configure it to use a proxy to connect to the Internet. For example, access the proxy configuration of Firefox: preferences >> advanced >> network >> settings. Choose Manual proxy configuration and fill-out the SOCKS host parameters.

SSH Port Forwarding

The result will be that Firefox will open the URLs you type-in using the server example.com.

How to prevent SSHD to listen on an address family

No Comments

It is possible to control on which address family sshd will listen to. In /etc/ssh/sshd_config, simply add

AddressFamily any

to listen to IPv4 and IPv6 addresses. This is the default. Alternatively, add one of these to listen only to IPv4 (inet) or IPv6 (inet6) respectively.


AddressFamily inet
AddressFamily inet6

SSH login without password

No Comments

It is possible to securely connect to a SSH server without a password. To do so, you must perform the following steps. It assumes that both machine are running a flavor of Unix.

On the client machine, open a shell window and execute the following command to create your private and your public key.

ssh-keygen -t rsa

Login on the server using the account you want to setup and perform these steps:

mkdir ~/.ssh
chmod 700 ~/.ssh

The file id_rsa.pub can be found on your client machine in the ~/.ssh directory

Copy the content of the file id_rsa.pub into the file ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys

You can also use ssh-copy-id to copy your public key to a remote host. A typical command is

ssh-copy-id youruser@example.com

From now on, no password will be asked when you will ssh to this server.

How to create a SSH tunnel

No Comments

You can connect to a remote host [remote-host] using another machine [proxy-host]. This can be accomplished if the [proxy-host] as an SSH server running. To do so, logon to the [proxy-host] from your computer. Issue the following command at the command prompt:

ssh -p [proxy-ssh-port] -L [local-port]:[remote-host]:[remote-port]
       [user-name]@[proxy-host]

where

  • [proxy-ssh-port] is the ssh port to connect to
  • [local-port] is the local port the client software will connect to
  • [remote-host] is the name or the IP address of the end point of the tunnel
  • [remote-port] is the port of the end point of the tunnel
  • [user-name] is the user name SSH will use to logon
  • [proxy-host] is the name or the IP of the machine that will act as the proxy

To connect to the machine [remote-host], port [remote-port] from your computer, simply connect to localhost, port  [local-port].

Very slow connection to a SSH server

No Comments

A problem with the DNS configuration on a server can cause the login to the ssh server very slow. I can be fixed by adding the following line

UseDNS no

in the ssh server configuration file /etc/ssh/sshd_config

Blue Taste Theme created by Jabox