shdesigns
Powered By Infinite Improbabilty Drive
Premium
join:2000-12-01
Stone Mountain, GA
 ·Atlantic Nexus
| reply to dom6791
Re: Little Known Tips and Tricks...
SSH is not just an encrypted "telnet clone". It can compress data, and act as a tunnel to or from other machines (kind of like a VPN.) It can use this tunnel to pass X-windows gui between machines (X-Forward.)
Typical example:
remote pc -->public internet IP -->router-->workstation@10.1.1.1
Workstation has VNC running on port 5900.
Set up SSH connection to router and enable forwarding:
remote pc (localhost) port 5900 --> remote IP 10.1.1.1
Then 'vncviewer localhost' (on remote PC, not in ssh login) will connect to the VNC desktop on the workstation at 10.1.1.1. You now have a route to the local LAN through the firewall to a non-routable IP. This port forward only exists between your PC and the remoteworkstation and, only exists while you are logged in.
After I had used this, I disabled all ports for things like VNC on my firewall. Only thing open is ssh and web server. When I am working at a remote site, I ssh to my router and tunnel to internal PC's as needed.
As you can see, ssh is powerful, not just a remote login.
Read the man pages on ssh and sshd.
Also putty is a great windoze ssh client. I used it on my sisters PC running off a floppy to get to one of my PC's desktop without any installed software on their PC. I did the same using knoppix on my brothers PC.
--
Scott Henion
Embedded Systems Consultant, shenion on #ATUhttp://shdesigns.org |
dtanner
join:2004-04-10
Shreveport, LA
edit:
June 21st, @03:47PM
| More ssh goodness - Turbo mode logins - Good Stuff
Turbo mode logins using ssh keys.
1) On local-machine type this command...
$ ssh-keygen -t rsa
TIP: When it asks for a passphrase just hit enter.
ie: Do not give it a passphrase.
2) This will create a file ~/.ssh/id_rsa.pub
3) This will be used for your *PUBLIC* key.
4) On local-machine issue this command...
$ scp ~/.ssh/id_rsa.pub user@remote-machine:.ssh/authorized_keys2
Assuming you have the same username on both local-machine
and remote-machine you do not have to use the
user@remote-machine. Just remote-machine will do in the
'scp' line above in this case. For the purpose of being
"proper" this is the syntax I used above...
user@remote-machine
IMPORTANT NOTE: NEVER EVER copy the file ~/.ssh/id_rsa to another machine.
ONLY ~/.ssh/id_rsa.pub ok?
You do not need to do this for any reason.
Don't do it.
You have been warned.
5) On local-machine issue this command...
$ ssh remote-machine
6) Badabing. Sweet.
You want more automation ?
Check this out...
7) I personally have a ~/bin directory that is in my $PATH.
You will need a directory in your home that is in your
$PATH. We will assume from this point that you have such
directory already in your $PATH.
8) Create a file called ssh-to on local-machine and put it in your ~/bin directory.
In this file put this sweet little script ...
#-------------snip------------
#!/bin/sh
ssh `basename $0` $*
#-------------snip------------
9) Save the file to ~/bin/ssh-to on local-machine and make it executable.
ie: $ chmod 700 ~/bin/ssh-to
10) On local-machine type this command...
$ cd ~/bin
11) On local-machine type this command...
$ ln -s ssh-to remote-machine
Tip: If you have an alias in your /etc/hosts file for
the remote-machine use those it will make it even nicer.
12) On local-machine type this command...
$ remote-machine
Sweet. You should have logged right in to the remote-machine.
13) Now that you have this setup try this cool stuff....
On local-machine of course.
$ remote-machine uptime
$ remote-machine ls
$ remote-machine any-command-you-want-to-execute-on-remote-machine
14) Now just repeat these steps for each remote-machine
that you choose.
15) Another nice side affect of this is that "scp"
and "sftp" will not require a passwd either :)
I hope this helps someone.
»linuxtux.org/howtos/ssh-stuff.txt
|
