SSH for Linux Tasks

many useful tasks that can be done over SSH. unfortunately, most windoze networks block port 22.

SSH tunnels

Mostly stuff we already know - but you can build ssh tunnels. This allows you to access services locally that originate from another computer or server.

This capability enables you to bypass local DNS filtering (by routing DNS queries through the SSH tunnel instead of to the network's default DNS).

It also allows you to access servers on a private network, from a remote location.

Create ssh tunnel

You need ssh on both the client and server side. You'll run an SSH server on the server side, and connect to it with an SSH client on the client side.

From the client, you'll connect to the server with the ssh command, but with some additional flags that create the SSH tunnel: ssh -L <local-port>:localhost:<remote-port> username@10.1.1.101

Here is what the syntax means:

to forward port 8001 on my local machine, the client, to port 8000 on the remote machine, the server, at IP address 10.1.1.101, I will run the following ssh command:

ssh -L 8001:localhost:8000 username@10.1.1.101

create ssh tunnel through gateway node

suppose we have a gateway node, that is, a device that is able to access two different networks, one private and one public. in practice, this would be a publicly available server on a private network.

Suppose we are sitting at a remote computer, and we want to access a computer inside of a private network at 10.5.5.2.

We can access a gateway node, which has a public ip address of 1.2.3.4 and is also connected to the private network at 10.5.5.3.

From the remote computer, we can ssh into 1.2.3.4, and set up the SSH tunnel to forward a port from the the computer we want to access, at 10.5.5.2, through to the computer at 1.2.3.4, and on back to the remote computer.

If we want to forward port 8000 on the computer inside the private network at 10.5.5.2 through the gateway node and on to port 8001 on our remote machine, we would execute the following ssh command:

$ ssh -L 8001:10.5.5.2:8000 username@1.2.3.4

This will connect to 1.2.3.4 with username, and will then connect to 10.5.5.2.

Now port localhost:8001 on the remote machine will forward to 10.5.5.2:8000

SSH configuration

You can configure ssh by editing system-wide configuration files (affects everyone) or user-specific files (affect only you).

User-specific ssh configuration

User specific configuration file for ssh is located in ~/.ssh/config

Example of file defining several hosts with fixed IP addresses:

Host dummy
Hostname 4.4.4.4
Port 22
User foobar

Host dada
Hostname 120.120.120.150
Port 20
User stein

These entries can be modified to add a server alive interval, which specifies an interval at which to send a keep alive packet to keep your connection alive.

Example modification:

Host dummy
ServerAliveInterval 60
Hostname 4.4.4.4
Port 22
User foobar

to set keep alive interval for all hosts:

Host *
ServerAliveInterval 60

System ssh configuration

To change ssh config for whole system, use files at

/etc/ssh/ssh_config - just config for clients
/etc/ssh/ssh_config - config for everything\

Mosh

mosh = mobile shell

combination ssh/multiplexer

keeps your session alive even if connection drops

apt-get install mosh

works just like ssh:

$ mosh username@1.2.3.4

$ mosh -p 2332 username@1.2.3.4

References

"Mastering Linux"

Linux/SSH

From charlesreid1

Contents