ssh
an encrypted login to a server running openssh-server
install (debian variants)
apt-get install openssh-server |
configure to login from your laptop without being prompted for passwords, using dsa encrypted keys you generate on your laptop and then transfer to the server so it knows who you are by matching the key when you login. On your laptop do this:
ssh-keygen -t rsa -f ~/.ssh/id_rsa -C "yourusername@laptop's_IP_or_hostname.com" cat ~/.ssh/id_rsa.pub | ssh yourusername@server.ip.or.hostname 'cat - >> ~/.ssh/authorized_keys' ssh-add |
it will prompt you for a password when you do this the first time, then you should be able to just do
ssh yourusername@server.ip.or.hostname |
and it should just log you in automatically without prompting you for anything. If you are using SELinux, like on CentOS, you also have to do (on SERVER):
restorecon -Rv ~/.ssh |
troubleshooting
if you get an error:
bash: /home/yourusername/.ssh/authorized_keys: No such file or directory |
it means you have to create the directory to put the key in on your server so do:
ssh yourusername@server.ip.or.hostname mkdir .ssh touch .ssh/authorized_keys exit |
then run the “cat command” above again, it should fix that
keep ssh server from logging you off quickly
In case you are doing longer jobs and want to stay logged in longer. You can also use screen for this too, but here we edit /etc/ssh/sshd_config and add this line to the end and then reload the config like:
ClientAliveInterval 300 /etc/init.d/ssh reload |
the 300 means 300 seconds or 5 minutes, set it to what you want. This will ask the client if it’s still there for 5 minutes and wait to disconnect until it gets 2 lack of responses.
CentOS ssh on non-standard port
Assuming you want your RedHat6.x/CentOS6.x box to receive ssh connections on a port other than the default 22, you have to change 3 things:
vi /etc/ssh/sshd_config port 1234 <--by default this is 22, change it to whatever port you want service sshd restart |
Now you have to tell SELinux about it so it will allow it:
yum install policycoreutils-python semanage port -a -t ssh_port_t -p tcp 5150 |
If this worked you should see sshd listening on a new port like:
semanage port -l | grep ssh ssh_port_t tcp 1234, 22 |
If you don’t, stop here and fix it or your ssh won’t work remotely and you may have few clues.
now tell IPTables to allow your new port by changing the –dport value (default 22) to your new port, 1234 in this example.
NOTE: Know what you’re doing with IPTables, or you can uncategorically hoze your machine and LOCK YOURSELF OUT in nasty ways, don’t make mistakes in the below command, or you’ll screw yourself. For example, don’t type port 1234 if your REAL port is 5678, and stuff like that. Beware of IPTables mistakes, everyone makes them and everyone locks themself out at least once 🙂
vi /etc/sysconfig/iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 1234 -j ACCEPT iptables-restore iptables |
Now BEFORE you logout, try logging in from your remote machine, it should work fine. If it works, it will also now survive a reboot with your IPTables firewall rule intact.
remote tunneling over ssh
Let’s say you have a remote server that’s only listening on localhost port 80 (for web) on that remote server, but you want to view it across an ssh tunnel on your laptop. On your SERVER do:
vi /etc/ssh/sshd_config GatewayPorts yes |
Then, on your LAPTOP do:
ssh -L 1234:localhost:80 yourusername@ser.ver.i.p |
Now go to a browser on your LAPTOP and visit http://127.0.0.1:1234 and you should see the website that’s hosted on the server.
Write a comment
You need to login to post comments!