Logicalwebhost Cheatsheet

Linux & Open Source Cheatsheets & Howto's

Skip to: Content | Sidebar | Footer

ssh

26 January, 2011 (17:21) | linux commands | By: unclecameron

an encrypted login to a server running openssh-server

install (debian variants)

apt-get install openssh-server

configure to login from your laptop without being prompted for passwords, using dsa encrypted keys you generate on your laptop and then transfer to the server so it knows who you are by matching the key when you login. On your laptop do this:

ssh-keygen -t rsa -f ~/.ssh/id_rsa -C "yourusername@laptop's_IP_or_hostname.com"
cat ~/.ssh/id_rsa.pub | ssh yourusername@server.ip.or.hostname 'cat - >> ~/.ssh/authorized_keys'
ssh-add

it will prompt you for a password when you do this the first time, then you should be able to just do

ssh yourusername@server.ip.or.hostname

and it should just log you in automatically without prompting you for anything. If you are using SELinux, like on CentOS, you also have to do (on SERVER):

restorecon -Rv ~/.ssh

troubleshooting

if you get an error:

bash: /home/yourusername/.ssh/authorized_keys: No such file or directory

it means you have to create the directory to put the key in on your server so do:

ssh yourusername@server.ip.or.hostname
mkdir .ssh
touch .ssh/authorized_keys
exit

then run the “cat command” above again, it should fix that

keep ssh server from logging you off quickly

In case you are doing longer jobs and want to stay logged in longer. You can also use screen for this too, but here we edit /etc/ssh/sshd_config and add this line to the end and then reload the config like:

ClientAliveInterval 300
/etc/init.d/ssh reload

the 300 means 300 seconds or 5 minutes, set it to what you want. This will ask the client if it’s still there for 5 minutes and wait to disconnect until it gets 2 lack of responses.

CentOS ssh on non-standard port

Assuming you want your RedHat6.x/CentOS6.x box to receive ssh connections on a port other than the default 22, you have to change 3 things:

vi /etc/ssh/sshd_config
  port 1234 <--by default this is 22, change it to whatever port you want
service sshd restart

Now you have to tell SELinux about it so it will allow it:

yum install policycoreutils-python
semanage port -a -t ssh_port_t -p tcp 5150

If this worked you should see sshd listening on a new port like:

semanage port -l | grep ssh
  ssh_port_t                     tcp      1234, 22

If you don’t, stop here and fix it or your ssh won’t work remotely and you may have few clues.

now tell IPTables to allow your new port by changing the –dport value (default 22) to your new port, 1234 in this example.

NOTE: Know what you’re doing with IPTables, or you can uncategorically hoze your machine and LOCK YOURSELF OUT in nasty ways, don’t make mistakes in the below command, or you’ll screw yourself. For example, don’t type port 1234 if your REAL port is 5678, and stuff like that. Beware of IPTables mistakes, everyone makes them and everyone locks themself out at least once 🙂

vi /etc/sysconfig/iptables
  -A INPUT -m state --state NEW -m tcp -p tcp --dport 1234 -j ACCEPT
iptables-restore iptables

Now BEFORE you logout, try logging in from your remote machine, it should work fine. If it works, it will also now survive a reboot with your IPTables firewall rule intact.

remote tunneling over ssh

Let’s say you have a remote server that’s only listening on localhost port 80 (for web) on that remote server, but you want to view it across an ssh tunnel on your laptop. On your SERVER do:

vi /etc/ssh/sshd_config
  GatewayPorts yes

Then, on your LAPTOP do:

ssh -L 1234:localhost:80 yourusername@ser.ver.i.p

Now go to a browser on your LAPTOP and visit http://127.0.0.1:1234 and you should see the website that’s hosted on the server.

Write a comment

You need to login to post comments!