Saturday, June 28, 2008

SSH tips

Still trying to make my home office a little more cleaned up. So I am skimming all the old magazines if I can throw them away or that I want to dig into a article some more before I do. So now I have come across a article with some of those nice trick and tips about SSH and I like to share them with you before I the magazine is in the bin.

So some short tips and tricks about ssh. According to Wikipedia:

“Secure Shell or SSH is a network protocol that allows data to be exchanged using a secure channel between two computers. Encryption provides confidentiality and integrity of data over an insecure network, such as the Internet. SSH uses public-key cryptography to authenticate the remote computer and allow the remote computer to authenticate the user, if necessary.[1]

SSH is typically used to log into a remote machine and execute commands, but it also supports tunneling, forwarding arbitrary TCP ports and X11 connections; it can transfer files using the associated SFTP or SCP protocols.[1] SSH uses the client-server protocol.

An SSH server, by default, listens on the standard TCP port 22.[2]

An SSH client program is typically used for establishing connections to an SSH daemon accepting remote connections. Both are commonly present on most modern operating systems, including Mac OS X, Linux, FreeBSD, Solaris and OpenVMS. Proprietary, freeware and open source versions of various levels of complexity and completeness exist.”

So the tips from the magazine:
Setting up a secure tunnel with SSH within a SSH tunnel for services. Lets say you have a server running a service on port 567 and you want to access this service in a secure way and not unencrypted over the network. You do have a possibility to create a SSH tunnel to connect to you UNIX server. What you can do now is to map the remote port 567 to a local port, for example, 789. This way the connection between your workstation and the server will be encrypted and the communication between your local application and the remote service will be done internally on you workstation so no information will be traveling unencrypted over the network. This is how you do that:

Lets say your server domain name is testserver.externaldomain.org and your username is johan

ssh –NfL 789:testserver.externaldomain.org:567 johan@testserver.externaldomain.org

After providing the password for you account on the remote machine you can now access the remote service on port 567 on your local port 789

Second one is about copy a file from one machine to another by using a ssh tunnel. Make use of scp. Lets say you have a file in ~/files/filename1.txt and you want it move to machine testserver.externaldomain.org you do the following:

scp ~/files/filename1.txt johan@ testserver.externaldomain.org /root/files/filename1.txt

now let’s say you are not on the server that has the file you want to copy and you are not on the server you want the files copied to. The files are on fileserver.someexternaldomain.com and you want it to move to testserver.externaldomain.org you do the following(your username on the fileserver is johanx):

scp johanx@fileserver.someexternaldomain.com ~/files/filename1.txt johan@testserver.externaldomain.org /root/files/filename1.txt

You can also make use of sftp to move files. Check out this page for more information about sftp.

No comments: