Making Magic with SSH
| Author: |
Jason Smith <jhs@proven-corporation.com> |
|---|
| Copyright: |
2008 Proven Corporation Co., Ltd. |
|---|
| License: | Creative Commons Attribution-ShareAlike 3.0 |
|---|
| Date: |
January 26, 2008 |
|---|
| Version: |
1 |
|---|
Covering lesser known features of SSH: port forwarding, proxying, and virtual servers.
These slides and script are available under the Creative Commons
Attribution-ShareAlike 3.0 license, for you to use, reuse, or change.
These slides were originally inspired by and borrowed from Jeff Rush's
presentation, "Casting Your Knowledge, With Style" available from
http://showmedo.com/videos/video?name=970010&fromSeriesID=97
OpenSSH
- Secure Shell (OpenSSH)
- SSH as the IT killer app
- Amazing unexpected features
- Firewall and NAT Penetration
- Port Forwarding
- Web Proxying
- Windows magic too
About Me
- Jason Smith
- Ten years experience making magic
- Linux and Unix
- Free software
- Infrastructure
- Proven Corporation
About SSH
- Simple bi-directional pipe
- Transparently encrypted
- Many "telepresence" features
- Complex but well-documented
SSH Basics
- Shell
- scp
- sftp
- Windows tools
Password-less Login
- You get a public/private key pair
- You give the server your public key
- The server lets you log in if you have the private key
- Look into ssh-keygen and ssh-agent
- The point is, you can make SSH as convenient or secure as you need
One-off Command Execution
SSH is good for executing a command once on a remote system. When the command is complete, you log out.
- Easy: ssh <server> <command>
- Remember -t if you need fancy terminal stuff (like make menuconfig)
- Great for cron jobs and scripting for Linux, OSX, Unix, Windows hosts
The Escape Character: ~
- OpenSSH treats ~ after a newline as special
- . to terminate immediately
- ^Z to suspend
- # to show forwarded connections
- ~ to send the "~" character
GNU Screen
- Useful by itself but great with SSH
- So many features
- Permanent login sessions. Detach and re-attach later, without losing login state
- Tabbed virtual consoles
- Split screens
- Scrollback history
- Copy and paste
- I use this for servers, with several tabs for dedicated tasks.
OpenSSH for Windows
- Just Google this and install it
- Good for "net" commands to manage users, passwords, services, etc.
- Scripting Windows servers from Linux -- how great is that?
Temporary Servers
- Problem
- Virtual systems, development systems, foreign LANs
- Key management overkill gives you a headache
- Solution
- Temporarily ignore host information
- ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no
- I use an alias called "nossh"
Forwarding Anything to Anywhere
Remember, ssh connects to sshd. Each endpoint can pull in
TCP connections and make them pop out the other side.
Read about these in the ssh man page.
Forwarding Anything: Simple Port Forwarding
- Local (-L): ssh listens; incoming connections goes out sshd to anywhere you want
- Remote (-R): sshd listens; incoming connections goes out ssh to anywhere you want
- Example: Make my VNC desktop available from the remote machine:
- ssh -R 5900:localhost:5900 <remote system>
- Connections to the remote system on port 5900 will hit your VNC, even through NAT or firewall
- By default, only localhost connections are allowed. Use -g to allow non-local
Forwarding Anything: Dynamic Port Forwarding
Dynamic port forwarding (-D)
- Creates a SOCKS5 proxy, compatible with web browsers and most other applications
- Configure Firefox or IE for the port you specified. Instant encrypted web proxy.