.. include:: ====================== Making Magic with SSH ====================== :Author: Jason Smith :Copyright: 2008 Proven Corporation Co., Ltd. :License: Creative Commons Attribution-ShareAlike 3.0 :Date: January 26, 2008 :Version: 1 Covering lesser known features of SSH: port forwarding, proxying, and virtual servers. .. footer:: www.proven-corporation.com .. container:: handout These slides and script are available under the Creative Commons Attribution-ShareAlike 3.0 license, for you to use, reuse, or change. These slides were originally inspired by and borrowed from Jeff Rush's presentation, "Casting Your Knowledge, With Style" available from http://showmedo.com/videos/video?name=970010&fromSeriesID=97 OpenSSH ======== .. container:: slide-display * Secure Shell (OpenSSH) * SSH as the IT killer app * Amazing unexpected features * Firewall and NAT Penetration * Port Forwarding * Web Proxying * Windows magic too .. contents:: Table of Contents :class: handout About Me ======== * Jason Smith * Ten years experience making magic * Linux and Unix * Free software * Infrastructure * Proven Corporation * Newly-founded * Advanced free software in Southeast Asia * http://proven-corporation.com About SSH ========= * Simple bi-directional pipe * Transparently encrypted * Many "telepresence" features * Complex but well-documented SSH Basics ========== * Shell * scp * sftp * Windows tools * PuTTY, pscp * WinSCP Password-less Login =================== * You get a public/private key pair * You give the server your public key * The server lets you log in if you have the private key * Look into ``ssh-keygen`` and ``ssh-agent`` * The point is, you can make SSH as convenient or secure as you need One-off Command Execution ========================= SSH is good for executing a command once on a remote system. When the command is complete, you log out. * Easy: ``ssh `` * Remember ``-t`` if you need fancy terminal stuff (like ``make menuconfig``) * Great for cron jobs and scripting for Linux, OSX, Unix, Windows hosts The Escape Character: ~ ======================= * OpenSSH treats ``~`` after a newline as special * ``.`` to terminate immediately * ``^Z`` to suspend * ``#`` to show forwarded connections * ``~`` to send the "~" character GNU Screen ========== * Useful by itself but **great** with SSH * So many features * Permanent login sessions. Detach and re-attach later, without losing login state * Tabbed virtual consoles * Split screens * Scrollback history * Copy and paste * I use this for servers, with several tabs for dedicated tasks. OpenSSH for Windows =================== * Just Google this and install it * Good for "net" commands to manage users, passwords, services, etc. * Scripting Windows servers from Linux -- how great is that? Temporary Servers ================= * Problem * Virtual systems, development systems, foreign LANs * Key management overkill gives you a headache * Solution * Temporarily ignore host information * ``ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no`` * I use an alias called "nossh" Forwarding Anything to Anywhere =============================== Remember, ``ssh`` connects to ``sshd``. Each endpoint can pull in TCP connections and make them pop out the other side. Read about these in the ssh man page. Forwarding Anything: Simple Port Forwarding =========================================== * Local (-L): ``ssh`` listens; incoming connections goes out ``sshd`` to anywhere you want * Remote (-R): ``sshd`` listens; incoming connections goes out ``ssh`` to anywhere you want * Example: Make my VNC desktop available from the remote machine: * ``ssh -R 5900:localhost:5900 `` * Connections to the remote system on port 5900 will hit your VNC, even through NAT or firewall * By default, only localhost connections are allowed. Use ``-g`` to allow non-local Forwarding Anything: Dynamic Port Forwarding ============================================ Dynamic port forwarding (-D) * Creates a SOCKS5 proxy, compatible with web browsers and most other applications * Configure Firefox or IE for the port you specified. Instant encrypted web proxy. Thank You! ========== I am: jhs@proven-corporation.com These slides are under CC-By-SA 3.0. .. Local Variables: mode: rst mode: outline-minor End: