Cognitionis
The little I know
Home Blog Explorer Bibliography About me Login

SSH – Remote Linux Access


Secure Shell or SSH is a network protocol that allows data to be exchanged over a secure channel between two computers. It uses public-key cryptography to authenticate the remote computer and allow the remote computer to authenticate the user, if necessary.

SSH is typically used to log into a remote machine and execute commands, but it also supports tunneling, forwarding arbitrary TCP ports and X11 connections; it can transfer files using the associated SFTP or SCP protocols. An SSH server, by default, listens on the standard TCP port 22.

An SSH client program is typically used for establishing connections to an SSHD daemon accepting remote connections.

Installation: sudo apt-get install ssh (It have to be installed in both machines client and target)
Usage: ssh hostname or ssh user@hostname
To be able to execute X11 commands you have to use -X option (ie.: ssh -X user@altea.dlsi.ua.es)
To use -X ssh configuration (/etc/ssh/sshd_config) must contain:
X11Forwarding yes
X11DisplayOffset 10
After making any change you should restart ssh (/etc/init.d/ssh restart )

When “remote host identification has changed” error apears you can solve it by deleting $HOME/.ssh/known_hosts file.

You have to configure somethings… see: (export display)

http://mcuser.valencia.edu/ca/art.php?art=ard&pag=rx11.html

Trick: if you want to execute Firefox remotely you have to kill it first using killall -9 firefox-bin

TIP: When you need to make a tunnel to acced to a machine and you want to forward the X

Open the tunnel:
ssh -X -C -L 2222:private_machine_domain:22 tunel_user@tunel_public_domain

Use it (in a new shell):
ssh -X  -p 2222 user_target_machine@localhost

If you need to surf the web use the ligth-weight-low-mem browser:  epiphany-browser

If you get an “man-in-the middle attack security error” (someone is doing something nasty) just remove in your local machine the implied line in .ssh/known_hosts

Example:

Offending key in /home/hector/.ssh/known_hosts:8

–> remove line 8


Use SCP to transfer files: scp file usr@hostname:

TRICK: It’s better to transfer compressed files containing whatever we want to transfer but when not possible use scp -r to copy entire directories recursively.

Screen, such an util application. You can close ssh shell and mantine the session active (but you can’t turn off your machine).

Execute in background to avoid killing programs executed in a ssh session on closing (&).
Is not enough to use & you should use nohup as well (example: nohup wget “link_ftp” &). Explanation

When you logout fom bash it throws a hup to all client jobs killing them. To avoid this you can use shopt to view shell options and notice that huponexit is on. The trivial solution is to turn it off by shopt -u huponexit (-s to re-activate).

SSH through PHP

Two different options are the best I’ve found to use SSH in PHP:

  1. Using ssh2 php module (requiring libssh2).
  2. Using expect to login like if we were in a shell.

SSH through Bash shell script

The script basically needs to run only the following command:
ssh user@host command
where “command” is a program (script) on the remote host to create new squid config, stop squid and restart it.

To be able to automatically login using SSH, you should put the public key of your host in ~user/.ssh/authorized_keys file on the remote machine.

Users can set up SSH so that they have passwordless ssh access to DreamHost servers.

On your home computer, you must generate an RSA private key:

ssh-keygen -t rsa

It will prompt you for three things, hit enter to accept the default on all three.

Next, you must copy your public key to DreamHost’s server. Replace user and example.com with your username and domain name, respectively.

scp ~/.ssh/id_rsa.pub user@example.com:~/

Now you must ssh to your account (using your password):

ssh user@example.com

Now append the public key to your authorized keys file and delete the file you uploaded:

mkdir .ssh
cat id_rsa.pub >> .ssh/authorized_keys
rm id_rsa.pub

Now make sure permissions are set properly for all necessary files and directories:

chmod go-w ~
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys


Another way to do it (useful when you do not have permissions
 or you do not have ssh-keygen) is:

Example altea.dlsi.ua.es no permissions.

Generate a pair of keys wherever (i.e., hector@hllorens): ssh-keygen -t rsa.
IMPORTANT: It does not matter if you create the kays in your mum's PC.

Then copy the private key in the source machine (altea.dlsi.ua.es):
scp ~/.ssh/rsa_id hllorens@altea:/.ssh/rsa_id
(its better to copy the public key as well .pub to have a copy there)

After that, include public key in authorized_keys of
destination machines you want to access without password:

copy the key.pub and cat key.pub >> authorized keys
or
edit authorized keys and copy this key (that way you don't need scp)

from whereverItIs or hllorens@altea: scp algo.pub hector@hllorens or hllorens@srv2: (destMachine)
from destMachine: cat algo.pub >> .ssh/authorized_keys

check permisions: 

chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys


That's it!

 
©2008 Cognitionis - Hector Llorens