Jul 082010

From diogomelo.net

SSH is a powerful tool that allow you to remotely operate another machine. Here you’ll find some tips about SSH.

Basic Usage
The most typical usage of SSH is something like this:

ssh [email protected]

Where dmelo is the user name and merov [1] the name of the host being accessed. When run this command the ssh use TCP to start a communication on the port 22 of the host merov (it can also be an IP address) and tells that the users dmelo wants to start a secure remote shell. You’ll be prompted about your password. The user name and the password must match with the /etc/passwd file, which is the default to make authentications.

Installing and configuring a SSH server
By default, ssh client is present on most part of the Linux distributions but the ssh server is not. To install the ssh server on Ubuntu you must install the package openssh-server.

sudo apt-get install openssh-server

No further configuration is necessary to get the ssh server working. After that command, the apt will install and run the server. But there is some security constraints that I will cover here. There is a lot of robots trying to hack machines over the internet. A good amount of them try it by ssh. This robots try to open a connection with the port 22 to verify if there is any ssh server running. When the robot find a machine with ssh, it start trying to login into that machine. There is three simple actions that can help you to prevent that kind of attacks.

  • Disable ssh root access
  • Change the ssh port
  • Be sure that none of the users have weak password

When you try to login, using ssh, you have to provide a user and a password. A user that all linux machine have is the root. If the cracker get root access to some machine, nothing (almost nothing) can stop him. When a robot is going to search for ssh servers, it usually try only the port 22. If your ssh server is working on a different port, you’ll avoid most part of them. Weak passwords is a big problem. Since the robot can try to connect a lot of times and one time or another it will find a user with a weak password.

To disable root access you’ll have to edit the file /etc/ssh/sshd_config, don’t forget that you need superuser privileges for that sudo gedit /etc/ssh/sshd_config. On the line with PermitRootLogin yes, replace the ‘yes’ by ‘no’. On the same file you can change the port. Look for the line Port 22 and replace the 22 by another number. Be sure the new port is not being used by another software and prefer to use ports above 1024, like 2222 for example. After that you have to restart the server.

sudo sh /etc/init.d/ssh restart

Running graphical softwares
That’s the basic stuff let’s turn the things a little more interesting. Usually you can only use non graphical software. SSH has a way to export the X from the remote machine to yours. To do that you need to add the flag `-X`.

ssh -X [email protected]

By doing this you’ll be able to run graphical softwares like firefox :D. The only constraint is about audio. SSH does not support export it but some geeks have found a way to do so. As you may expect by using graphical software over SSH you’ll need a larger bandwidth.

SCP – Transferring files between hosts
Sometimes is necessary to transfer a file over the network. ssh offers a way to do that. The scp command uses ssh to copy a file. The command syntax is very similar to the cp command. The difference is on how to describe a file on a remote machine. Let ‘book.pdf’ be a file in my home, on the host ‘merov’. The address that describe this file is [email protected]:/home/dmelo/book.pdf`. To copy this file to my local machine I have to do only this

scp [email protected]:/home/dmelo/book.pdf ./

This command will copy the file from the remote host `merov` to the current path of my local machine. Since the communications is encrypted, scp provide you an efficient and safe way to transfer you files. By default, the port is 22, if the server is running on a different port you can specify that using the flag -P. Like this

scp -P22 [email protected]:/home/dmelo/book.pdf

SSHFS – Mouting partitions over SSH
Another very nice thing about SSH is that it allows you to remotely mount partitions. Yes, you can see remote directories on the same way you see your pendrive. But, for this you need to install sshfs. In ubuntu it’s simple `sudo apt-get install sshfs`. SSHFS is a file system client based on ssh. It does not require root permissions to mount partitions. The syntax is similar to ssh.

sshfs [email protected]:/home/dmelo movies

After this, my home will be mounted on the local ./movies path.

Playing movies and music over SSH
To play stuff you can simply use sshfs but there is another way. The command

ssh [email protected] cat movie.avi | mplayer -

This command will redirect the stdout of the file movie.avi to the input of the mplayer and mplayer will play the movie (or whatever media it is). It’s important to note that mplayer is running on the local machine. So, you won’t have troubles with sound.

Creating tunnels
Create tunnel is not any secret. The sintax is

ssh -L partA:hostA:portB [hostB]

This command would create a tunnel from portA of hostA to portB of hostB. If you don’t specify hostB then it will be portA to portB of hostA.

The tip here is about the way to make the tunnel. Use “-N” to avoid open a shell on the foreign host. When you run without the “-N” it logs in on the foreign host. With the “-N” it just make the tunnel.

ssh -N -L portA:hostA:portB hostB

Connecting Without Password Request
Imagine that you have to connect to a machine many times per day. Provide the password every time you login is very tiring. You can add an entry to /etc/hosts to make your machine assiciate a host name with an IP. If you add the line “ usp” into /etc/host, you can ping the IP, by just doing ping usp. It’s useful when you use a lot of times the a server.

Share This!
 Posted by at 5:36 am

Sorry, the comment form is closed at this time.