SSH client and daemon: Introduction
SSH client application allows you to logging in a remote computer, or execute commands remotely.
It is also able to execute graphical applications, and to forward TCP ports from and to local and remote machines.
SSH establishes a securely encrypted communication between local and remote hosts along an insecure network.
For SSH client to work it needs to connect to a SSH server in the remote computer.
INSTALL SSH AND SSHD
SSH program binaries are:
ssh — OpenSSH SSH client (remote login program)
sshd — OpenSSH SSH daemon
In Debian or Ubuntu:
$ sudo aptitude install openssh-client
# installs ssh client$ sudo aptitude install openssh-server
# installs sshd daemonCONFIGURE SSH CLIENT
OpenSSH-client general configuration file:
/etc/ssh/ssh_config
(NOTE: user config file in ~/.ssh/config overrides it)
Edit that file following its man page guidelines:
$ man ssh_config
CONFIGURE SSH SERVER
OpenSSH-server configuration file:
/etc/ssh/sshd_config
Man page shows info about this file options:
$ man sshd_config
Some interesting options we can change in server configuration file:
Port 22
# To set which port ssh daemon listens onPermitRootLogin yes
# if we want to log in as root.X11Forwarding yes
# enables X11 forwardingX11DisplayOffset 10
# set X11 server display number starting from 10 up.After editing server configuration file it is needed to restart sshd daemon.
$ sudo service ssh restart
REMOTE LOGIN
To log in a remote computer:
$ ssh -l username -p port remote_hostname
or
$ ssh username@remote_hostname -p port
If we do not pass any port number, default is 22.
If we do not pass username, it uses same as local username.
Execute a command in a remote system
$ ssh user@hostname "command_to_execute"
E.g:
$ ssh user@hostname "ls -l"
# will list remote user home directory.Using standard input, output and pipes we can exchange files between local and remote systems.
This command copies foo file from remote user home to current local directory:
$ ssh user@hostname "cat foo" | cat - > foo
Or the reverse way, copying foo file from local to remote machine:
$ cat foo | ssh user@hostname "cat - > foo"
Export X windows
When invoking ssh client, if we want to execute graphic applications, we need to provide some options to ssh client.
NOTE: Server needs X11 forwarding enabled for this to work, in config file.
$ ssh -XC user@hostname
-X option enables X11 forwarding
-C option enables compression.
We can see localy, X graphic apps executed in remote machine. They are usually attached to display :10 and upwards.
$ ssh -XC user@hostname
$ xeyes
$ env | grep -i display
DISPLAY=localhost:10.0
or simply:
$ ssh -XC user@hostname xeyes
forward ports from local or remote machine
Forward local port to remote machine:
-L local_port:hostname:port
# forwards local local_port to remote hostname:port.E.g: Let's suppose telnet is enabled at port 25 in remote machine.
$ ssh -L 2025:localhost:25
# That forwards local port 2025 to 25 in the remote machine.Then in local computer we can exec:
$ telnet -l user localhost:2025
# and we would log in into the remote machine.E.g: from x11vnc man page:
$ ssh -t -L 5900:localhost:5900 far-host 'x11vnc -localhost -display :0'
localhost means there the remote computer, where ssh server is placed.
E.g:
$ ssh -l username remote_IP -L 8025:localhost:25 -L 8143:localhost:143
Forward ports from remote machine to some host in local network side:
-R port:host:hostport
# forwards remote machine port "port", to host:hostport E.g:
$ ssh -l user remote_IP -R 2222:192.168.0.10:5900
Then in remote machine, if we connect to port 2222 we are actually accessing to port 5900 in local machine.
remote_box$ vncviewer localhost:2222
REFERENCE
$ man ssh
$ man sshd
$ man ssh_config
$ man sshd_config
0 comentarios:
Post a Comment