Sunday, 19 August 2012

SSH client and daemon: Introduction

SSH client application allows you to logging in a remote computer, or execute commands remotely.

It is also able to execute graphical applications, and to forward TCP ports from and to local and remote machines.

SSH establishes a securely encrypted communication between local and remote hosts along an insecure network.

For SSH client to work it needs to connect to a SSH server in the remote computer.


SSH program binaries are:

ssh — OpenSSH SSH client (remote login program)
sshd — OpenSSH SSH daemon

In Debian or Ubuntu:

$ sudo aptitude install openssh-client # installs ssh client

$ sudo aptitude install openssh-server # installs sshd daemon


OpenSSH-client general configuration file: /etc/ssh/ssh_config

(NOTE: user config file in ~/.ssh/config overrides it)

Edit that file following its man page guidelines:
$ man ssh_config


OpenSSH-server configuration file: /etc/ssh/sshd_config

Man page shows info about this file options:
$ man sshd_config

Some interesting options we can change in server configuration file:

Port 22 # To set which port ssh daemon listens on
PermitRootLogin yes # if we want to log in as root.
X11Forwarding yes # enables X11 forwarding
X11DisplayOffset 10 # set X11 server display number starting from 10 up.

After editing server configuration file it is needed to restart sshd daemon.
$ sudo service ssh restart


To log in a remote computer:

$ ssh -l username -p port remote_hostname


$ ssh username@remote_hostname -p port

If we do not pass any port number, default is 22.
If we do not pass username, it uses same as local username.

Execute a command in a remote system

$ ssh user@hostname "command_to_execute"

E.g: $ ssh user@hostname "ls -l" # will list remote user home directory.

Using standard input, output and pipes we can exchange files between local and remote systems.

This command copies foo file from remote user home to current local directory:
$ ssh user@hostname "cat foo" | cat - > foo

Or the reverse way, copying foo file from local to remote machine:
$ cat foo | ssh user@hostname "cat - > foo"

Export X windows

When invoking ssh client, if we want to execute graphic applications, we need to provide some options to ssh client.

NOTE: Server needs X11 forwarding enabled for this to work, in config file.

$ ssh -XC user@hostname

-X option enables X11 forwarding
-C option enables compression.

We can see localy, X graphic apps executed in remote machine. They are usually attached to display :10 and upwards.
$ ssh -XC user@hostname
$ xeyes
$ env | grep -i display

or simply:
$ ssh -XC user@hostname xeyes

forward ports from local or remote machine

Forward local port to remote machine:

-L local_port:hostname:port # forwards local local_port to remote hostname:port.

E.g: Let's suppose telnet is enabled at port 25 in remote machine.
$ ssh -L 2025:localhost:25 # That forwards local port 2025 to 25 in the remote machine.
Then in local computer we can exec:
$ telnet -l user localhost:2025 # and we would log in into the remote machine.

E.g: from x11vnc man page:
$ ssh -t -L 5900:localhost:5900 far-host 'x11vnc -localhost -display :0'
localhost means there the remote computer, where ssh server is placed.

$ ssh -l username remote_IP -L 8025:localhost:25 -L 8143:localhost:143

Forward ports from remote machine to some host in local network side:

-R port:host:hostport # forwards remote machine port "port", to host:hostport

E.g:$ ssh -l user remote_IP -R 2222:
Then in remote machine, if we connect to port 2222 we are actually accessing to port 5900 in local machine.
remote_box$ vncviewer localhost:2222


$ man ssh
$ man sshd
$ man ssh_config
$ man sshd_config

0 comentarios: