ssh « Notes from a Sysadmin

Have you ever wanted to ssh to your Linux box that sits behind NAT? Now you can with reverse SSH tunneling. This document will show you step by step how to set up reverse SSH tunneling. The reverse SSH tunneling should work fine with Unix like systems.

Let’s assume that Destination’s IP is 192.168.20.55 (Linux box that you want to access).

You want to access from Linux client with IP 138.47.99.99.

Destination (192.168.20.55)

1. SSH from the destination to the source (with public ip) using command below:

ssh -R 19999:localhost:22 sourceuser@138.47.99.99

* port 19999 can be any unused port.

2. Now you can SSH from source to destination through SSH tuneling:

ssh localhost -p 19999

3. 3rd party servers can also access 192.168.20.55 through Destination (138.47.99.99).

Destination (192.168.20.55)

3.1 From Bob’s server:

ssh sourceuser@138.47.99.99

3.2 After the sucessful login to Source:

ssh localhost -p 19999

* the connection between destination and source must be alive at all time.

Tip: you may run a command (e.g. watch, top) on Destination to keep the connection active.

This is the script to add in the cronjob best all 5 min:

if [ -z "`ps | grep use[r]`" ] then ssh -R 18000:localhost:22 -f -N -T user@zurich.host.com -p 6022 & echo "start autotunnel" >> tunnellog.log else echo "autotunnel is started" >> tunnellog.log fi

to add the ssh key:

ssh user@192.168.59.123 -p 6022 mkdir -p .ssh

cat .ssh/id_rsa.pub | ssh user@192.168.59.123 -p 6022 ‘cat >> .ssh/authorized_keys’

don’t forget on the target:

ssh-keygen -t rsa

Your aim

You want to use Linux and OpenSSH to automize your tasks. Therefore you need an automatic login from host A / user a to Host B / user b. You don’t want to enter any passwords, because you want to call ssh from a within a shell script.

How to do it

First log in on A as user a and generate a pair of authentication keys. Do not enter a passphrase:

a@A:~> ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/a/.ssh/id_rsa):
Created directory ‘/home/a/.ssh’.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/a/.ssh/id_rsa.
Your public key has been saved in /home/a/.ssh/id_rsa.pub.
The key fingerprint is:
3e:4f:05:79:3a:9f:96:7c:3b:ad:e9:58:37:bc:37:e4 a@A
Now use ssh to create a directory ~/.ssh as user b on B. (The directory may already exist, which is fine):

a@A:~> ssh b@B mkdir -p .ssh
b@B’s password:
Finally append a’s new public key to b@B:.ssh/authorized_keys and enter b’s password one last time:

a@A:~> cat .ssh/id_rsa.pub | ssh b@B ‘cat >> .ssh/authorized_keys’
b@B’s password:
From now on you can log into B as b from A as a without password:

a@A:~> ssh b@B hostname
B
A note from one of our readers: Depending on your version of SSH you might also have to do the following changes:

Put the public key in .ssh/authorized_keys2
Change the permissions of .ssh to 700
Change the permissions of .ssh/authorized_keys2 to 640

rsync –dry-run -rvce “ssh -p port#” user@server1:/var/www/vhosts/ /var/www/vhosts/domain.com

Client:~# cd /home/user/.ssh/
Client :~# ssh-keygen -t rsa
Anmerkung bzgl. Passphrase: 3 x RETURN drücken, da sonst diese bei Anmeldung abgefragt wird. Ggf. können Sie natürlich zwecks Sicherheit die Passphrase nutzen.

to generate the key in the server: ssh-keygen -t rsa -b 2048

ssh-copy-id root@servername.comain.ch

ssh-copy-id “user@host -p 8129”

/usr/bin/rsync -e ssh -vz -r --delete sourcepath root@tagethost:targetpath/ 2>&1 > /home/data/share/logfileorpath-`date +%Y-%m-%d` &

Script um via ssh auf den eine bliebige IP und Port via ssh Tunnel zuzugreifen
#! /bin/bash # establish a connection to customer # use Firefox with htp://localhost:8888 ssh -L 8888:"targetIP":"targetPort" root@host.office-on-the.net -p 22

Notes from a Sysadmin

Tag Archives: ssh

Reverse SSH Tunneling generall

compare folders via ssh

ssh copy key

rsync via ssh Beispiel

ssh redirector