Archive for the ‘SSH’ Category.
I use GNU Screen a lot – as in basically all the time, and when I SSH somewhere I like to set the title of the screen I’m in, so I can easily keep track of loads of them.
To do this I’ve come up with a script which can be executed by SSH when it connects to a remote server.
Continue reading ‘Automagically set titles to boxes you ssh in screen.’ »
Edit /etc/sysconfig/SuSEfirewall2:
#do not open ssh ports here
FW_SERVICES_EXT_TCP=""
FW_CONFIGURATIONS_EXT=""
#add this rule
FW_SERVICES_ACCEPT_EXT="0.0.0.0/0,tcp,22,,hitcount=3,blockseconds=60,recentname=ssh"
#Restart firewall:
rcSuSEfirewall2 restart
Now attacker will just have three attempts to break in.
Get TRAMP (Transparent Remote file Access, Multiple Protocol) :
http://savannah.gnu.org/projects/tramp/
Install it :
cd ~/.emacs.d/ tar -xvzf /your/download/folder/tramp-2.X.X.tar.gz ln -s tramp-2.X.X tramp cd tramp ./configure --with-contrib make sudo make install
Configure your emacs to use it :
1. Add the following in your .emacs
;; Remote file editing via ssh (add-to-list 'load-path "~/.emacs.d/tramp/lisp/") (require 'tramp) (setq tramp-default-method "ssh")
2. Launch your emacs
3. C-x C-f /user@your.host.com:/path/to/file
Warning :
Seems it doesn’t work if no password is required to login to host (using public key for example). But not sure at all…
Although using public key authentication instead of passwords is a great method for increasing the security of SSH transfers, transferring SSH identity keys can be a royal pain. First, you create your key pairs; then, you copy the public key into the correct locations on all the machines you want to log into. The keys must be in a particular format, and you must go into the correct directory with the correct permissions. Fortunately, ssh-copy-id, a slick utility included with OpenSSH, makes it easy.
Continue reading ‘Ssh-copy-id and other ssh tips’ »
I noticed recently that ssh connections from my Ubuntu laptop to my Debian server would time out and disconnect if I left the connection idle for a long-ish period of time. This really annoyed me, because my
Debian desktop does not exhibit this behavior when connecting to the server.
Port forwarding, or tunneling, is a way to forward otherwise insecure TCP traffic through SSH Secure Shell. You can secure for example POP3, SMTP and HTTP connections that would otherwise be insecure.
There are two kinds of port forwarding: local and remote forwarding. They are also called outgoing and incoming tunnels, respectively.
Local port forwarding forwards traffic coming to a local port to a specified remote port. For example, all traffic coming to port 1234 on the client could be forwarded to port 23 on the server (host).
Continue reading ‘Howto use SSH local and remote port forwarding’ »
I had to set up a chrooted user account with scp-Access to let people upload files to a server in order not to let them browse the whole filesystem.
All the tutorials I found on the Internet described only the process of patching either the openssh-sources or installing a separate program to be used as a Shell.
So Wolfgang Fuschlberger wrote this Script which does all the work automatically to set up a working chroot-jail.
View the source
Download the file make_chroot_jail.sh.
Continue reading ‘Howto Setup a chroot jail for ssh with Linux’ »
You can provide ssh with a config file if you’re connecting to many different machines with different ports, user names etc.
Many of us have been in this scenario – you’re on the move, using a random WiFi connection that you can get. You want to browse around to all your favourite sites, including ones where you log in over normal HTTP, but you’re not entirely convinced of the security of the connection, so you don’t.
If you have access to pretty much any server running SSH where you can log in, you actually can set up a secure tunnel to route all of your data through using nothing more than what you already have. Kind of like a very simple VPN, that you can do on the fly.
