Showing posts with label ssh. Show all posts
Showing posts with label ssh. Show all posts

Saturday 7 April 2012

Sexy SSH Tricks For Linux Geeks

Previously I had posted on mounting filesystem over SSh and now its time for yet another post on cool SSh tricks.

So lets see few of the several SSH tricks that we either need to use or can use for fun and making stuffs easier.

Password-less SSH

No matter how convinient it is to use SSH to connect to remote server, people tend to seek for more ease and typing passwords each time you are on interactive shell is something most users hate. Moreover, you can even prevent the bruteforcing attacks by using password-free SSH with small extra configuration change. First we need to generate a pair of keys by using the ssh-keygen tool. ssh-keygen generates, manages and converts authentication keys for ssh. ssh-keygen can create RSA keys for use by SSH protocol version 1 and DSA, ECDSA or RSA keys for use by SSH protocol version 2. In my example, I'll generate DSA keys as below:

ssh-keygen -t dsa

Do not supply any passphrase and keep on pressing ENTER if you are looking for password-free SSH login. This will create two files id_dsa(private key) and key). All we have to do is copy the public key to the remote server computer and then add the content of public key to the list of authorized keys as below(or using nano or whatever you find easier):

cat >> ~/.ssh/authorized_keys

You can even supply passphrase if you want and this will make authentication more secure. In that case, be sure to set the following value in /etc/ssh/sshd_config:

PasswordAuthentication no

Mount Filesystem over SSH

This is another useful trick to use while working over SSH. The details on this can be read here.

Copy File Over SSH Using SCP

SCP is a SSH based tool that provides an easy way to copy files over SSH. You can copy files from and to SSH server to/from your machine and also copy files from one server to another directly. Check my previous blog post on SCP for further details.

Running Graphical Softwares Over SSH

With SSH, you can configure the X11 Forwarding(set to Yes in /etc/ssh/sshd_config for global effect and host-by-host basis in /etc/ssh/ssh_config by setting ForwardX11 yes) which allows us to run the graphical softwares on server over SSH. You can run the graphical softwares over SSH by supplying the -X switch while connecting to the server. An example is shown below:

ssh -X samar@ -p 222

Compressed and Encrypted SSH Sessions

Another good thing to do is compress and encrypt the SSH sessions. Compression is usually a very good idea for slow networks but is not desirable for faster networks where compression and de-compression might cause more overhead. The compression algorithm used by SSH is gzip and requests compression of all data (including stdin, stdout, stderr, and data for forwarded X11 and TCP connections). The default value can be set on a host-by-host basis in the configuration files(/etc/ssh/ssh_config) by setting the Compression option. To enable compression, use the -C switch while connecting to the remote SSH server or set the Compression yes in your config file.

Similarly, we can encrypt the SSH sessions using one of the different available block ciphers: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc. IMHO, using aes256-ctr would be sufficiently secure due to 256 bits key size. Below is an example of using both the compression and encryption while establishing the SSH connection.

ssh -c aes256-ctr -C hostel@

Disable Root Login

Its not a good thing to allow root login in SSH so be sure root login is disabled in your SSH server. This is done by setting the configuration(/etc/ssh/sshd_config) as PermitRootLogin no. What more? Disable the password-based logins and use the key-based login. And to keep script kiddies out, you could change the default port in the configuration.

Disable Last Login & Default MOTD

By default, while logging in to the SSH servers like OpenSSH, we will see some kind of banner that includes a MOTD(Message Of The Day) and last login user and time. Disabling these or changing the banner requires two modifications.

To prevent the last login status, simply change and set as following in the configuration file(/etc/ssh/sshd_config):

PrintMotd no
PrintLastLog no

And also, change the content of the file /etc/motd and /var/run/motd which by default contains the banner message that is displayed by SSH.

So that's the end. Of course, there are more sexy SSH tricks which I'll cover up once I get some free time. Also, share what you have :)


Thursday 5 April 2012

How To Mount Folder or Filesystem Over SSh

Many times you need to interact a lot with some directory or a filesystem while working remotely on a server over SSh. Things will be way easier if you can mount the remote folder or filesystem over SSh and I am going to show how to do this thing in this very post.

SSHFS (Secure SHell FileSystem) is a file system for Linux (and other operating systems with a FUSE implementation, such as Mac OS X or FreeBSD) capable of operating on files on a remote computer using just a secure shell login on the remote computer. On the local computer where the SSHFS is mounted, the implementation makes use of the FUSE (Filesystem in Userspace) kernel module. The practical effect of this is that the end user can seamlessly interact with remote files being securely served over SSH just as if they were local files on his/her computer. On the remote computer the SFTP subsystem of SSH is used.

SSHFS can be downloaded and installed from HERE. Most linux distros have sshfs in their repositories. You can use the respective package managers to install the sshfs in the client system(i.e. your system).

Ubuntu and debian users can type the following in the terminal to install sshfs:

samar@Techgaun:~$ sudo apt-get install sshfs

Once you install sshfs, you are ready to mount the remote files and folders over SSh. The syntax for mounting the remote filesystem/folder is pretty straightforward.
The syntax is: sshfs -p SSHPort [user@]host:[dir] mountpoint

An example of mounting the remote system's /opt directory in my Desktop

samar@Techgaun:~$ sshfs -p 222 kubh@ ~/Desktop/remote/

Unmounting can be done by using the command as below:
samar@Techgaun:~$ fusermount -u ~/Desktop/remote/

I hope this counts as a useful tips for you. :)


Monday 29 August 2011

More Multi-Tabbed Putty Tools

In the previous post, MTPuTTY(which was written in native win32 code) was introduced as the solution for multiple tabs in Putty. But there are few other solutions already for multiple tabs in PuTTY which I am introducing in this post.

Both the tools I am talking about require .NET framework 2.0 to function which was not the necessity of MTPuTTY.

The first one is PuTTY Connection Manager addon. PuTTY Connection Manager is a free PuTTY Client Add-on for Windows platforms which goal is to provide a solution for managing multiple PuTTY instances.

For more details and downloads, visit official site.

Another tool is PuTTYTabs which reads the Registry information of PuTTY and opens a new tab for each opened window by the user. The source code of PuttyTabs is also available for download.

For more details and downloads, visit official site.


Putty with Tab using MT-Putty

If you are familiar with SSH, you've most likely used Putty for SSH logins, tunnelling, etc. One bad thing about putty is we need to open separate windows for each connection but TTY Plus has developed MTPuTTY as solution for this.

MTPuTTY (Multi-Tabbed PuTTY) is a small free utility enabling you to wrap unlimited number of PuTTY applications in one tabbed GUI interface. You are still continue using your favorite SSH client, but you are no longer messing around with PuTTY windows - each window will be opened in a separate tab. However, as of now, it is for only windows system.


All PuTTY features
Supports all PuTTY protocols - SSH, Telnet, Rlogin, Raw. Supports PuTTY session. You can control and change PuTTY command line parameters. You can run PuTTY configuration from within the program.

Can automatically login the remote servers and "type" your passwords. Can run any script after login. Can "type" a script in several PuTTY tabs simultaneously.

Easy to use
Clear tabbed user interface. Servers are grouped in a sidebar. Taskbar to quick access to basic program tasks. Any PuTTY tab can be detached and converted into a general PuTTY window.

Smart code
Native Win32 code - no need to have any libraries (like .NET, VB etc). Multithreaded automation tasks - freezing in one PuTTY tab will not freeze the other ones.

Download MTPuTTY


Thursday 2 June 2011

MidpSSH: SSH and Telnet Client For J2ME Phones

MidpSSH is an SSH and Telnet client for MIDP 1.0 / 2.0 (J2ME) devices such as Java™-capable cellphones and other mobile devices.

MidpSSH provides SSH (Secure Shell) and Telnet functionality on mobile devices such as cellphones. This is really useful for people who need to access a server wherever they are, without carrying around a computer or searching for an Internet connection. Because the screen is small, the connection is often slow, and you’re possibly without a full keyboard, it isn’t great for prolonged use - but if you’re desperate it’s a life saver.

For downloading and more information, go to the official site.

I hope this tool comes useful for you sometimes. :)


Wednesday 1 June 2011

How To Enable SSH Login Access For Linux Users

So you just added a new user to your linux box and you want to give SSH login access (OpenSSH server in my example) to that user. You just need to edit the sshd_config file and add the user for SSH access.

To do this, open the /etc/ssh/sshd_config file and search for the AllowUsers string. Now just add the username of newly created user at the end of the line just as below:

#Adding new user samar for SSh access
AllowUsers nano root samar

Also, the SSh access for root account can be configured as well. For that, search the PermitRootLogin string and to enable root login set it as yes as below:

PermitRootLogin yes

This enables SSh access to the root user as well. But enabling the root login is not the good security practice. I hope this HowTo helps you. :)