Difference between revisions of "Linux: SSH tips and tricks"
Jump to navigation
Jump to search
(Created page with "== SSH Tunnelling == In this example I wanted to access the web interface for our cluster on port 8080 which was blocked <syntaxhighlight> # ssh -L [local port]:localsystem:[remote port...") |
|||
| (7 intermediate revisions by the same user not shown) | |||
| Line 8: | Line 8: | ||
Then i could point the browser at http://localhost:8080 to access the PCM console | Then i could point the browser at http://localhost:8080 to access the PCM console | ||
| + | |||
| + | Another example: I wanted to access another systems ipmi web interface which was accessible from the headnode, needed both 443 and 80 to be forwarded | ||
| + | <syntaxhighlight> | ||
| + | $ ssh -L 8080:10.9.2.99:80 bostonhpc.co.uk | ||
| + | $ ssh -L 443:10.9.2.99:443 bostonhpc.co.uk # on a separate console | ||
| + | $ ssh -L 5900:10.9.2.99:5900 bostonhpc.co.uk # on a separate console | ||
| + | # then point local web browser at http://localhost:8080 | ||
| + | </syntaxhighlight> | ||
== Setup a reverse tunnel == | == Setup a reverse tunnel == | ||
| Line 13: | Line 21: | ||
<syntaxhighlight> | <syntaxhighlight> | ||
| − | [viglen@amd-quad]$ ssh -R 2222:localhost:22 | + | [viglen@amd-quad]$ ssh -R 2222:localhost:22 user@bostonhpc.co.uk |
</syntaxhighlight> | </syntaxhighlight> | ||
| Line 20: | Line 28: | ||
[david@vhpchead]$ ssh -p2222 viglen@localhost | [david@vhpchead]$ ssh -p2222 viglen@localhost | ||
</syntaxhighlight> | </syntaxhighlight> | ||
| + | |||
| + | Setup a script to recreate the reverse tunnel when its down | ||
| + | <syntaxhighlight> | ||
| + | # contents of crontab -e | ||
| + | */5 * * * * /root/bin/keep_ssh_alive.sh >> /tmp/ssh_keepalive.log | ||
| + | </syntaxhighlight> | ||
| + | |||
| + | Keep SSH alive script | ||
| + | <syntaxhighlight> | ||
| + | # /root/bin/keep_ssh_alive.sh >> /tmp/ssh_keepalive.log | ||
| + | #!/bin/bash | ||
| + | |||
| + | VAR=`ps aux | grep bostonhpc.co.uk | wc -l` | ||
| + | |||
| + | |||
| + | if [ "$VAR" -lt "3" ] | ||
| + | then | ||
| + | echo "Looks like link died, starting a new one" `date` | ||
| + | screen -d -m ssh -R 2222:localhost:22 david@bostonhpc.co.uk | ||
| + | screen -d -m ssh -R 2223:localhost:22 david@bostonhpc.co.uk | ||
| + | screen -d -m ssh -R 2225:localhost:22 michael@bostonhpc.co.uk | ||
| + | else | ||
| + | echo "Link looks ok, no action" `date` | ||
| + | fi | ||
| + | </syntaxhighlight> | ||
| + | |||
| + | |||
| + | == Multi Forward SSH for VNC == | ||
| + | <syntaxhighlight> | ||
| + | # multi forward VNC | ||
| + | $ ssh -L 9999:localhost:9999 bl ssh -L 9999:localhost:5901 -N keele | ||
| + | </syntaxhighlight> | ||
| + | |||
| + | |||
| + | == Passwordless access == | ||
| + | * Generate the SSH Keys | ||
| + | |||
| + | <syntaxhighlight> | ||
| + | ssh-keygen -t rsa | ||
| + | </syntaxhighlight> | ||
| + | |||
| + | * Copy the RSA public key to the remote host | ||
| + | |||
| + | <syntaxhighlight> | ||
| + | cat ~/.ssh/id_rsa.pub | ssh user@remote.machine.com 'cat >> .ssh/authorized_keys' | ||
| + | |||
| + | # Alternatively: (but not as pretty!) | ||
| + | ssh-copy-id user@remotehost | ||
| + | </syntaxhighlight> | ||
| + | |||
| + | * Note: .ssh directory needs to have perms: 700 and the authorized_keys files needs to be 600 | ||
| + | |||
| + | == Dodgy skyline forwarding for the BMC labs == | ||
| + | <pre> | ||
| + | # ssh_config (set up on skyline vm) | ||
| + | GatewayPorts yes | ||
| + | |||
| + | # ip adds lo on the host - (on the skyline instance) | ||
| + | ip addr add 10.10.12.10/32 dev lo | ||
| + | |||
| + | # revese tunnel (in a screen) | ||
| + | ssh -R 0.0.0.0:5000:10.10.12.10:5000 -R 0.0.0.0:9696:10.10.12.10:9696 -R 0.0.0.0:8000:10.10.12.10:8000 -R 0.0.0.0:9001:10.10.12.10:9001 -R 0.0.0.0:8776:10.10.12.10:8776 -R 0.0.0.0:8774:10.10.12.10:8774 -R 0.0.0.0:8780:10.10.12.10:8780 -R 0.0.0.0:9311:10.10.12.10:9311 -R 0.0.0.0:9511:10.10.12.10:9511 -R 0.0.0.0:5050:10.10.12.10:5050 -R 0.0.0.0:8000:10.10.12.10:8000 -R 0.0.0.0:9292:10.10.12.10:9292 -R 0.0.0.0:9001:10.10.12.10:9001 -R 0.0.0.0:8004:10.10.12.10:8004 -R 0.0.0.0:6385:10.10.12.10:6385 -R 0.0.0.0:8780:10.10.12.10:8780 -R 0.0.0.0:9876:10.10.12.10:9876 root@185.93.31.142 -vvv | ||
| + | |||
| + | </pre> | ||
Latest revision as of 11:53, 6 September 2024
SSH Tunnelling
In this example I wanted to access the web interface for our cluster on port 8080 which was blocked
# ssh -L [local port]:localsystem:[remote port] remote-system
[david@localdesktop]$ ssh -L 8080:localhost:8080 bostonhpc.co.ukThen i could point the browser at http://localhost:8080 to access the PCM console
Another example: I wanted to access another systems ipmi web interface which was accessible from the headnode, needed both 443 and 80 to be forwarded
$ ssh -L 8080:10.9.2.99:80 bostonhpc.co.uk
$ ssh -L 443:10.9.2.99:443 bostonhpc.co.uk # on a separate console
$ ssh -L 5900:10.9.2.99:5900 bostonhpc.co.uk # on a separate console
# then point local web browser at http://localhost:8080Setup a reverse tunnel
In this example i want to create an ssh tunnel from a node in bostonlabs to viglen
[viglen@amd-quad]$ ssh -R 2222:localhost:22 user@bostonhpc.co.ukFrom the vhpchead node, I can then connect to my desktop node through port 2222
[david@vhpchead]$ ssh -p2222 viglen@localhostSetup a script to recreate the reverse tunnel when its down
# contents of crontab -e
*/5 * * * * /root/bin/keep_ssh_alive.sh >> /tmp/ssh_keepalive.logKeep SSH alive script
# /root/bin/keep_ssh_alive.sh >> /tmp/ssh_keepalive.log
#!/bin/bash
VAR=`ps aux | grep bostonhpc.co.uk | wc -l`
if [ "$VAR" -lt "3" ]
then
echo "Looks like link died, starting a new one" `date`
screen -d -m ssh -R 2222:localhost:22 david@bostonhpc.co.uk
screen -d -m ssh -R 2223:localhost:22 david@bostonhpc.co.uk
screen -d -m ssh -R 2225:localhost:22 michael@bostonhpc.co.uk
else
echo "Link looks ok, no action" `date`
fi
Multi Forward SSH for VNC
# multi forward VNC
$ ssh -L 9999:localhost:9999 bl ssh -L 9999:localhost:5901 -N keele
Passwordless access
- Generate the SSH Keys
ssh-keygen -t rsa- Copy the RSA public key to the remote host
cat ~/.ssh/id_rsa.pub | ssh user@remote.machine.com 'cat >> .ssh/authorized_keys'
# Alternatively: (but not as pretty!)
ssh-copy-id user@remotehost- Note: .ssh directory needs to have perms: 700 and the authorized_keys files needs to be 600
Dodgy skyline forwarding for the BMC labs
# ssh_config (set up on skyline vm) GatewayPorts yes # ip adds lo on the host - (on the skyline instance) ip addr add 10.10.12.10/32 dev lo # revese tunnel (in a screen) ssh -R 0.0.0.0:5000:10.10.12.10:5000 -R 0.0.0.0:9696:10.10.12.10:9696 -R 0.0.0.0:8000:10.10.12.10:8000 -R 0.0.0.0:9001:10.10.12.10:9001 -R 0.0.0.0:8776:10.10.12.10:8776 -R 0.0.0.0:8774:10.10.12.10:8774 -R 0.0.0.0:8780:10.10.12.10:8780 -R 0.0.0.0:9311:10.10.12.10:9311 -R 0.0.0.0:9511:10.10.12.10:9511 -R 0.0.0.0:5050:10.10.12.10:5050 -R 0.0.0.0:8000:10.10.12.10:8000 -R 0.0.0.0:9292:10.10.12.10:9292 -R 0.0.0.0:9001:10.10.12.10:9001 -R 0.0.0.0:8004:10.10.12.10:8004 -R 0.0.0.0:6385:10.10.12.10:6385 -R 0.0.0.0:8780:10.10.12.10:8780 -R 0.0.0.0:9876:10.10.12.10:9876 root@185.93.31.142 -vvv