Linux: SSH tips and tricks

From Define Wiki
Revision as of 16:35, 18 May 2016 by David (talk | contribs)
Jump to navigation Jump to search

SSH Tunnelling

In this example I wanted to access the web interface for our cluster on port 8080 which was blocked 

# ssh -L [local port]:localsystem:[remote port] remote-system
[david@localdesktop]$ ssh -L 8080:localhost:8080 bostonhpc.co.uk

Then i could point the browser at http://localhost:8080 to access the PCM console

Another example: I wanted to access another systems ipmi web interface which was accessible from the headnode, needed both 443 and 80 to be forwarded 

$ ssh -L 8080:10.9.2.99:80 bostonhpc.co.uk
$ ssh -L 443:10.9.2.99:443 bostonhpc.co.uk # on a separate console 
$ ssh -L 5900:10.9.2.99:5900 bostonhpc.co.uk # on a separate console 
# then point local web browser at http://localhost:8080

Setup a reverse tunnel

In this example i want to create an ssh tunnel from a node in bostonlabs to viglen 

[viglen@amd-quad]$ ssh -R 2222:localhost:22 user@bostonhpc.co.uk

From the vhpchead node, I can then connect to my desktop node through port 2222 

[david@vhpchead]$ ssh -p2222 viglen@localhost

Multi Forward SSH for VNC

# multi forward VNC 
$ ssh -L 9999:localhost:9999 bl ssh -L 9999:localhost:5901 -N keele

Passwordless access

  • Generate the SSH Keys
ssh-keygen -t rsa
  • Copy the RSA public key to the remote host
cat ~/.ssh/id_rsa.pub | ssh user@remote.machine.com 'cat >> .ssh/authorized_keys'

# Alternatively: (but not as pretty!)
ssh-copy-id user@remotehost
  • Note: .ssh directory needs to have perms: 700 and the authorized_keys files needs to be 600
Retrieved from "http://wiki.define-technology.com/mediawiki-1.35.0/index.php?title=Linux:_SSH_tips_and_tricks&oldid=13322"