Linux: SSH tips and tricks

From Define Wiki
Jump to navigation Jump to search

SSH Tunnelling

In this example I wanted to access the web interface for our cluster on port 8080 which was blocked 

# ssh -L [local port]:localsystem:[remote port] remote-system
[david@localdesktop]$ ssh -L 8080:localhost:8080 bostonhpc.co.uk

Then i could point the browser at http://localhost:8080 to access the PCM console

Another example: I wanted to access another systems ipmi web interface which was accessible from the headnode, needed both 443 and 80 to be forwarded 

$ ssh -L 8080:10.9.2.99:80 bostonhpc.co.uk
$ ssh -L 443:10.9.2.99:443 bostonhpc.co.uk # on a separate console 
$ ssh -L 5900:10.9.2.99:5900 bostonhpc.co.uk # on a separate console 
# then point local web browser at http://localhost:8080

Setup a reverse tunnel

In this example i want to create an ssh tunnel from a node in bostonlabs to viglen 

[viglen@amd-quad]$ ssh -R 2222:localhost:22 user@bostonhpc.co.uk

From the vhpchead node, I can then connect to my desktop node through port 2222 

[david@vhpchead]$ ssh -p2222 viglen@localhost

Setup a script to recreate the reverse tunnel when its down 

# contents of crontab -e
*/5 * * * * /root/bin/keep_ssh_alive.sh >>  /tmp/ssh_keepalive.log

Keep SSH alive script 

# /root/bin/keep_ssh_alive.sh >> /tmp/ssh_keepalive.log
#!/bin/bash

VAR=`ps aux | grep bostonhpc.co.uk | wc -l`


if  [ "$VAR" -lt "3" ]
then 
	echo "Looks like link died, starting a new one" `date`
	screen -d -m ssh -R 2222:localhost:22 david@bostonhpc.co.uk
	screen -d -m ssh -R 2223:localhost:22 david@bostonhpc.co.uk
	screen -d -m ssh -R 2225:localhost:22 michael@bostonhpc.co.uk
else
	echo "Link looks ok, no action" `date`
fi


Multi Forward SSH for VNC

# multi forward VNC 
$ ssh -L 9999:localhost:9999 bl ssh -L 9999:localhost:5901 -N keele


Passwordless access

  • Generate the SSH Keys
ssh-keygen -t rsa
  • Copy the RSA public key to the remote host
cat ~/.ssh/id_rsa.pub | ssh user@remote.machine.com 'cat >> .ssh/authorized_keys'

# Alternatively: (but not as pretty!)
ssh-copy-id user@remotehost
  • Note: .ssh directory needs to have perms: 700 and the authorized_keys files needs to be 600

Dodgy skyline forwarding for the BMC labs

# ssh_config (set up on skyline vm)
GatewayPorts yes

# ip adds lo on the host - (on the skyline instance)
ip addr add 10.10.12.10/32 dev lo

# revese tunnel (in a screen)
ssh -R 0.0.0.0:5000:10.10.12.10:5000 -R 0.0.0.0:9696:10.10.12.10:9696 -R 0.0.0.0:8000:10.10.12.10:8000 -R 0.0.0.0:9001:10.10.12.10:9001 -R 0.0.0.0:8776:10.10.12.10:8776 -R 0.0.0.0:8774:10.10.12.10:8774 -R 0.0.0.0:8780:10.10.12.10:8780 -R 0.0.0.0:9311:10.10.12.10:9311 -R 0.0.0.0:9511:10.10.12.10:9511 -R 0.0.0.0:5050:10.10.12.10:5050 -R 0.0.0.0:8000:10.10.12.10:8000 -R 0.0.0.0:9292:10.10.12.10:9292 -R 0.0.0.0:9001:10.10.12.10:9001 -R 0.0.0.0:8004:10.10.12.10:8004 -R 0.0.0.0:6385:10.10.12.10:6385 -R 0.0.0.0:8780:10.10.12.10:8780 -R 0.0.0.0:9876:10.10.12.10:9876 root@185.93.31.142 -vvv
Retrieved from "http://wiki.define-technology.com/mediawiki-1.35.0/index.php?title=Linux:_SSH_tips_and_tricks&oldid=32866"