[ previous ] [ Contents ] [ 1 ] [ 2 ] [ 3 ] [ 4 ] [ 5 ] [ 6 ] [ 7 ] [ 8 ] [ 9 ] [ 10 ] [ 11 ] [ next ]
ssh application
In order to remove from the known_hosts file the entry corresponding the the computer hostname, execute[7]
ssh-keygen -R hostname
If we want to access a remote node with ssh without providing our
password, we can do so using automatic login. In order to do so, we must first
check if we have a keypair already generated.
$ ls .ssh/
known_hosts
If it is not generated, like in this example, we generate it using the command
$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/users/home/username/.ssh/id_rsa): [press enter]
Enter passphrase (empty for no passphrase): [press enter]
Enter same passphrase again: [press enter]
Your identification has been saved in /users/home/username/.ssh/id_rsa.
Your public key has been saved in /users/home/username/.ssh/id_rsa.pub.
The key fingerprint is:
8b:93:61:e7:2d:4a:50:30:a3:23:7d:fc:c5:21:af:d7
The next step is to copy the generated public key to the remote host we want to be able to login automatically, hostname.
$ ssh-copy-id -i ~/.ssh/id_rsa.pub hostname
36
The authenticity of host 'hostname (XXX.163.XXX.XXX)' can't be established.
RSA key fingerprint is 37:2b:77:61:50:0f:2a:d2:7f:da:c9:a9:10:29:37:t6.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'hostname,XXX.163.XXX.XXX' (RSA) to the list of known hosts.
Password:
Now try logging into the machine, with "ssh 'hostname'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
And that's all. Now you can login via ssh without being prompted
for a password.
ssh programs that require a terminal
There are some programs that cannot be launched directly with ssh
because they require an associated terminal. For example, mutt or
screen,
$ ssh user@server screen
Must be connected to a terminal.
To solve this problem there is an option in ssh to force
pseudo-tty allocation. For example, if we want to re-attach to a previous
screen session in the node server we can do
$ ssh -t user@server screen -dr
ssh
The ssh program has the powerful feature of making the user able
to stablish encrypted tunnels between nodes. This is a major advantage of this
extremely useful tool. There are several possibilities. Let's assume that we
are user bob in a node called home_box, that has a
private IP and it's behind a firewall, and we can access a second node, called
work_box, where we are user william. We can connect from
home_box to work_box but not the other way around. Thus,
we want to make a encrypted tunnel that enables the coconnection from
work_box to home_box. This is known as reverse
ssh tunneling.
In order to create this tunnel we should run from home_box.
william@home_box:~$ ssh -R 9999:localhost:22 william@work_box
A session in work_box is opened, and while this session is active, the tunnel works. Then, if we log into work_box, we can connect to home_box making use of the tunnel.
william@work_box:~$ ssh -p 9999 bob@localhost
The authenticity of host 'localhost (127.0.0.1)' can't be established.
RSA key fingerprint is b0:b6:f3:78:e2:8d:8f:8b:3f:ab:b4:d4:da:c5:a6:e1.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'localhost' (RSA) to the list of known hosts.
bob@localhost's password:
bob@home_box:~$
A problem in this case is that once the initial connection is closed the tunnel collapses. A possible way to alleviate this problem there is to run an application in the connection to work_box, e.g. top trying to keep the connection alive.
This is not the best option. There are better ones, for example, launching a dedicated connection with options -f (detach ssh process from tty), -N (do not execute any command over ssh), and -o TCPKeepAlive=yes to keep the connection alive.
william@home_box:~$ ssh -f -N -o TCPKeepAlive=yes -R 9998:localhost:22 \
william@work_box
william@home_box:~$
We can then connect using the new tunnel.
william@work_box:~$ ssh -p 9998 bob@localhost
bob@localhost's password:
bob@home_box:~$
ssh to make a tarball directly in a remote folderCreated on March 13th, 2015.
You could be interested in preparing a tarball and, for lack of space or to
save intermediate steps, transfer on the fly the file to a remote box. For
example, let's assume that you want to transfer a directory called
data_EXP from a computer called laptop to another
computer called backup_server (I know, not very imaginative....).
If our working directory is data_EXP parent directory we can then
run
$ tar czf - data_EXP | ssh username@backup_server "cat > data_EXP_dir.tgz"
[ previous ] [ Contents ] [ 1 ] [ 2 ] [ 3 ] [ 4 ] [ 5 ] [ 6 ] [ 7 ] [ 8 ] [ 9 ] [ 10 ] [ 11 ] [ next ]
Some Mini-Howtos of Interest
Curro Perez-Bernalmailto:francisco.perez@dfaie.uhu.es