cheatsheet:ssh

SSH

SSHFS

  • command
sshfs phil@192.168.1.100:/home/phil /usr/share/phil
  • fstab
phil@192.168.1.100:/home/phil /usr/share/phil fuse.sshfs defaults 0 0

Tunneling

Syntax

ssh -L localport:host:hostport user@ssh_server -N where: -L - port forwarding parameters (see below) localport - local port (chose a port that is not in use by other service) host - server that has the port (hostport) that you want to forward hostport - remote port -N - do not execute a remote command, (you will not have the shell, see below) user - user that have ssh access to the ssh server (computer) ssh_server - the ssh server that will be used for forwarding/tunneling

Without the -N option you will have not only the forwardig port but also the remote shell. Try with and without it to see the difference.

Note: 1. Privileged ports (localport lower then 1024) can only be forwarded by root. 2. In the ssh line you can use multiple -L like in the example… 3. Of course, you must have ssh user access on secure_computer and moreover 

 the secure computer must have access to host:hostport

4. Some ssh servers do not allow port forwarding (tunneling). See the sshd man 

 pages for more about port forwarding (the AllowTcpForwarding keyword is set to 
 NO in sshd_config file, by default is set to YES)...

Example: ssh -L 8888:www.linuxhorizon.ro:80 user@computer -N ssh -L 8888:www.linuxhorizon.ro:80 -L 110:mail.linuxhorizon.ro:110 \ 25:mail.linuxhorizon.ro:25 user@computer -N The second example (see above) show you how to setup your ssh tunnel for web, pop3 and smtp. It is useful to recive/send your e-mails when you don't have direct access to the mail server.

For the ASCII art and lynx browser fans here is illustrated the first example: 

 +----------+<--port 22-->+----------+<--port 80-->o-----------+ 
 |SSH Client|-------------|ssh_server|-------------|   host    | 
 +----------+             +----------+             o-----------+ 
localhost:8888              computer      www.linuxhorizon.ro:80

…And finally: Open your browser and go to http://localhost:8888 to see if your tunnel is working. That's all folks!

The SSH man pages say:

-L port:host:hostport Specifies that the given port on the local (client) host is to be forwarded to the given host and port on the remote side. This works by allocating a socket to listen to port on the local side, and whenever a connection is made to this port, the connection is forwarded over the secure channel, and a connection is made to host port hostport from the remote machine. Port forwardings can also be specified in the configuration file. Only root can for- ward privileged ports. IPv6 addresses can be specified with an alternative syntax: port/host/hostport

-N Do not execute a remote command. This is useful for just for- warding ports (protocol version 2 only).

Tunnel SSH control

You can do this cleanly with an ssh 'control socket'. To talk to an already-running SSH process and get it's pid, kill it etc. Use the 'control socket' (-M for master and -S for socket) as follows: $ ssh -M -S my-ctrl-socket -fnNT -L 50000:localhost:3306 jm@sampledomain.com $ ssh -S my-ctrl-socket -O check jm@sampledomain.com Master running (pid=3517) $ ssh -S my-ctrl-socket -O exit jm@sampledomain.com Exit request sent. Note that my-ctrl-socket will be an actual file that is created. Ou plus simplement, comme suggéré par lminoza dans les commentaires : mkdir ~/.ssh/tmp Remplir dans son ~/.ssh/config : Host * 

ControlMaster auto
ControlPath ~/.ssh/tmp/%C

Cela évite de devoir préciser la socket à chaque fois. $ ssh -fnNT -L 50000:localhost:3306 jm@sampledomain.com $ ssh -O check jm@sampledomain.com Master running (pid=3517) $ ssh -O exit jm@sampledomain.com Exit request sent.

  • cheatsheet/ssh.txt
  • Last modified: 2024/10/14 20:59
  • by 127.0.0.1