Home > Linux, Security > SSH Swiss army knife

SSH Swiss army knife

SSH aka secure shell is Swiss army knife. Its astonishing how ssh can do wide variety of things from remote login to tunneling. In this tutorial im going to write about different things we can do with SSH.

It can do many more things but i will discuss

1. Remote login

2. Password less login

3. Remote command execution

4. Xorg Forwarding

5. File Transfer (SCP)

6. Remote File system mount (SSHFS )

Lets dive into the awesome world of SSH 🙂

Before we start , we need to have a ssh client and ssh server to connect to.Just install them from your favorite distribution’s repo

Remote Login:

The most common use of ssh is remote login, and i strongly believe ssh is the only widely used and secure way of remote login.

Lets see the commands,

consider we want to login into a remote server(my-ssh-server.com) running ssh-server ( default port for ssh is 22)

ssh user@my-ssh-server.com

If the ssh server is running on a different port we can specify the port number using -p option

ssh user@my-ssh-server.com -p 2222

In the above example, a connection will be made on port 2222 on my-ssh-server.com.

Generally ssh asks for user credentials, a username and password to login you in.

Imagine what happens if you have to manage a bunch of computers with different passwords.Its difficult to remember passwords for all of them.For this purpose we have a nice option in ssh called password less login

Password Less login:

To enable password less login you need to have private/public key pair on your local system.Public and private will be in your ~/.ssh/ directory. If not, create a pair using the command

ssh-keygen -t rsa

Also the ssh server should be configured to allow password less login.Which can be done by uncommenting or adding the following two lines to the configuration file(/etc/ssh/sshd_conf).

RSAAuthentication yes
PubKeyAuthentication yes

and then restart the server.

/etc/init.d/sshd restart

The command will prompt you for a location to save the keys and a pass-phrase.

 Generating public/private rsa key pair.

Enter file in which to save the key (/home/imran/.ssh/id_rsa):

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in /home/imran/.ssh/id_rsa.

Your public key has been saved in /home/imran/.ssh/id_rsa.pub.

If we use the default directory, pair of files will be created in ~/.ssh directory.

This comes handy if you are trying to automate something on remote system.

Now we have a key pair. we need to append the contents of the public file .pub file to the remote server’s authorized keys. This can be done with the following command

ssh-copy-id -i ~/.ssh/id_rsa.pub user@my-ssh-server.com

This will prompt you for the login password for user. once authenticated it copies the keyfile to ~/.ssh/authorized_keys2 or ~/.ssh/authorized_keys and fixes the permissions if necessary.

That’s it. you are ready to login without typing password.

Remote command execution:

The thing that i like most in ssh is provision for remote command execution. This feature becomes more powerful when used with password less login

If you want to run a command in my-ssh-server.com, you could use the following command

ssh user@my-ssh-server.com ‘ ps aux | grep sshd ‘

you can run any command by putting them in quotations(‘command’ )

X11 Forwarding:

X11 forwarding lets you run graphical user interface programs remotely. It forwards the GUI from remote system to your system.But one requirement is ForwardX11 should be enabled in sshd configuration file.

The command to forward X11 is:

ssh -X user@my-ssh-server.com

then invoke your GUI programs as you will do in local system.

File Transfer (SCP)

How about transferring a file from remote system to remote or vice versa ?

Its simple

from current logged in system to remote system

scp file-name1 file-name2 user@my-ssh-server.com:/destination/directory

This command will copy files file-name1 and file-name2 to the remote server in /destination/directory.

from remote system to presently logged in system.

scp user@my-ssh-server.com:~/file-name1 .

This command will copy file file-name1 from user’s home directory on my-ssh-server.com to the current directory of the user.

You can even copy folders using -r switch of scp

scp -r directory-name user@my-ssh-server.com .

What if you want to copy from one remoter server to another remoter server ?

its simple

scp user@server1.com:~/file user@server2.com:~/file1

This command will copy file from server1.com to server2.com

Remote File system mount (SSHFS )

We can even mount the remote file system, a partition on our local system.It can be done with the help of a tool called SSHFS secure shell file System. Of course you need to install it on your system. Once sshfs is installed you can mount remote file system using command

sshfs user@my-ssh-server.com:/mnt/media /media/remotedirectory

This command will mount /mnt/media from my-ssh-server to your local directory /media/remotedirectory.From now, its like a local file system. you can create, modify and delete files and folders. cool isn’t it ?

Categories: Linux, Security
  1. Igor Z
    May 4, 2011 at 7:06 am

    Useful article! Thanks 🙂

    • May 4, 2011 at 7:21 am

      Thanks. I’m glad you found the article helpful.

  2. lef
    May 6, 2011 at 10:35 am

    2 noob questions:
    1. where do these lines (RSAAuthentication yes
    PubKeyAuthentication yes) reside?
    2. if u enable and set up the ‘password-less’ login are u still able to log in from other computers in the conventional way (through password)?

    great article, thanks for sharing!

    • May 6, 2011 at 11:10 am

      1. where do these lines (RSAAuthentication yes, PubKeyAuthentication yes) reside?
      SSH server configurations are done in /etc/ssh/sshd_conf.

      2. if u enable and set up the ‘password-less’ login are u still able to log in from other computers in the conventional way (through password)?
      yeah we will be able to login in conventional way with the password.

      Thanks, I’m glad you found the article helpful.

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: