Difference between revisions of "SSH"
(→Removing a key from the known hosts file) |
(→Removing a key from the known hosts file) |
||
(One intermediate revision by the same user not shown) | |||
Line 1: | Line 1: | ||
{{TocRight}} |
|||
== Tunneling to socks proxy == |
== Tunneling to socks proxy == |
||
Line 20: | Line 21: | ||
ssh -f user@server.com -L my-local-port:server.com:server-port -N |
ssh -f user@server.com -L my-local-port:server.com:server-port -N |
||
== Tunneling OpenVPN connection == |
|||
Source: https://redfern.me/tunneling-openvpn-through-ssh/ |
|||
# Set the OpenVPN server config file to use TCP rather than UDP. This is done by changing the line proto udp to proto tcp in the server config file (normally located at /etc/openvpn/server.conf). |
|||
# Set the OpenVPN client config file to use TCP rather than UDP. You can do this by changing the line proto udp to proto tcp-client in the client config file. |
|||
# Change the OpenVPN client config to connect to localhost rather than the remote server address. This is done by changing the “remote” line of the server to remote localhost 1194 |
|||
# Create an SSH tunnel between the client machine and the OpenVPN Server, and forward from remote:1194 to localhost:1194. This can be done by running the command on the client machine (assuming you’re running Linux/Unix with the OpenSSH client binary installed): |
|||
ssh user@server -L 1194:localhost:1194 |
|||
All being well, after making those config file changes and creating your SSH tunnel, you’ll be able to tunnel OpenVPN through SSH. |
|||
== Removing a key from the known hosts file == |
== Removing a key from the known hosts file == |
||
Line 26: | Line 39: | ||
ssh-keygen -R hostname |
ssh-keygen -R hostname |
||
== Using ssh with a private/public key == |
== Using ssh with a private/public key == |
Latest revision as of 22:02, 11 January 2020
Tunneling to socks proxy
From here: ssh-tunnel-socks-proxy
In short:
ssh -D 9999 username@ip-address-of-ssh-server # Then set in Firefox to use a SOCKS proxy: “localhost", port 9999
Tunneling between any two ports
Say, you want to read a remote server web page, but there is only ssh port open on the server. If you have a valid user account to the server, then you can create a tunnel, like this:
ssh -f user@server.com -L 8080:server.com:80 -N
Now you can enter the following in your browser: http://server.com:8080
Or in general, -f means sit in background and -N menas do not execute any command:
ssh -f user@server.com -L my-local-port:server.com:server-port -N
Tunneling OpenVPN connection
Source: https://redfern.me/tunneling-openvpn-through-ssh/
- Set the OpenVPN server config file to use TCP rather than UDP. This is done by changing the line proto udp to proto tcp in the server config file (normally located at /etc/openvpn/server.conf).
- Set the OpenVPN client config file to use TCP rather than UDP. You can do this by changing the line proto udp to proto tcp-client in the client config file.
- Change the OpenVPN client config to connect to localhost rather than the remote server address. This is done by changing the “remote” line of the server to remote localhost 1194
- Create an SSH tunnel between the client machine and the OpenVPN Server, and forward from remote:1194 to localhost:1194. This can be done by running the command on the client machine (assuming you’re running Linux/Unix with the OpenSSH client binary installed):
ssh user@server -L 1194:localhost:1194
All being well, after making those config file changes and creating your SSH tunnel, you’ll be able to tunnel OpenVPN through SSH.
Removing a key from the known hosts file
Note, you may run this for the hostname of the "old" computer and for the IP address.
ssh-keygen -R hostname
Using ssh with a private/public key
If you are using svn+ssh or just want automatic login without typing the password whenever using ssh, you may want to consider setting up public-private key authentication between the client and server machine. The server will have the public key, and the client will have the private key. This is how to set it up:
On the client: generate the public/private key pair
cd ~/.ssh ssh-keygen -t dsa
Copy the public key to your server, and add to ~/.ssh/authorized_keys file, like this:
ssh-copy-id remote-machine
...or:
ssh remote-machine 'cat >> .ssh/authorized_keys' < .ssh/id_dsa.pub
...or, if you prefer the long way (smile), do it like this:
scp ./id_dsa.pub user@myserver.com: ssh user@myserver.com myserver> cat id_dsa.pub >> .ssh/authorized_keys myserver> rm id_dsa.pub myserver> logout
Remember to check that your .ssh/ directory and files in there are not public readable, otherwise someone may steal your private key and get access to your server!
Done!
Turning the keys and identities on and off
You may want to use the following commands or even define aliases as below. Note, ssh -t <seconds> sets timeout for the open key. In the example below 10800 = 3 hours.
alias keyon="ssh-add -t 10800" alias keyoff='ssh-add -D' alias keylist='ssh-add -l'