June 6, 2009 -
Yannick over at http://blog.uggy.org always comes up with interesting and valuable tips.
Following his latest post regarding sshrc, I made my own sshrc script.
Unlike his example, I didn’t make SSH email me whenever a connection is made. That would be overkill given the number of connections I can make on a single day.
Instead I’m just logging dates and IP in a log file of its own, which I plan on keeping forever.
My /etc/ssh/sshrc :
DATE=`date "+%d.%m.%Y %Hh%Mm"`
IP=`echo $SSH_CONNECTION | awk '{print $1}'`
echo "$DATE - $IP" >> /var/log/ssh_connections.log
March 15, 2009 -
I’m talking about the banner displayed BEFORE connecting, not the MOTD
By default :
$ ssh root@server
***************************************************************************
NOTICE TO USERS
This computer system is the private property of its owner, whether
individual, corporate or government. It is for authorized use only.
Users (authorized or unauthorized) have no explicit or implicit
expectation of privacy.
Any or all uses of this system and all files on this system may be
intercepted, monitored, recorded, copied, audited, inspected, and
disclosed to your employer, to authorized site, government, and law
enforcement personnel, as well as authorized officials of government
agencies, both domestic and foreign.
By using this system, the user consents to such interception, monitoring,
recording, copying, auditing, inspection, and disclosure at the
discretion of such personnel or officials. Unauthorized or improper use
of this system may result in civil and criminal penalties and
administrative or disciplinary action, as appropriate. By continuing to use
this system you indicate your awareness of and consent to these terms
and conditions of use. LOG OFF IMMEDIATELY if you do not agree to the
conditions stated in this warning.
****************************************************************************
Last login: Sat Mar 14 21:38:01 2009 from mars
Using ssh -q :
$ ssh -q root@server
Last login: Sat Mar 14 21:39:00 2009 from mars
This is particularly interesting when you use rsync with ssh from a cronjob.. if you don’t use -q you’ll likely get the banner sent to you by email.
April 27, 2008 -
SSH connections made from behind my Linksys WAG54G NAT gateway like to die after idling for something like 5 minutes.
The fix :
Add in /home/USER/.ssh/config
Host *
ServerAliveInterval 60
ServerAliveCountMax 60
The SSH client will send a packet every 60 seconds in order to keep the connection alive.
The second option means that after 60 keepalive packets sent, it will stop trying to keep the connection alive, and the connection will eventually die.
See what OpenSSH FAQ has to say about it :
2.12 – My ssh connection freezes or drops out after N minutes of inactivity.
This is usually the result of a packet filter or NAT device timing out your TCP connection due to inactivity. You can enable ClientAliveInterval in the server’s sshd_config, or enable ServerAliveInterval in the client’s ssh_config (the latter is available in OpenSSH 3.8 and newer).
Enabling either option and setting the interval for less than the time it takes to time out your session will ensure that the connection is kept “fresh” in the device’s connection table.
Link :
http://www.openssh.com/faq.html
July 21, 2007 -
polishlinux.com has a great article about SSH and its powerful functions.
Original link : http://polishlinux.org/apps/ssh-tricks/#
Here’s an excerpt about X forwarding…
July 19, 2007 -
Posted by JoshTriplett on Mon 23 Oct 2006 at 12:35
From : http://www.debian-administration.org/articles/449
SSH has numerous uses beyond just logging into a remote system. In particular, SSH allows you to forward ports from one machine to another, tunnelling traffic through the secure SSH connection. This provides a convenient means of accessing a service hosted behind a firewall, or one blocked by an outgoing firewall.
February 13, 2007 -
Say you need to forward UDP packets between two remote networks securely.
E.g : dns queries from your home machine to your dns servers at work.
You should use a VPN between the networks in order to do so (see : http://www.wains.be/index.php/2008/06/07/routed-openvpn-between-two-subnets-behind-nat-gateways/)
Otherwise, you can use the following way :
-
rsync -vaz -e ssh user@server.domain.be:/home/user/ /home/user/
Source : user@server.domain.be:/home/user/
Target : /home/user/
-a : archive mode, preserve owner/group and permissions
-v : verbose
-z : compress data during transfer
-e : the remote shell to use
Output :
receiving file list ... done
created directory /home/user
./
28403/
BEXX0014/
28403.xml
error.xml
.
sent 876 bytes received 1294165 bytes 2590082.00 bytes/sec
total size is 1644823 speedup is 1.27
November 13, 2006 -
“Permission denied (publickey,keyboard-interactive)”
I’m not satisfied by SSH clients under Linux (like putty and the likes), the only ssh client I really enjoy is SecureCRT under Windows, it’s a great piece of software (okay it works with wine, I have tested it, but I want to stick withthe CLI under Linux).
SSH agent forwarding ?
November 11, 2006 -
There are many ways to backup partitions between machines (CIFS, NFS, etc.)
I’ll describe what seems to be the easiest and quickest way, you don’t need to setup services like Samba or NFS here.
October 9, 2006 -
Among the many protections you can set to restrict connections to your server, there’s tcp_wrappers that turns out to be pretty useful.
Next Page »
