Linux users are blessed with a plethora of useful network administration tools, not the least of which is the flexible and powerful OpenSSH suite. Most Linux admins consider using ssh to securely hop from system to system, but some of the other features are less widely known.
File Transfers
OpenSSH includes two tools, scp and sftp, to copy files over the network, and can be used in place of FTP in most cases. For example, to copy a file from the local system to a host called serverb, use:
% scp file serverb:
Similarly, to copy a file from serverb to the /tmp directory, use:
% scp serverb:file /tmp
ben@serverb's password:
file 100% 0 0.0KB/s 00:00
Use sftp to get or put multiple files and navigate the directory structure, much like ftp:
% sftp serverb
Connecting to harp...
ben@serverb's password:
sftp> ls
boulder
file
foo
bar
depts.txt
sftp> get file
Fetching /home/ben/file to file
sftp> put anotherfile
Uploading anotherfile to /home/ben/anotherfile
anotherfile 100% 0 0.0KB/s 00:00
sftp>
Public Key authentication
Public key authentication is an underused tool that is great for convenience AND security. Public key auth is a form of two-factor authentication, requiring something you have (a key file), and something you know (a passphrase).
In a nutshell, an OpenSSH tool called ssh-keygen is used to generate two files – a public and a private key file. The public key is distributed to all the hosts you log in TO, and the private key is on the host you log in FROM. Don’t share the private key with anybody! When the key pair is generated, a passphrase is provided to protect the file. Note that the passphrase is optional, but is strongly encouraged.
Creating and distributing the key pair is covered widely elsewhere on the web, so I won’t repeat it here. However, a few troubleshooting steps will go along way – setting up a key pair the first few times can be frustrating! Here’s some tips if it isn’t working:
- By default, the public key file needs to be called authorized_keys2 and live in the .ssh directory of the user.
- The permissions of the .ssh directory must be 700, and the authorized_keys2 file should be 600.
- By default, the permissions of the private key file must also be 600
- Public key authentication will not work if the user’s password is not set
- By far, the most common configuration issue is a permission problem!
SSH Tunneling
SSH tunneling can help with remote access to systems and ports that are typically hidden by a firewall. If, for example, you can SSH from your home to a server at work, but you cannot use remote desktop to log in to your windows system at your desk, SSH tunneling can help. Since the server running SSH is on the internal network, you can “tunnel” a connection through the SSH server to access the Windows server. In the following example, the SSH server is called serverA, and the Windows desktop is desktopA. The command connects port 4389 on the local system to port 3389 on desktopA.
% ssh -L 4389:desktopA.yourdomain.com:3389 username@serverA.yourdomain.com
To access desktopA, open the remote desktop program and use “localhost:4389″ for the host name. To forward multiple ports, simple add additional -L flags to the command line.
Running port forward commands manually from the command line can be tricky, and certainly isn’t very useful for Windows clients without Cygwin. Most modern SSH clients, such as PuTTY and SecureCRT, include a graphical interface for SSH tunneling.
Hopefully these SSH tips simplify your daily administration activities!
![[Slashdot]](/wp-content/plugins/slashdot.ico)
![[Digg]](/wp-content/plugins/digg.ico)
![[Reddit]](/wp-content/plugins/reddit.ico)
![[del.icio.us]](/wp-content/plugins/delicious.gif)
![[Technorati]](/wp-content/plugins/technorati.ico)
![[StumbleUpon]](/wp-content/plugins/stumbleupon.ico)
