SSH
From DigitalBlacksmith
Contents |
[edit] SSH Tricks and Tips
SSH is a central part of remote computing. Whether it be SSH'ing into another network to access a machine, transfering files between machines within a LAN, or whatever.
The SSH protocol and its toolset is very powerful. So I created this page to help master SSH.
[edit] Tunneling
Problem: You want to SSH to a machine behind a firewall/router. The target machine doesn't have a host name, and is only accessible from inside the LAN or by first SSH'ing to a gateway machine:
So using the local computer, you can only ssh to the Gateway Server (gateway.com). Once you ssh to the gateway, you can then ssh to the LAN Computer (which has a private IP).
But how does one ssh directly from the Local Computer to the LAN Computer?
The solution is to set up an ssh tunnel that basically sets up a direct ssh connection inside another ssh connection.
This can be done several ways. I will cover two here -- Putty and Command Line SSH (linux/cygwin)
[edit] Tunneling with Putty
Putty is a lightweight ssh utility that runs as a standalone executable and is able to manage ssh tunneling.
With Putty, you first connect to the gateway with a normal ssh session. You then tell Putty to setup an ssh tunnel inside this connection. You need two things for the tunnel: (1) a port on the local machine that you will use instead of port 22 when ssh'ing to the LAN Computer and (2) the address and port that ssh is listening on at the LAN Computer. Putty then uses this information to 'wrap' the original ssh connection. Then, you can use any application (a shell, an editor, etc) to talk to putty over the designated port to the LAN machine:
As shown in the image above, when the Local Machine wants to ssh to the LAN Computer, it connects as lan_user@localhost:localport. Putty intercepts the localhost:localport part and routes it over the gateway ssh connection to the LAN Computer.
Before covering the details of how to set up Putty, its important to note that localhost is not arbitrary. Local host tells Putty that the connection is linked to the Local Computer (the computer running Putty), and is the origin of your tunnel. You can think of Putty as listening to all traffic coming in and out of the local computer on localport. localport is arbitray, and can be any unused and open port on the Local Computer.
[edit] Setting up Tunneling with Putty
In this example, I will assume:
Gateway machine: The one machine open to the outside. Has a public IP/domain name Gateway machine IP: gateway.com Gateway user: gateway_user Gateway ssh port: 22
LAN Machine: The machine behind the gateway; private ip/private or no domain name LAN Machine IP: 192.168.0.97 LAN user: lan_user LAN ssh port: 22
Local Machine: The machine you are working on; The origin of your tunnel Local Machine IP: Doesn't matter Local Machine user: Doesn't matter Local Machine port: 4444 (this is a dedicated, unused port open Local Machine firewall)
The first thing to do is create a new ssh session to the gateway machine. This is like any standard putty ssh connection.
Next, scroll down in the option pane on left to Tunnels.
Check the Local ports accept connection from other hosts checkbox.
Next enter the port on your local machine that will be the origin of your tunnel -- e.g. 4444
For the destination, enter the destination of the tunnel. This is the IP and port of the machine behind the gateway -- e.g. 192.168.0.97:22
Hit the Add button:
Before opening the connection, go back to the top Session tab and save your settings.
[edit] Testing your Putty SSH Tunnel
You can now open any ssh application, such as UltraEdit, which uses ssh to open and edit remote files. Other application to test include winscp and FileZilla.
Now, whenever you want to connect to the LAN machine you must use the alias localhost as the destination. Remember, putty is listening, and will route any requests to localhost through the ssh tunnel to the LAN machine. You must also use the local port you designated in the tunnel (e.g. 4444). When prompted for user and password, use the username and password of the local machine.
[edit] Tunneling with cygwin/linux
Open a shell, and set up the tunnel:
ssh gateway_user@gateway.com -L4444:192.168.0.97:22
After logging in, the tunnel is now ready.
[edit] Testing the cygwin/linux tunnel
Open up another shell and enter:
ssh -p4444 lan_user@localhost
You can also test (it we did with putty above) with any ssh application...just user lan_user as the user, localhost as the destination, and port 4444 for the port (or whatever port you selected).
[edit] Subversion and SSH Tunnels
This is cool
Use the example above to edit the config file in the local machine's .subversion directory:
vmssh = /usr/bin/ssh -p 4444 -l repos_ssh_username
Then use something like this:
svn co svn+vmsvn://localhost/full/path/to/repos/projectname
