SSH Hacks
This article provides information on issues related to the secure shell (ssh) including:
- using ssh with a jumpserver,
- speeding up ssh-connection using multiplexing.
Network Topology
The hosts in the inner network (web01, postgres01) are only accessible through a firewalled gateway. Any direct access to these hosts is blocked.
yourpc --- gate01 --- web01
\-- postgres01
SSH Forwarding
SSH forwarding allows you to connect a port on your computer to any port accessible from the gateway. Example: You want to connect the postgres port (5432) on postgres01 to port 2000 on your computer
ssh user@gate01 -L 2000:postgres01:5432
Any request to localhost:2000 on localhost will now be forwarded to
postgres01 port 5432.
File Transfer
To transfer a file from yourpc to web01 you’ve to open a tunnel between yourpc and the ssh-server of web01
ssh user@gate01 -L 2000:web01:22
Afterwards you can copy your file to web01 using scp (by connecting to port 2000 on your machine):
scp -P 2000 myfile user@localhost
Agent forwarding
If you use ssh-key based authentication (recommended) you can forward your ssh-key through gate01 using ssh -A
ssh -A user@gate01
ssh -A user@web01
SSH Multiplexing
SSH multiplexing speeds up multiple connections to remote hosts by
re-using the existing connection. To use SSH multiplexing put the
following lines in your ~/.ssh/config file:
Host *
ControlMaster auto
ControlPath /tmp/%r@%h:%p
Troubleshooting
Problem: X11 Forwarding does not work for localhost (xterm Xt
error: Can’t open display; xterm: DISPLAY is not set) and the message
error: Failed to allocate internet-domain X11 display socket. in
/var/log/auth.log.
Solution
- disable IPv6 for ssh (start sshd with the -4 option) by adding
SSHD_OPTS=-4to/etc/default/sshin Ubuntu. - ensure that there is a valid entry for localhost in
/etc/hosts127.0.0.1 localhost
Leave a comment