We assume you know what it is and how to use the SSH command to normally connect to a server.
Initial definitions
Suppose we have a server “myserver>/em>” where we can connect with user “myuser”
ssh myuser@myserverSSH Command and Private key
If we have not yet created our ssh public/private keys, I would say that it’s time to do so via the command
ssh-keygenThe generated keys are under $HOME/.ssh/id* and the public ends with .pub
At this point, the ssh client will attempt to connect first with public key and if it is not possible, it will use the next available authentication.
To copy the key to the server “myserver” you must first add the public key to the ssh authentication agent (ssh-agent).
Suppose the agent has been automatically activated by the graphics session(gnome or kde do it automatically), we check that it is active with the command
pgrep ssh-agentIf not, we use a shell that encloses it with the command:
ssh-agent /bin/bashAt this point we add, unlocking, the ssh key
ssh-addTo import the key on the host “myserver” we use the command
ssh-copy-id myuser@myserverPrivate password change
Suppose you want to change the private key password at some point. Just the simple command
ssh-keygen -pHow to launch a remote ssh command
To launch a remote command just pass it as the last parameter to the ssh command.
For example, suppose you want the file list on the home page
ssh myuser@myserver ls -alhHowever, to back up the entire home with the tar command and save it all locally via the ssh command, let’s launch
ssh myuser@myserver tar czvf - . >mybackup.tgzUse ssh as SOCKS5 server/proxy
Suppose you want to use “myserver” as a server/proxy socks5 and configure it on the local browser
ssh mioutente@mioserver
myuser@myserver:~$ ssh -N -D 8080 localhostAt this point, just configure the browser to use the server as SOCK5 on the local 8080 port and navigate
Add ssh option “-f” to leave the command in the background.
How to redirect a remote connection locally via ssh
Suppose the host “myserver” is allowed to log on to a DMZ to the server farm’s mysql server.
In order to access the mysql server with the local computer, we can launch the command
ssh -L 3333:mysql_server_name_o_ip:3306 myuser@myserverLeaving the active command, now have an encrypted tunnel between the local computer and “myserver” on the local port 3333 which connects directly to the mysql server in DMZ.
We can then connect directly to the mysql server with the command
mysql -P 3333 -h 127.0.0.1 -u myusermysql -p mydatabasemysqlOr if you prefer to use phpMyAdmin just install it locally and configure it on local port 3333.
To remove the encrypted channel just close the ssh connection.
Redirect a local service remotely
Suppose we want to connect from home to the office PC (which can access the server myserver in server farm) that can not be accessed even via VPN. To do this, enough, from the office PC we launch the ssh command:
ssh -N -f -R 2222:localhost:22 miyuser@myserverLet’s leave it on (without turning off the computer).
From home just enable VPN to reach “myserver”
ssh myuser@myserver
myuser@myserver:~$ ssh -P 2222 user_work_pc@localhost
user_work_pc@localhost:~$In this way, you can enter to the office PC from home.
