Diferencia entre revisiones de «SSH»
(→Script to maintain the forward UP) |
|||
Línea 114: | Línea 114: | ||
while [ 1 ] | while [ 1 ] | ||
do | do | ||
− | + | CONNECT='ssh -N -R 22222:localhost:22 user@gacq.com' | |
− | + | SSH_PID=`ps -ef | grep "$CONNECT" | grep -v grep | head -1 | awk '{print $2}'` | |
− | if [ $ | + | SSH_RUNNING=`ps -eo args | grep "$CONNECT" | grep -v grep` |
+ | |||
+ | # Check if there are any ssh forward running | ||
+ | if [ $SSH_PID -gt 0 ] | ||
then | then | ||
+ | # Check if there are any user connected from localhost | ||
if [ `who | grep gacq | grep localhost | grep pts | wc -l` -eq 0 ] | if [ `who | grep gacq | grep localhost | grep pts | wc -l` -eq 0 ] | ||
then | then | ||
− | kill -15 $ | + | # If not kill ssh - This is to prevent crashed conenections |
+ | kill -15 $SSH_PID | ||
fi | fi | ||
fi | fi | ||
− | + | ||
− | if [ -z "$ | + | # Connect if we have no existing connection |
− | nohup $ | + | if [ -z "$SSH_RUNNING" ] ; then |
+ | nohup $CONNECT & | ||
fi | fi | ||
+ | |||
sleep 300 | sleep 300 | ||
done | done |
Revisión del 14:03 16 dic 2006
Contenido
General
Abrir una aplicacion X remota
encontré cómo hacer que te puedas meter en tu casa y abrir una aplicación X desde una red privada con salida con NAT
1) xhost + 2) ssh -X -l sshuser pc.micasa.net 3) xclock (debe funcionar) 4) El problema viene cuando vas a ejecutar algo de otro usuario porque haciendo su, no puede setear el DISPLAY adecuadamente, pero se resuelve así desde el usuario sshuser: gksu -g -u root /usr/X11R6/bin/xclock
te pide la password del usuario y nada más para ejecutar la aplicación. La performance, es otro tema.
ssh sin password (Rapido)
ssh-keygen -t dsa # Si el archivo ~/.ssh/authorized_keys remoto existe cat ~/.ssh/id_dsa.pub | ssh remoteuser@remotehost 'cat - >> ~/.ssh/authorized_keys' # Si el archivo ~/.ssh/authorized_keys remoto NO existe cat ~/.ssh/id_dsa.pub | ssh remoteuser@remotehost 'cat - > ~/.ssh/authorized_keys' # Opcional, qu enadie pueda leer el archivo con las claves publicas ssh remoteuser@remotehost 'chmod 700 ~/.ssh ; chmod 600 ~/.ssh/authorized_keys'
ssh sin password (Explicado)
This document explains how to authenticate through ssh to multiple machines without having to enter your password each time.
This is very useful when you are constantly invocating ssh or copying files with scp. It also allows you to make scp transfers automatically (using a cron job in one of the machines).
Check the ssh watchdog for an example of something you could accomplish with this.
Generate a public/private key pair
Run ssh-keygen -t rsa on your host machine (the one you'll be connecting from). Use the default settings and an empty passphrase:
$ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/user/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/user/.ssh/id_rsa. Your public key has been saved in /home/user/.ssh/id_rsa.pub. The key fingerprint is: 90:02:83:45:8b:3b:37:72:d4:0a:7a:5f:8e:1e:7a:38
This should generate the id_rsa.pub and id_rsa keys in your ~/.ssh directory:
-rw-r--r-- 1 user group 221 Apr 10 00:08 id_rsa.pub -rw------- 1 user group 883 Apr 10 00:08 id_rsa
The id_rsa file contains your private key. As such, it will only be readable by you (permissions mode 600). The id_rsa.pub file contains its corresponding public key.
Add the public key to the remote machine
You'll need to append your public key to the ~/.ssh/authorized_keys file in the remote machine.
You can do this with the following command:
$ ssh user@remote cat \>\> ~/.ssh/authorized_keys <~/.ssh/id_rsa.pub
If the ~/.ssh directory does not exist in the remote machine, you'll need to create it.
More information
You can read ssh-keygen(1), ssh(1) and ssh-agent(1) for more information.
Specifically, you might want to use a non-empty passphrase in combination with ssh-agent(1): this will require you to give your password to ssh-agent once in order to be able to use your private key.
OTRO: SSH Nopasswd login
Local
cd .ssh ssh-keygen -b 1024 -f identity -P '' -t dsa scp identity.pub gacq@192.168.0.20:
Remoto
cat identity.pub >> .ssh/authorized_keys
SSH Port forwarding
Base commands
- At remote host
ssh -N -R 22222:localhost:22 user@gacq.com
- At localhost
ssh -p 22222 root@localhost
Script to maintain the forward UP
#!/bin/sh while [ 1 ] do CONNECT='ssh -N -R 22222:localhost:22 user@gacq.com' SSH_PID=`ps -ef | grep "$CONNECT" | grep -v grep | head -1 | awk '{print $2}'` SSH_RUNNING=`ps -eo args | grep "$CONNECT" | grep -v grep` # Check if there are any ssh forward running if [ $SSH_PID -gt 0 ] then # Check if there are any user connected from localhost if [ `who | grep gacq | grep localhost | grep pts | wc -l` -eq 0 ] then # If not kill ssh - This is to prevent crashed conenections kill -15 $SSH_PID fi fi # Connect if we have no existing connection if [ -z "$SSH_RUNNING" ] ; then nohup $CONNECT & fi sleep 300 done
Protegiendonos de ataques SSH
La mejor opcion es cambiar el puerto por defecto, si esto no es posible tenemos: