Difference between revisions of "Ssh"
imported>ThorstenStaerk |
imported>ThorstenStaerk |
||
Line 29: | Line 29: | ||
ssh -v user@server | ssh -v user@server | ||
or -vv, -vvv | or -vv, -vvv | ||
+ | |||
+ | = tunneling = | ||
+ | In die lokale .ssh/config einen Eintrag fuer den Server: | ||
+ | Host <server-alias(2)> | ||
+ | HostName <server-ip(2)> | ||
+ | User <username(2)> | ||
+ | ForwardAgent yes | ||
+ | ForwardX11 yes | ||
+ | ProxyCommand ssh -X -A <username(1)>@<server-ip>(1) netcat -w1 %h %p | ||
+ | Statt der IP koennen auch die Namen - bei funktionierender Namens-Aufloesung - | ||
+ | verwendet werden. | ||
+ | Auf dem lokalen Rechner muss dann der SSH-Port des Servers(2) auf den lokalen | ||
+ | Port (22222) gebunden werden: | ||
+ | ssh -4 -C -l np -L 22222:localhost:22 vout | ||
+ | Jetzt kann man fuer das lokale CVS (Eclipse, Netbeans) einfach als Hostname | ||
+ | "localhost" und als Port "22222" angeben. | ||
= TroubleShooting = | = TroubleShooting = |
Revision as of 11:04, 24 December 2010
ssh is a command to log in over the network to another computer.
Contents
Send graphical output to ssh user
If you want to start a graphical program, e.g. kwrite, on your remote computer and get the display to your local computer, no problem. Just use:
ssh -l user server -X xclock &
what happens
After logging in with ssh -X, xauth is called to create/modify .Xauthority. Using netstat -putan you can find out that every ssh -X session gets a socket:
remote:~ # netstat -putan [...] tcp 0 0 127.0.0.1:6010 0.0.0.0:* LISTEN - tcp 0 0 127.0.0.1:6011 0.0.0.0:* LISTEN - tcp 0 0 127.0.0.1:6012 0.0.0.0:* LISTEN - tcp 0 0 127.0.0.1:6013 0.0.0.0:* LISTEN - [...]
And $DISPLAY is set automatically.
remote:~ # echo $DISPLAY localhost:14.0
And ssh listens on the respective port to forward X11 traffic:
remote:~ # lsof | grep 6014 sshd 5257 root 6u IPv4 3755641440 TCP localhost:6014 (LISTEN)
port forwarding
ssh username@server -L localport:remoteserver:remoteport
ssh verbose
ssh -v user@server or -vv, -vvv
tunneling
In die lokale .ssh/config einen Eintrag fuer den Server:
Host <server-alias(2)> HostName <server-ip(2)> User <username(2)> ForwardAgent yes ForwardX11 yes ProxyCommand ssh -X -A <username(1)>@<server-ip>(1) netcat -w1 %h %p
Statt der IP koennen auch die Namen - bei funktionierender Namens-Aufloesung - verwendet werden. Auf dem lokalen Rechner muss dann der SSH-Port des Servers(2) auf den lokalen Port (22222) gebunden werden:
ssh -4 -C -l np -L 22222:localhost:22 vout
Jetzt kann man fuer das lokale CVS (Eclipse, Netbeans) einfach als Hostname "localhost" und als Port "22222" angeben.
TroubleShooting
Remote host identification has changed
- Symptom
When trying to log in via ssh you may get a message like this:
tweedleburg:~ # ssh root@192.168.0.107 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that the RSA host key has just been changed. The fingerprint for the RSA key sent by the remote host is 32:78:25:83:d8:a6:de:ad:6a:0b:99:5e:05:e5:7c:e7. Please contact your system administrator. Add correct host key in /root/.ssh/known_hosts to get rid of this message. Offending key in /root/.ssh/known_hosts:11 RSA host key for 192.168.0.107 has changed and you have requested strict checking. Host key verification failed.
- Reason
This means the key of the computer that you try to reach has changed.
- Solution
$ ssh-keygen -R hostname
ssh -X does not work
If ssh -X works, but you still do not get the graphical display from your remote machine, check /etc/ssh/sshd_config. There must be a line
X11Forwarding yes
Also, there must be a binary xauth, otherwise .Xauthority cannot be created.
Related
ssh-related topics: