1 Configure SSH between two computers

SSH keys are created between two machines for the following purposes:

  • to log in without being asked for a password
  • to execute a remote command without being asked for a password

Let's show how to configure ssh cert login from source to target computer.

1.1 Create .ssh directory on target computer

ssh username@hostname
mkdir -p ~/.ssh  
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
  • The permissions of the ~/.ssh directory should be 700.
  • The permissions of the ~/.ssh/authorized_keys file should be 600.

1.2 Generate the keys in client machine

On the machine from which you will be connecting check if you have already a key for logged user

cat .ssh/id_rsa.pub

If you don't have a key, generate it using ssh-keygen

1.3 Copy the public key to the target machine

Copy (append) the .pub file to the ssh authorized keys in the machine to which you will be connecting:

cat .ssh/id_rsa.pub | ssh username@hostname 'cat >> ~/.ssh/authorized_keys'

where username is the name of the user on the secondary machine named hostname.

1.4 Test your connection

From client machine

ssh -v username@hostname date
Mon Mar  1 22:22:14 CET 2021
If you can not connect, use ssh -v to enable verbose mode.

1.5 Executing commands

Even you can execute a system command like ls or date you may not be able to run commands that require a profile.

This is because by default profiles aren't loaded when connecting via ssh.

An option is to execute a remote shell that setups the env before running the command or a more complex way is to do it before the command.

ssh informix@ '. /etc/profile.d/informix.sh; exec /home/informix/bin/dbaccess - - <<!
database sysmaster;
select  dbs_dbsname::CHAR(20), dbs_collate::CHAR(20) FROM sysdbslocale
Database selected.

(expression)         (expression)         

sysmaster            en_US.819           
sysutils             en_US.819           
sysuser              en_US.819           
sysadmin             en_US.819           
stores_demo          en_US.819           
utf8                 en_US.57372         

6 row(s) retrieved.

2 SSH port forwarding

Asuming we have two computer A (client) and B (server). We want to expose an http server running on B ( in port 1313 to port 8080 of server A.

2.1 Local port forwarding

Local port forwarding allows you to forward traffic on a port of your local computer to the SSH server, which is forwarded to a destination server.

From computer A (client) type:

ssh -L <local-port>:<remote-host>:<remote-port> <remote-host>
ssh -L 8080: -l username

2.2 Remote port forwarding

Remote port forwarding is the exact opposite of local port forwarding. It forwards traffic coming to a port on your server to your local computer, and then it is sent to a destination

From computer B (server) type:

ssh -R <remote-port>:<local-host>:<local-port> <remote-host>
ssh -R 8080:
Add -v to start verbose option in ssh for debug