1 Configure SSH between two computers
SSH keys are created between two machines for the following purposes:
- to log in without being asked for a password
- to execute a remote command without being asked for a password
Let's show how to configure ssh cert login from
1.1 Create .ssh directory on target computer
ssh username@hostname [password] mkdir -p ~/.ssh chmod 700 ~/.ssh chmod 600 ~/.ssh/authorized_keys
- The permissions of the ~/.ssh directory should be 700.
- The permissions of the ~/.ssh/authorized_keys file should be 600.
1.2 Generate the keys in client machine
On the machine from which you will be connecting check if you have already a key for logged user
If you don't have a key, generate it using
1.3 Copy the public key to the target machine
Copy (append) the .pub file to the ssh authorized keys in the machine to which you will be connecting:
cat .ssh/id_rsa.pub | ssh username@hostname 'cat >> ~/.ssh/authorized_keys'
username is the name of the user on the secondary machine named
1.4 Test your connection
From client machine
ssh -v username@hostname date
ssh -vto enable verbose mode.
1.5 Executing commands
Even you can execute a system command like
date you may not be
able to run commands that require a profile.
This is because by default profiles aren't loaded when connecting via ssh.
An option is to execute a remote shell that setups the env before running the command or a more complex way is to do it before the command.
ssh firstname.lastname@example.org '. /etc/profile.d/informix.sh; exec /home/informix/bin/dbaccess - - <<! database sysmaster; select dbs_dbsname::CHAR(20), dbs_collate::CHAR(20) FROM sysdbslocale ! '
2 SSH port forwarding
Asuming we have two computer A (client) and B (server). We want to expose an http server running on B (192.168.10.10) in port 1313 to port 8080 of server A.
2.1 Local port forwarding
Local port forwarding allows you to forward traffic on a port of your local computer to the SSH server, which is forwarded to a destination server.
From computer A (client) type:
ssh -L <local-port>:<remote-host>:<remote-port> <remote-host>
ssh -L 8080:192.168.10.10:1313 -l username 192.168.10.10
2.2 Remote port forwarding
Remote port forwarding is the exact opposite of local port forwarding. It forwards traffic coming to a port on your server to your local computer, and then it is sent to a destination
From computer B (server) type:
ssh -R <remote-port>:<local-host>:<local-port> <remote-host>
ssh -R 8080:127.0.0.1:1313 192.168.1.152
-vto start verbose option in ssh for debug