1 Configure SSH between two computers

SSH keys are created between two machines for the following purposes:

  • to log in without being asked for a password
  • to execute a remote command without being asked for a password

Let's show how to configure ssh cert login from source to target computer.

1.1 Create .ssh directory on target computer

Copy 
ssh username@hostname
[password]
mkdir -p ~/.ssh  
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
  • The permissions of the ~/.ssh directory should be 700.
  • The permissions of the ~/.ssh/authorized_keys file should be 600.

1.2 Generate the keys in client machine

On the machine from which you will be connecting check if you have already a key for logged user

Copy 
cat .ssh/id_rsa.pub

If you don't have a key, generate it using ssh-keygen

1.3 Copy the public key to the target machine

Copy (append) the .pub file to the ssh authorized keys in the machine to which you will be connecting:

Copy 
cat .ssh/id_rsa.pub | ssh username@hostname 'cat >> ~/.ssh/authorized_keys'

where username is the name of the user on the secondary machine named hostname.

1.4 Test your connection

From client machine

Copy 
ssh -v username@hostname date
Mon Mar  1 22:22:14 CET 2021
If you can not connect, use ssh -v to enable verbose mode.

1.5 Executing commands

Even you can execute a system command like ls or date you may not be able to run commands that require a profile.

This is because by default profiles aren't loaded when connecting via ssh.

An option is to execute a remote shell that setups the env before running the command or a more complex way is to do it before the command.

Copy 
ssh informix@192.168.56.10 '. /etc/profile.d/informix.sh; exec /home/informix/bin/dbaccess - - <<!
database sysmaster;
select  dbs_dbsname::CHAR(20), dbs_collate::CHAR(20) FROM sysdbslocale
!
'
Database selected.

(expression)         (expression)         

sysmaster            en_US.819           
sysutils             en_US.819           
sysuser              en_US.819           
sysadmin             en_US.819           
stores_demo          en_US.819           
utf8                 en_US.57372         

6 row(s) retrieved.

2 SSH port forwarding

Asuming we have two computer A (client) and B (server). We want to expose an http server running on B (192.168.10.10) in port 1313 to port 8080 of server A.

2.1 Local port forwarding

Local port forwarding allows you to forward traffic on a port of your local computer to the SSH server, which is forwarded to a destination server.

From computer A (client) type:

Copy 
ssh -L <local-port>:<remote-host>:<remote-port> <remote-host>
Copy 
ssh -L 8080:192.168.10.10:1313 -l username 192.168.10.10

2.2 Remote port forwarding

Remote port forwarding is the exact opposite of local port forwarding. It forwards traffic coming to a port on your server to your local computer, and then it is sent to a destination

From computer B (server) type:

Copy 
ssh -R <remote-port>:<local-host>:<local-port> <remote-host>
Copy 
ssh -R 8080:127.0.0.1:1313 192.168.1.152
Add -v to start verbose option in ssh for debug