Tuesday, May 26, 2009

SSH

Secure Shell or SSH is a network protocol that allows data to be exchanged over a secure channel (or "tunnel") between two computers. Encryption provides confidentiality and integrity of data. SSH client is installed by default in Ubuntu so you can connect to another computer that is running a SSH server.
From the command-line terminal

Install the OpenSSH client (if not already installed):
sudo apt-get install openssh-client
From the command-line Terminal type:
ssh -C @
Note: The -C option indicates compression, which speeds up transmission through the tunnel.
For example:
ssh -C joe@remote.computer.xyz
or:
ssh -C mike@192.168.1.1
or
ssh -C 192.168.1.1 -l mike
Note: -l specifies the login id.

If the SSH server is listening on a port other than port 22 (the default), you can specify that in your connection (with the -p option). For example, if the SSH server is listening on port 11022, connect:
ssh -C joe.friday@remote.computer.xyz:11022
or
ssh -C remote.computer.xyz -p 11022 -l joe.friday
If you have made a public/private key using ssh-keygen, the private key must be stored in /home/user/.ssh. The key should be accessible only to user
sudo chmod 600 /home/user/.ssh/identity
or
sudo chmod 600 /home/user/.ssh/id_rsa
To login with the key:
ssh -C remote.computer.xyz -p 11022 -l joe.friday
Note: You can run the command as a menu item, but the command must be "run in terminal."
Port forwarding through SSH

See Using SSH to Port Forward for full details.
In brief, use
ssh -C -p -L :: -l
This specifies that any communications from your computer (localhost) going out through will be transmitted securely through the the SSH tunnel port. To use VNC through the tunnel, you would use an application like Krdc or Vinagre:
krdc vnc:/localhost:
Note that for VNC, the default is 5900. In general, a remote VNC server (such as Krfb) is also listening on the default 5900 as well. The default is 22, as discussed above. All these can be changed, however, if you desire greater security.
For me, I noticed that I had to set to be the internal LAN IP address of the remote computer (such as 192.168.1.155) instead of the remote router's IP address, which is specified in . (If the remote computer has a static IP address (i.e. is directly connected to the Internet without an intervening router), then and would be the same.)
Example: For extra security, my SSH Server uses =11022. I want to VNC to a remote computer on a remote LAN with a router whose IP address is = 244.205.123.123. The remote computer to which I want to connect has a static IP address within the remote LAN of = 192.168.1.155. I have set up a Krfb VNC server on this computer that is listening on = 6912 (instead of the default 5900). I setup port forwarding on the router of this remote LAN to forward port 6912 to this server computer. I want to VNC to this remote computer from my laptop, through the Internet. My laptop VNC client (Krdc) will use the default = 5900. My name is = joe.friday. This is my story.
ssh -C 244.205.123.123 -p 11022 -L 5900:192.168.1.155:6912 -l joe.friday
krdc vnc:/localhost:5900
If you have set up a private/ public key pair with a passphrase, or if your SSH server requires a passphrase, of course, you will be prompted for the passphrase after issuing the SSH command.
Note: Port forwarding assumes that the ports are also forwarded through the router(s) and through any firewalls. See the documentation for your router(s) and firewall to learn how to do this. The advantage of SSH tunneling is that only the needs to be open and forwarded by a router. All encrypted communications will go through your router using this single port. This is what makes the communications secure.

No comments:

Post a Comment