Unix Administration Firewall Intrusion Detection Network Security Hacking MORE HOME

SSH

Reverse SSH Tunneling

Tunneling from you work computer out to your home computer.

ssh -4Nnfg -R 2222:127.0.0.1:22 -lroot tunnelMachine -o keepalive=yes

ssh -gf -L 2223:tunnelMachine:2222 localhost sleep 60

ssh root@tunnelMachine -p 2223

Updating SSH on a running System

First get the sources, configure and do a make. Do not go for the make install yet!

mkdir /tmp/ssh
cd /tmp/ssh
cp /usr/local/bin/sshd .
cp /usr/local/etc/sshd_config .
./sshd -f ./sshd_config -p 1022

Connect with a new session to port 1022. Go on from there and do the make install. Then restart the sshd daemon which was running no the port 22 (usually via /etc/rc.d/sshd restart).

Updating SSH on a running System II

Here is another variant:

echo "rcsshd stop; rcsshd start"|at now + 3 minutes

FanOUT

In some environments you want to execute the same command on multiple hosts at once. For example to patch systems. A utily which helps you doing this is FanOUT.

Restricting Access

You can make SSH only allow the execution of certain sepecific commands. To do so, generate a key for the client and deposit the public key on the server, where the key can be generated as follows:

printf 'from="host.name.com",command="/usr/local/bin/command" \ %s\n' "'cat ~/.ssh/key.pub'" | ssh server 'cat >> ~/.ssh/authorized_keys2'

This client with this key can now only execute one command.

Passing vairous Parameters

You can pass some specific parameters to an SSH server as follows:

ssh -T -o "IdentityFile2 /root/.ssh/key" server

This will for example choose another identity to connect to the server.

Passing Binary Data to a Remote Shell

cat myfile | ssh user@desktop lpr

tar -cf - source_dir | ssh user@desktop 'cat > dest.tar'

OR:
dd if=t41.home.ram.tar.gz | ssh ram@192.168.0.13 'tar --exclude=ram/software/ -C /mnt/backup -xzf -'

CopyLeft (l) 2003 by Raffael Marty