Sunday, 10 February 2008

SSH for mere mortals

There are a lot of documents about the SSH, but in this post I want to tell about simple things. Let me explain some simple and obvious SSH tricks...

How to install SSH in Debian

From the Etch's release, packages for the SSH client and server are separated. Hence let's install SSH using command:

# aptitude install ssh
aptitude install openssh-server openssh-client
and wait a few moments for configuration of the packages.

On a client side
Now we must edit the configuration files located in the /etc/ssh directory. A client-side config file is ssh-config and a server-side config file is sshd-config. On a client-side let's allow to receive X11Forward; or such purposes, changing:
ForwardX11 yes
ForwardX11Trusted yes
Now the client machine can start the graphical applications on a server. Now let's go to the admin of the far-far-away kingdom server...

On a server-side
We need to edit config file (you have root password from the server, aren't you? :-)) in  /etc/ssh/sshd-config and changing the keys to such ones:
X11Forwarding yes
X11DisplayOffset 10
X11UseLocalhost yes
Here we allowed to start graphical applications remotely and redirect them in the client machine. Restart the SSH daemon:
sudo /etc/init.d/ssh restart
That's practically all.

If there is necessity to restrict access to the machine, one need to change config file /etc/ssh/sshd_config in such way:
AllowUsers hacker@*
AllowUsers *@192.168.1.*

SSH in work
It's all done, now open console and type:
$ ssh remoteusername@ip_address_remotemachine
For example, in my case I write: ssh beast@

After that, the SSH daemon asks us: this IP address isn't recognized yet, can I trust them? Sure! :-) Next, type the password of remote system, and if the password is correct then you log in into shell of the remote machine. During password typing you see nothing; you have 3 attempts or connection lost.
So, the SSH system will greet us like this:

penta4@penta4rce:~$ ssh beast@
Linux notebeast #3 PREEMPT Sun Jul 2 12:51:07 MSD 2006 i686 GNU/Linux

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.

Last login: Tue Oct 10 19:23:57 2006 from

Now we control remote computer: don't entangle machines or you shut down the wrong one! :-)

Remote using of the graphical applications
When you logged in, just type the name of the program with ampersand at the end of command:
$ gimp&

This command starts the GIMP on the remote machine and returns command prompt to you. If you do not enter ampersand then command prompt of the current SSH shell locks and returns only after application's over.

Thus, started remotely application is redirected to your machine and works the same as it started on your machine. Of course, the remotely started application will use files on the remote filesystem.

It is clear that SSH can be useful to mere mortals and not only for gurus. More about SSH one can  read in Goooogle or in this  this or this inks.