Since OpenSSH have been introduced, it has become the most popular and free SSH program for secure registration system, executing commands on a remote host and for transferring of files from one machine to another. The openssh is a wonderful program which can be used to perform several actions by using the following useful tips. In this article, you will go through various tips and techniques and different ways of using SSH in your everyday life.

How to restrict access to the root ?

In most distributions, for security access by root via SSH is closed (PermitRootLogin no), and when anyone tries to login as root he will get an error message. To perform tasks requiring administrative privileges, you have to go as a normal user and use su or sudo. Nicely out of the situation helps directive Match. The argument is passed the selection criterion (User, Group, Host, Address), its value and setting that you want to apply.

As an example, it enables the connection of the root only from localhost and from a trusted subnet you specify.

PermitRootLogin no
#PermitRootLogin yes ( Comment this line or keep command active with no option. Both will deny direct SSH login for root user)

You can also restrict SSH access for the specific Ips using TCP Wrapper setting.

Vi /etc/hosts.allow
# Open /etc/hosts.allow file and add required IP as following.
Sshd : 19.168.1.1 : allow
sshd : ALL : deny
# Make sure that you add All deny entry as default it will allow all host/IP.

How to monitor user connections ?

Installation files /etc/ssh/sshrc or ~/.ssh/Rc allows you to execute some actions when a user logs in. Here, you can use any shell command. As an example, the admin will send the mail notification that the system via SSH went Member:

# vi /etc/ssh/sshrc
echo $(date) $SSH_CONNECTION $USER $SSH_TTY | mail-s “ssh login” admin@domain.com

How to backup your work on dedicated server ?

Generate a key pair (private and public):

$ sudo ssh-keygen-t rsa-C ‘remote backup’
Generating public/private rsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_rsa):
/home/user/.ssh/id_rsa_backup

Add the public key in the list of authorized keys on the remote system:

$ ssh remotehost “umask 077; cat> .ssh/authorized_keys” <.ssh/id_rsa_backup.pub

Then edit authorized_keys (Key ‘-t’ should be used when running programs that require for their work having pseudo):

$ ssh-t remotehost vi .ssh/authorized_keys
from = “192.168.0 .*, 212.34.XX.YY”, command = “cd  /work; tar cvf -. / * | bzip2 -9″,
no-pty, no-agent-forwarding, no-X11-forwarding, no-port-forwarding ssh-rsa AAAA […]

Now, run the backup procedure:

$ ssh-i .ssh/id_rsa_backup remotehost> ~ /backup/work- `date +% d% m% Y`. tar.bz2 2> /dev/null

Catalog / work, on the server remotehost, will be stored in the archive ~ /backup/work-11052008.tar.bz2.

How to transfer the files and directories ?

Send a file using SSH, you can use one of the following ways:

$ cat myfile | ssh remotehost ‘cat> myfile’
$ tar zcf – ~ /coding | ssh remotehost ‘cat> coding.tgz’

To recursively send the entire directory, type:

$ scp-r mydir user@host.domain.com

Option to copy directory using ‘ssh’ and ‘tar’ from a local to a remote host:

$ tar cf – source | ssh remotehost “(cd  target; tar xpf -)”

and from the remote host to localhost:

$ ssh remotehost “tar cf – source” | (cd  target; tar xpf -)

How to receive emails safely ?

In order to receive mails safely using the fetchmail, you can use the SSH. Open the configuration file ~ /.fetchmailrc and specify the following:

poll localhost with protocol pop3 and port 8110:
preconnect “ssh-f-q-C user@213.167.XX.YY \
-L 8110:213.167. XX.YY: 110 sleep 10 “password noIdea;

Fetch mail:

$ fetchmail
A message for user at localhost (8062 octets).
reading message user@localhost.domain.com: 1 of 1 (8062 octets )……. flushed

How to execute the specified command after connecting ?

ProxyCommand option lets you to execute arbitrary commands. As an example, to connect through a gateway to a file server which is behind a NAT.

$ vi .ssh / config
Host gateway
HostName ns.domain.com
Host filesrv
HostName 192.168.5.201
ProxyCommand ssh gateway nc-w 180% h% p

Connects:

$ ssh filesrv

I hope it helps.

Related Posts:

• No Related Posts