Using SSH to forward the same local port to multiple external hosts

Okay, this is kinda awesome :-), I got my geek on :-)

My application is connecting to a cluster of external servers but my application can configure hostname but can’t configure port.

So I wanted to connect to a remote cluster using SSH tunneling, but I was unable to forward everything because the port binding to localhost (127.0.0.1) can only be used once.

Then I saw that you can use multiple loopback addresses! See this page: https://en.wikipedia.org/wiki/Loopback

Basically you can bind the portforward to 127.0.0.2, 127.0.0.3 till 127.255.255.254, that should provide enough addresses, right!? :-)

So I can use multiple port forwards from my localhost(s) to the six remote hosts like this:

ssh somedomain.com \
-L 127.0.0.1:9042:external-node1.somedomain.com:9042 \
-L 127.0.0.2:9042:external-node2.somedomain.com:9042 \
-L 127.0.0.3:9042:external-node3.somedomain.com:9042 \
-L 127.0.0.4:9042:external-node4.somedomain.com:9042 \
-L 127.0.0.5:9042:external-node5.somedomain.com:9042 \
-L 127.0.0.6:9042:external-node6.somedomain.com:9042
Advertisements

Create a simple HTTPS server with OPENSSL S_SERVER

This post will mostly serve as a reference for future posts, the goal is to create the simplest HTTPS webserver possible, which will serve to test certificates, authentication via private keys and in the end; configure SSL offloading to an Apache HTTPD, which will act as a proxy between your client and the secure endpoint.

GOAL: At the end of this article, you will have a running secure web server which you can access via your web browser and/or via an SSL client. Continue reading “Create a simple HTTPS server with OPENSSL S_SERVER”

Remove host from SSH KnownHosts file without seeing the hostname

This post is mostly a bookmark for myself. I’ve been using search engines way too often to find this command..

The command to remove a host from a knownhosts file without seeing the actual hostname in the knownhosts file is the following:

ssh-keygen -R HOSTNAME

Continue reading “Remove host from SSH KnownHosts file without seeing the hostname”

SSH Remote Execute command, multiple command and with interaction

This article shows how to execute remote commands via ssh, but you’ll send the commands from your own shell.

ssh my_server 'ls -l /home/my_home_dir'

This will result in this output:

$ ssh ae2 'ls -lha ~'
total 36K
drwxr-xr-x  2 joris joris 4.0K Jan 23 11:42 .
drwxr-xr-x. 5 root  root  4.0K Jan 23 11:41 ..
-rw-r--r--  1 joris joris   54 Jan 23 11:41 .bash_logout
-rw-r--r--  1 joris joris  507 Jan 23 11:41 .bash_profile
-rw-r--r--  1 joris joris  213 Jan 23 11:41 .bashrc
-rw-------  1 joris joris   51 Jan 23 11:42 .history
-rw-r--r--  1 joris joris  171 Jan 23 11:41 .kshrc
-rw-r--r--  1 joris joris  375 Jan 23 11:41 .profile
-rw-r--r--  1 joris joris  153 Jan 23 11:41 .vimrc

What’s even better, is that you can run multiple commands separated with a semi colon, like this:

ssh my_server 'ls -l /home/my_home_dir;whoami'

And the best trick is this one, user input with an interactive command, sending input and output back and forth!

ssh -t my_server 'vi ~/.bash_profile'

SSH: Different settings (keys!) for different hosts

There’s a simple way to create aliases in a SSH config file. This way you can connect way easier to different hosts, combined with this blog post to use keys to log in.

Where you used to use this connect string:

ssh pi@192.168.0.5
pi@192.168.0.5's password: <<enter boresome password>>

You can now just enter

ssh pi

Where “pi” is the alias that you’ll be using!

The only thing you’ll need to do is create the following file:

[[ ~/.ssh/config ]]

Host pi
  HostName 192.168.0.5
  User pi
  << (!) Only add below line if you're using keys to log in >>
  IdentityFile ~/.ssh/keys/raspberry_key

Aint that awesome!?

Ps. If you’re still being asked to enter your password, check your keys and please look at this blog post I wrote.

 

SSH without password

SSH is one of the most friendly deamons in the Linux toolbox, you can port forward your home server, you can surf the internet via your own proxy server, you can transfer files, it’s the first thing I set up on a freshly installed box and by far the most used service around my home (yeah, that’s nerdy) :-)

This post will outline how you can create a public and private RSA key pair, and then we will use that key pair to authenticate ourselves to another computer in the network.

We will need to complete the following steps:

  1. Create a public/private rsa key pair
  2. Copy the public key to the remote host via ssh-copy-id
  3. Login to the remote system without a password

Create a public/private rsa key pair

If you haven’t created a rsa key pair yet, we can create it with this command:

ssh-keygen

As shown in this screenshot:

Screenshot from 2014-07-28 21:28:18If you have previously created a key pair, you will be asked to replace this.

For my home machines I don’t use a passphrase, if you’re more paranoid (or careful) you can do so. Please read this article for more info on passphrases and how to use them.

The keys have been generated in /home/yourloginname/.ssh and are called id_rsa and id_rsa.pub.

Never, never send someone your private (id_rsa) key! That is the same as handing over your house keys..

Copy the public key to the remote host via ssh-copy-id

This step should be repeated for all hosts to which you want to SSH with the newly created RSA key pair.

The command used is:

ssh-copy-id -i ~/.ssh/id_rsa joris@192.168.0.10

Screenshot from 2014-07-28 21:30:35

 

You will need to enter your password one last time, after that your public key is added to the authorized_keys file, which is automatically created on the target system.

After this step you don’t need to use a password any more!

Login to the remote system without a password

Just SSH into the remote system:

Screenshot from 2014-07-28 21:32:01

And wonder what you’re gonna do with all that extra time you’ve just won because entering passwords belongs to the past… :-)

 

 

SSH through a proxy to a remote server

I wanted to SSH into my home server from my workplace but I couldn’t reach it directly because of the way the network was set up.

As it turns out it is quite easy to do by using the corkscrew program.

Edit ~/.ssh/config and add the following lines:

Host home joris.his.homeserver.com
    Hostname joris.his.homeserver.com
    User joris
    ProxyCommand corkscrew proxyserveraddress proxyserverport %h %p

The most important part is the ProxyCommand, this lets your ssh client know that it should use corkscrew as a proxy to your host. %h means the host of your remote server, %p means the port of your remote server.