Created 2007-12-29 Modified 2009-04-11
Chelton Evans
Intro
copying
sftp
sshfs
ssh and Cygwin
automatic login
OpenSSL
ssh is used to remotely log into another computer. Additionally when working you wish to move files between the local computer and the remote computer.
For example I could have two shells open, one with a ssh login and another with sftp login to move files between the two systems. sshfs replaces sftp in the sense that it integrates with the OS, very useful.
ssh is security at the application layer. It is not like a vpn where you enter a point in the network, indeed ssh can be configured and used in many different ways. ssh is a data stream.
scp copies files
scp source destination
scp -p 10.1.1.5:/home/zero/downloads/file.txt .
scp Makefile.sh zero@10.1.1.4:Makefile.sh - copies
to /home/zero on remote system.
Copying with ssh and pipes
Backing up a directory on my machine to the target machine.
Let other be the directory.
tar zcvf - other | ssh zero@10.1.1.3 "cat > other.tgz"
Copy from the target machine to my machine.
ssh zero@10.1.1.3 "cat other.tgz" > other.tgz
Pipe it to decompress the file structure.
ssh zero@10.1.1.3 "cat other.tgz" | tar zpvxf -
Now copy the directory accross to the target machine.
tar zcvf - other | ssh zero@10.1.1.3 "cat > /cygdrive/e/other.tgz; cd /cygdrive/e/; cat other.tgz | tar zpvxf -; rm other.tgz"
I love ssh.
Here is copying the directory with scp.
scp -r other zero@10.1.1.3:/cygdrive/e/other
Copying directories with tar is recommended. On my local system tar needs to be called as it is at the command line.
tar -c cube | ssh 10.1.1.4 "cat > /home/zero/backup/cube.tar; cd /home/zero/backup/; cat cube.tar | tar xf -; rm cube.tar"
rsync -avz -e ssh zero@10.1.1.8:/home/zero/t3 .
Uses ssh to copy the directory. For example create a mirror by putting this into a cron job.
sftp is supported when the ssh deamon (service) is implemented.
Generally use sftp as it is much
better for interactive use.
sftp zero@10.1.1.5
| Local | Remote |
| lcd | cd |
| lls | ls |
| lmkdir | mkdir |
| lpwd | pwd |
| put | get |
For a directory sftp refused to copy,
so create an archive $tar -cv black.tar blacklagoon,
then in sftp session get black.tar ., then
in bash extract $tar -xf black.tar.
I am having intermidant problems with some files unable to
be expanded on windows box.
Mount the remote file system. Turns the remote computer into a file server.
For example 1000Mbps ethernet at home with a fast linux computer (as a server) to watch my dvd's, simply mount the file system and run the files.
sshfs for Mac OS X
# ln -s /Applications/sshfs/bin/mount_sshfs /sbin/mount_sshfs
mkdir ~/p3
mount_sshfs zero@10.1.1.8 ~/p3
umount ~/p3
umount -f ~/p3
Added a drive to server. ssh puts root at home directory but the
drive is in /media/INFINITY.
mount_sshfs zero@10.1.1.7:/media/INFINITY ~/p4
<TODO>
mkdir ~/p5
sshfs zero@10.1.1.6: /home/zero/p5
On my home network I have a Linux box at 10.1.1.5 and
a windows box with
Cygwin installed with ssh.
Logging into the Linux box from windows in a Cygwin terminal,
$startx to start the X server.
ssh zero@10.1.1.5
For graphical programs the X11 display needs to be enabled.
ssh -Y zero@10.1.1.5
Windows does not support X11 so logging into the windows box from the Linux
box is a command line. Instead I installed VNC client/server on the windows
box( http://www.tightvnc.com ).
vncviewer 10.1.1.3 for windows box, then proped for password.
This gives a remote login with graphics. Although dvd's and mpegs graphics were not
displayed (black screen).
Command line script with ssh login.
ssh zero@10.1.1.5 "cd /tmp ; tar cf dvd.tar dvd"
To log into the windows box from the linux box the ssh deamon (service)
sshd needs to be started on the windows box.
ssh-host-config
Answer the questions. Maybe I answered wrong because I do not yet
have graphics from the windows box being sent to the linux box.
(CYGWIN=ntsec tty).
net start sshd
To stop sshd on windows box,
cygrunsrv --stop sshd
Delete sshd user acount (Computer Management).
cygrunsrv --remove sshd
kill -HUP `cat /var/run/sshd.pid` to
restart the ssh server.
Let A and B be two machines. To log in to A from B,
Create a key pair on machine B.
ssh-keygen -t rsa -b 4000
key pair in
return return return
~/.ssh/
Copy this file ~/.ssh/id_rsa.pub to machine A and append to
~/.ssh/authorized_keys
When I changed my key on A I had to delete the .ssh/known_hosts
file on B. Installing the first authorized_keys is simply copying B's
id_rsa.pub to A's authorized_keys and changing the permissions when the
automatic login did not work.
chmod 700 authorized_keys
This is regarded as less secure than using a ssh agent. On machine B the agent prompts for the password at the start of each session, then does the login authomatically thereafter.
What the agent does is decrypt the private key when in use and encrypt it when not in use. Ofcourse the mechanics are fancier (store private key decrypted in cache only) so ~/.ssh/id_rsa on B is always encrypted by not being stored there but in the agent in encrypted state. Now you need to trust your agent.
To get similar in process security manually decrypt and encrypt ~/.ssh/id_rsa when using and not using the ssh login.
Agent forwarding relies on obsification - that is hiding through complexity. Cryptography itself showed that this approach is useless as someone always comes along who can cut through the crap.
A better solution is to engineer your ssh login so that it is a sandbox and only provides the services necessary for its function.
This is probably difficult to do, but is the only sane solution.