SSH ohne Passworteingabe

Fernzugriff auf X11 via Xnest über ssh-Tunnel

Tunneling, auch reverse

So habe ich Java-Software via ssh (cridmanager mit Oberfläche) zum Laufen gebracht.

Linux fernsteuern mit ssh, X11 und VNC

4.2.1 XDM

Um X-Logins von anderen Rechnern bei XDM zu erlauben, muss eine Änderung in /etc/X11/xdm/Xaccess vorgenommen werden. Mit locate Xaccess kann danach gesucht werden, falls die Datei an einem anderen Ort gespeichert ist. Folgende Zeile muss aktiviert werden, indem das erste '#' entfernt wird.

#*                    #any host can get a login window

Bei XFree86 Version 4 muss ausserdem die Datei xdm-config (gleiches Verzeichnis) verändert werden:

! SECURITY: do not listen for XDMCP or Chooser requests
! Comment out this line if you want to manage X terminals with xdm
DisplayManager.requestPort:  0

wird zu:

! SECURITY: do not listen for XDMCP or Chooser requests
! Comment out this line if you want to manage X terminals with xdm
! DisplayManager.requestPort:  0

Der Unterschied ist nur ein '!'. Das Komplizierteste ist eigentlich, dass das Ausrufezeichen, und nicht wie sonst üblich das Doppelkreuz, in dieser Datei Kommentare einleitet.

Nach einem Neustart von XDM ist der Applikations-Server bereit. (/etc/init.d/xdm restart)


Port-forwarding & autossh & Pairing

Quelle1)

Ok so the other day someone asked me to figure something out and here was my reply in case you happen to be interested.

The following was based on a Ubuntu 6.06 system but any distro will do as long as you can install the programs. (apt-get install is a wonderful thing)

Needed programs: ssh, autossh, and all of their dependencies.

Object will be to forward port 6667 to your LUG's group server through a ssh tunnel that will reconnect if severed.

1

ok this is the ideal time to install any missing programs

2

we will be using a key pair to authenticate the ssh session.

  1. type 'ssh-keygen -t rsa'
  2. make sure it defaults to: '/<user's home dir>/.ssh/id_rsa'
  3. no passphrase (not that secure, but easy to setup)
  4. you should now have the key pair in the .ssh directory (id_rsa & id_rsa.pub)
  5. make a copy of your public key with the name 'authorized_key'
  6. 'cp /<user's home dir>/.ssh/id_rsa.pub /<user's home dir>/.ssh/authorized_key'
  7. copy authorized_key to the .ssh directory of the remote system. (use 'scp' for secure comms)
  8. 'scp /<user's home dir>/.ssh/authorized_key <remote user>@<ip address>:'/<user's home dir>/.ssh/'
  9. you may have to create the .ssh folder on the remote system if it is not there. this happen to me on my OpenBSD test box.
3

verify that ssh work with the new keys.

  1. ssh -i /<user's home dir>/.ssh/id_rsa <remote user>@<ip address>
  2. when you connect you should have direct access to the system and not be prompted for a passphrase.
4

Time to forward a port

  1. add the port forward feature to the ssh command: '-L <local port>:system:<remote port>'
  2. '-L 1234:localhost:6667' would be my local system listening on port 1234 and sending requests to port 6667 of the remote's local loopback address (127.0.0.1)
  3. if forwarding is enabled on the remote system the you could use the remote system as a stepping stone to another.
  4. to enter fritz-Box from outside: sudo ssh root@93.104.39.149 -L 81:192.168.122.1:80. Then enter on local browser: localhost:81 Vola!
  5. the new command would be:
  6. ssh -i /<user's home dir>/.ssh/id_rsa -L <local port>:system:<remote port> <remote user>@<ip address>
  7. ie: 'ssh -i /root/.ssh/id_rsa -L 1234:localhost:6667 zxcv@207.46.19.30
  8. verify it works
  • 1.connect to the remote system
  • 2.set your irc client to connect locally on port 1234 which should forward the request to the remote system.
5

Keeping the connection alive

  1. Dear fellow admins, <screaming> stop reconfiguring the firewall and killing my open connection </screaming>. Thank you.
  2. use the autossh command to monitor the connection and reconnect when needed. (make sure you replace the ssh with autossh)
  3. 'autossh -i /root/.ssh/id_rsa -L 1234:localhost:6667 zxcv@207.46.19.30'
6

Automate

  1. typing this out all the time sucks, so write a script and make it executable.
7

This of course is very basic instruction set. Both ssh and autossh have many options to suit your needs, but that is for you to figure out.

 
Nach oben
ssh.txt · Zuletzt geändert: 2024/02/29 13:36 von 127.0.0.1
chimeric.de = chi`s home Creative Commons License Valid CSS Driven by DokuWiki do yourself a favour and use a real browser - get firefox!! Recent changes RSS feed Valid XHTML 1.0
DFmW2CEce3htPL1uNQuHUVu4Tk6WXigFQp   Dogecoin Donations Accepted Here    DFmW2CEce3htPL1uNQuHUVu4Tk6WXigFQp  DFmW2CEce3htPL1uNQuHUVu4Tk6WXigFQp