Zuletzt angesehen:
Seite anzeigen
Ältere Versionen

Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

Link zu dieser Vergleichsansicht

Beide Seiten der vorigen RevisionVorhergehende Überarbeitung
Nächste Überarbeitung		Vorhergehende Überarbeitung
ssh [2008/11/17 08:50] geraldssh [2024/02/29 13:36] (aktuell) – Externe Bearbeitung 127.0.0.1
Zeile 2: Zeile 2:
  
 [[SSH without password|SSH ohne Passworteingabe]] [[SSH without password|SSH ohne Passworteingabe]]
-[[ + 
-http://www.pro-linux.de/t_netzwerk/fernsteuerung.html|Linux fernsteuern mit ssh, X11 und VNC]]+[[ssh:xnest|Fernzugriff auf X11 via Xnest über ssh-Tunnel]] 
 + 
 +[[ssh:tunnel|Tunneling, auch reverse]] 
 + 
 +So habe ich Java-Software via ssh (cridmanager mit Oberfläche) zum Laufen gebracht. 
 + 
 +[[http://www.pro-linux.de/t_netzwerk/fernsteuerung.html|Linux fernsteuern mit ssh, X11 und VNC]] 
 + 
 + 
 +== 4.2.1 XDM == 
 + 
 + 
 +Um X-Logins von anderen Rechnern bei XDM zu erlauben, muss eine Änderung in /etc/X11/xdm/Xaccess vorgenommen werden. Mit locate Xaccess kann danach gesucht werden, falls die Datei an einem anderen Ort gespeichert ist. Folgende Zeile muss aktiviert werden, indem das erste '#' entfernt wird. 
 +<code> 
 +#*                    #any host can get a login window</code> 
 + 
 +Bei XFree86 Version 4 muss ausserdem die Datei xdm-config (gleiches Verzeichnis) verändert werden: 
 + 
 +<code>! SECURITY: do not listen for XDMCP or Chooser requests 
 +! Comment out this line if you want to manage X terminals with xdm 
 +DisplayManager.requestPort:  0</code> 
 + 
 +wird zu: 
 +<code> 
 +! SECURITY: do not listen for XDMCP or Chooser requests 
 +! Comment out this line if you want to manage X terminals with xdm 
 +! DisplayManager.requestPort: 
 +</code> 
 +Der Unterschied ist nur ein '!'. Das Komplizierteste ist eigentlich, dass das Ausrufezeichen, und nicht wie sonst üblich das Doppelkreuz, in dieser Datei Kommentare einleitet. 
 + 
 +Nach einem Neustart von XDM ist der Applikations-Server bereit. (/etc/init.d/xdm restart) 
 + 
 +---- 
 + 
 + 
 +==== Port-forwarding & autossh & Pairing ==== 
 + 
 +Quelle((http://www.linuxquestions.org/linux/answers/Networking/Forward_ports_via_an_SSH_tunnel_with_auto_reconnect_using_key_pair_authentication)) 
 + 
 + 
 +Ok so the other day someone asked me to figure something out and here was my reply in case you happen to be interested.  
 +  
 +The following was based on a Ubuntu 6.06 system but any distro will do as long as you can install the programs. (apt-get install is a wonderful thing) 
 +  
 + Needed programs: ''ssh, autossh'', and all of their dependencies. 
 +  
 +  
 + Object will be to forward port 6667 to your LUG's group server through a ssh tunnel that will reconnect if severed.  
 +  
 +  
 +  
 +==  1 == 
 + 
 + ok this is the ideal time to install any missing programs 
 +  
 +== 2 == 
 + 
 + we will be using a key pair to authenticate the ssh session. 
 +  
 +   - type 'ssh-keygen -t rsa'  
 +   - make sure it defaults to: '/<user's home dir>/.ssh/id_rsa' 
 +   - no passphrase (not that secure, but easy to setup) 
 +   - you should now have the key pair in the .ssh directory (id_rsa & id_rsa.pub) 
 +   - make a copy of your public key with the name 'authorized_key' 
 +   - 'cp /<user's home dir>/.ssh/id_rsa.pub /<user's home dir>/.ssh/authorized_key' 
 +   - copy authorized_key to the .ssh directory of the remote system. (use 'scp' for secure comms) 
 +   - 'scp /<user's home dir>/.ssh/authorized_key <remote user>@<ip address>:'/<user's home dir>/.ssh/' 
 +   - you may have to create the .ssh folder on the remote system if it is not there. this happen to me on my OpenBSD test box. 
 +  
 +  
 +== 3 == 
 + 
 + verify that ssh work with the new keys. 
 +  
 +   - ssh -i /<user's home dir>/.ssh/id_rsa <remote user>@<ip address> 
 +   - when you connect you should have direct access to the system and not be prompted for a passphrase. 
 +  
 +== 4 == 
 + 
 + Time to forward a port 
 +  
 +   - add the port forward feature to the ssh command: '-L <local port>:system:<remote port>' 
 +   - '-L 1234:localhost:6667' would be my local system listening on port 1234 and sending requests to port 6667 of the remote's local loopback address (127.0.0.1) 
 +   - if forwarding is enabled on the remote system the you could use the remote system as a stepping stone to another. 
 +   - to enter fritz-Box from outside: ''sudo ssh root@93.104.39.149 -L 81:192.168.122.1:80''. Then enter on local browser: ''localhost:81'' Vola! 
 +   - the new command would be: 
 +   - ssh -i /<user's home dir>/.ssh/id_rsa -L <local port>:system:<remote port> <remote user>@<ip address> 
 +   - ie: 'ssh -i /root/.ssh/id_rsa -L 1234:localhost:6667 zxcv@207.46.19.30 
 +   - verify it works 
 +   * 1.connect to the remote system 
 +   * 2.set your irc client to connect locally on port 1234 which should forward the request to the remote system. 
 +  
 +== 5 == 
 + 
 + Keeping the connection alive 
 +  
 +   - Dear fellow admins, <screaming> stop reconfiguring the firewall and killing my open connection </screaming>. Thank you. 
 +   - use the autossh command to monitor the connection and reconnect when needed. (make sure you replace the ssh with autossh) 
 +   - 'autossh -i /root/.ssh/id_rsa -L 1234:localhost:6667 zxcv@207.46.19.30' 
 +  
 +  
 +== 6 == 
 + 
 + Automate 
 +  
 +   - typing this out all the time sucks, so write a script and make it executable. 
 +  
 +== 7 == 
 + 
 + This of course is very basic instruction set. Both ssh and autossh have many options to suit your needs, but that is for you to figure out. 
 + 
 + 
 + 
 
Nach oben
ssh.1226911852.txt.gz · Zuletzt geändert: 2024/02/29 13:34 (Externe Bearbeitung)
Übersicht Letzte Änderungen
Admin
chimeric.de = chi`s home Creative Commons License Valid CSS Driven by DokuWiki do yourself a favour and use a real browser - get firefox!! Recent changes RSS feed Valid XHTML 1.0
DFmW2CEce3htPL1uNQuHUVu4Tk6WXigFQp   Dogecoin Donations Accepted Here    DFmW2CEce3htPL1uNQuHUVu4Tk6WXigFQp  DFmW2CEce3htPL1uNQuHUVu4Tk6WXigFQp