Monday, 6 March 2017

SSH for mere mortals: configuring and using SSH for Linux


In the network a lot of paperwork to set up SSH for remote management of Linux and BSD-systems, but often they are concealed simple things. In this post I will talk about the simple use of the client SSH and configure remote access.






Installing SSH on Linux on the example of Debian
So, all we need to install a complete set of remote computer management ( SSH-client , and SSH-server ) is a long time ago in the repository. Flick put the package:
# Apt-get install ssh

and wait a few moments when it is tuned. After that, we will be able SSH access to the system and manage it. Since this technology is cross-platform, it can be controlled via SSH Linux or FreeBSD, and from Windows. For this is 
putty, the SSH the Windows client. On the client side is now necessary to fix the settings that are in the directory / etc / ssh - configuration for the client called ssh-config, configuration for the server, respectively, sshd-config. On their own, the client, to the side, set up the possibility of receiving X11Forward, search and change the keys to: 



Yes or The ForwardX11 
the ForwardX11Trusted yes or The
The client machine can now remotely run graphical applications on the server. Configuring SSH on the client side is finished, and now we go to a distant server to admin ... 
In principle, it is possible on the client side does not change anything, and login to the remote machine as follows:
The ssh $ -X user@server1.mydomain.com
or
The ssh $ -X user@192.168.xx
if you get into the config on your side does not want to, but I for some reason this did not work ... 

On the server side
now need to configure the SSH server: config in the server machine, to which will be connected (after you eat it Rutaceae password ? do not you) are looking for and changing keys in the / etc / ssh / sshd-config to:

Yes or The X11Forwarding 
X11DisplayOffset 10 
X11UseLocalhost yes
In this way we allow the server to run remotely graphics applications and send them to the client machine. Perestartuem service:
sudo /etc/init.d/ssh restart
Now we can go on the car is not only in the console mode, but with the launch of 'X applications. 

If you want to allow entry only to specific machines, you need to tweak the line in the config file/etc/ssh/sshd_config
AllowUsers hacker @ *

AllowUsers *@192.168.1.*
However, it is for the more advanced comrades. 

SSH in action
Everything is ready, and now I will give a few teams SSH for example. Open konsolku and write in it:
$ Ssh @ imya_polzovatelya_udalёnnoy_mashiny ip_adres_ili_setevoe_imya_udalёnnoy_mashiny
For example, in my case, when I come remotely on a laptop, writing ssh beast@192.168.1.5 - since I have not set up a name server, write the address. Again, SSH access can be not only of Linux or FreeBSD, but and from Windows - using putty. 

After that, we can ask the IPs have not yet been identified as confidential, should trust him? Yes or The Writing, is, of course! :-) Next, enter the user password of the remote machine by which we go, and if it is right, get into the console of the remote machine. During the password, you will not see - dial anyway; given three attempts - then the connection is dropped. 

So greet us like something like this:

@ penta4rce penta4: ~ $ beast@192.168.1.5 the ssh 
the Password: 
the Linux 2.6.15.7 notebeast # 3 PREEMPT Sun Jul 2 12:51:07 MSD 2006 the GNU the i686 / the Linux 
of The programs included with the the Debian the GNU / the Linux system are free software; 
exact distribution terms the for each program are Described in the 
Individual files is in / usr / this content share / the doc / * / copyright The. 

The GNU the Debian / the Linux Comes with ABSOLUTELY of NO WARRANTY, to the extent 
Permitted by Applicable law. 

Last login: Tue Oct 10 19:23:57 2006 192.168.1.1 from 
beast notebeast @: ~ $
Now, in a terminal box, which in our car, we rulim computer to which we are connected. Do not confuse the terminals, and then cut down the wrong computer :-) Here, everything is simple and logical, but we would like more and run graphical applications on the remote system. Easily!

Running graphical applications remotely
administered, as usual, the login and password of the remote machine. And here we face the same console. How to call a graphics application? Just type the name of the caller, and put after the name of an ampersand:
$ Gimp &;

This will start on the remote machine GiMP in the background and returns you to the console for further action. If you do not put an ampersand after the name of the application, the management console will be returned only after the application is complete. 

The figure screenshot: Left gimp, running on the "home" machine, to the right - on the remote. Buttons a little different due to the fact that on the remote machine gimp other settings. The rest - as a native.

So, you run a graphical application exactly the same way as if it work for you . There is one thing: this application will run on your screen, but with the documents and the settings of the remote machine. If the file for processing is in your home directory, it will need to pass to the remote machine. It (and other applications that you run) will work only until such time as the open ssh-soedienie. There, in konsolku ssh-connection will be issued to service messages of the applications you run. 


Conclusion
Well, as it turns out, remote connection and work on SSH can be useful to mere mortals, not just bearded admins. Very convenient, for example, to quickly climb on the computer and colleagues to help him in some way (read the logs, for example), quietly put the software, or just download something useful idle machines. In general, many applications. 

No comments:

Post a Comment