i assume you have setup public-private-key-authentication and tested its workings and tightened security to only allow public-private key auth of specific non-root users.

run local scripts remotely

You can run local scripts remotely by executing bash on the remote system and feeding it your script

ssh user@host ‘bash -s’ < script.s

sftp

kick out that extra-ftp client – ssh now does it all 😀

and even more secure. (without sending your password clear-text over the internet)

https://dwaves.de/2015/04/21/linux-debian-setup-sftp-limiting-access-with-sftp-jails-on-debian-and-ubuntu/

basic VPN – port forwarding

well okay – this only lets you access ports of the server not exposed to the public.

VPNs are very complicated constructions… but they work well once they are setup. (pc(software VPN client)->VPN-server(e.g. mguard)->Company-LAN, Servers and Printers)

but it seems like you can setup some kind of VPN functionality with SSH: https://help.ubuntu.com/community/SSH_VPN

“poor techie’s vpn :-D”

this way you can connect two ports from server to client – via an encrypted tunnel – similar VPN.

thus access a service that is not publicly accessable – maybe because you do not want to share it – or it is unsafe to share.

All traffic will be send through an encrypted ssh-tunnel.

this way you could theoretically access an (not so secure) NFS share of your remote (web?) server – without actually exposing that port to the internet (firewall only allows connections from localhost).

don’t expect massive speeds… but it should work.

# on SERVER install telnet - just as an example
apt-get install telnetd; # install telnet service
service inetd restart; # restart inted
service inetd status; # check it's status - all green continue

# on CLIENT
ssh -f user@server -L 9000:server:23 -N; # make port 23 of server accessible as localhost:9000
# no output = worked

lsof -i -P -n|grep 9000; # check if it worked
ssh     2771 user    4u  IPv6  23565      0t0  TCP [::1]:9000 (LISTEN)
ssh     2771 user    5u  IPv4  23566      0t0  TCP 127.0.0.1:9000 (LISTEN)

telnet localhost 9000; # now from client you should be able to access server's telnet

# if you want to kill the tunnel kill the process
ps uax|grep 9000
user      2771  0.0  0.1  76056  1360 ?        Ss   16:35   0:00 ssh -f user@debian8 -L 9000:debian8:23 -N
user      2791  0.0  0.0  76056   932 ?        Ss   16:52   0:00 ssh -f user@debian8 -L 9000:debian8:23 -N

kill 2771 2791; # in this case the process ids
killall ssh; # will also do the job (non-root user)

liked this article?

  • only together we can create a truly free world
  • plz support dwaves to keep it up & running!
  • (yes the info on the internet is (mostly) free but beer is still not free (still have to work on that))
  • really really hate advertisement
  • contribute: whenever a solution was found, blog about it for others to find!
  • talk about, recommend & link to this blog and articles
  • thanks to all who contribute!
admin