i assume you have setup public-private-key-authentication and tested its workings and tightened security to only allow public-private key auth of specific non-root users.
run local scripts remotely
You can run local scripts remotely by executing bash on the remote system and feeding it your script
ssh user@host ‘bash -s’ < script.s
sftp
kick out that extra-ftp client – ssh now does it all 😀
and even more secure. (without sending your password clear-text over the internet)
basic VPN – port forwarding
well okay – this only lets you access ports of the server not exposed to the public.
VPNs are very complicated constructions… but they work well once they are setup. (pc(software VPN client)->VPN-server(e.g. mguard)->Company-LAN, Servers and Printers)
but it seems like you can setup some kind of VPN functionality with SSH: https://help.ubuntu.com/community/SSH_VPN
this way you can connect two ports from server to client – via an encrypted tunnel – similar VPN.
thus access a service that is not publicly accessable – maybe because you do not want to share it – or it is unsafe to share.
All traffic will be send through an encrypted ssh-tunnel.
this way you could theoretically access an (not so secure) NFS share of your remote (web?) server – without actually exposing that port to the internet (firewall only allows connections from localhost).
don’t expect massive speeds… but it should work.
# on SERVER install telnet - just as an example apt-get install telnetd; # install telnet service service inetd restart; # restart inted service inetd status; # check it's status - all green continue # on CLIENT ssh -f user@server -L 9000:server:23 -N; # make port 23 of server accessible as localhost:9000 # no output = worked lsof -i -P -n|grep 9000; # check if it worked ssh 2771 user 4u IPv6 23565 0t0 TCP [::1]:9000 (LISTEN) ssh 2771 user 5u IPv4 23566 0t0 TCP 127.0.0.1:9000 (LISTEN) telnet localhost 9000; # now from client you should be able to access server's telnet # if you want to kill the tunnel kill the process ps uax|grep 9000 user 2771 0.0 0.1 76056 1360 ? Ss 16:35 0:00 ssh -f user@debian8 -L 9000:debian8:23 -N user 2791 0.0 0.0 76056 932 ? Ss 16:52 0:00 ssh -f user@debian8 -L 9000:debian8:23 -N kill 2771 2791; # in this case the process ids killall ssh; # will also do the job (non-root user)
liked this article?
- only together we can create a truly free world
- plz support dwaves to keep it up & running!
- (yes the info on the internet is (mostly) free but beer is still not free (still have to work on that))
- really really hate advertisement
- contribute: whenever a solution was found, blog about it for others to find!
- talk about, recommend & link to this blog and articles
- thanks to all who contribute!
