Difference between revisions of "Category:SSH"

From Noah.org
Jump to: navigation, search
 
(47 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
[[Category:Engineering]]
 
[[Category:Engineering]]
 
+
[[Category:SSL]]
== External OpenSSL Command-line FAQ ==
+
This [http://www.madboa.com/geek/openssl/ OpenSSL HowTo/FAQ] deals with the command-line openssl.
+
 
+
== sshd_conf tweaks ==
+
These are changes I always make to /etc/ssh/sshd_config.
+
See [http://www.fail2ban.org/ fail2ban] for
+
protecting against bots doing dictionary attacks.
+
 
+
<pre>
+
# this speeds up logins.
+
UseDNS no
+
# bots often check these accounts for weak passwords:
+
DenyUsers root test admin guest nobody
+
# for extra security, limit access to only these users:
+
AllowUsers user1 user2 user3
+
</pre>
+
 
+
Use the following to support SSH1. I no longer use this.
+
<pre>
+
# this is required if you want to support SSH1
+
Protocol 2,1
+
# this is required if you want to support SSH1
+
PasswordAuthentication yes
+
</pre>
+
 
+
== simple port forwarding (SSH tunnel) ==
+
This example creates a tunnel for IMAP. Here we forward port 1143 on localhost to 143 (IMAP) on imap.example.com.
+
<pre>
+
ssh -f -N -q -L 1143:localhost:143 username@imap.example.com
+
</pre>
+
 
+
-f tells ssh to go into the background (daemonize).
+
 
+
-N tells ssh that you don't want to run a remote command. That is, you only want to forward ports.
+
 
+
-q tells ssh to be quiet
+
 
+
-L specifies the port forwarding
+
 
+
== reverse port forwarding ==
+
Sometimes I need to make an internal LAN machine expose a service to the outside WAN.
+
For example, I have a database server that will only accept connections from a
+
specific development box. That dev box is inside the firewall. I want to connect to
+
the database from outside the firewall.
+
<pre>ssh -t -L 5432:localhost:1999 my_name@firewall.example.com ssh -t db_server ssh -t -R 1999:127.0.0.1:5432 my_name@firewall
+
</pre>
+
 
+
 
+
== SSH for Windows ==
+
[http://www.chiark.greenend.org.uk/~sgtatham/putty/ Putty] is the best free SSH client for Windows. You can also use [http://www.cygwin.com Cygwin], but the ANSI terminal emulation isn't as good unless you start the X11 server and run xterm.
+
 
+
== MindTerm SSH client Java Applet ==
+
MindTerm_2.1 (non-commercial). This was the last free version of MindTerm.
+
 
+
    [http://www.noah.org/ssh/mindterm.jar mindterm.jar]
+
 
+
Put this applet on a web page and point the <applet> "archive" attribute to the URL of the JAR file:
+
<small><pre>
+
<applet archive="mindterm.jar" code="com.mindbright.application.MindTerm.class" width="580" height="400">
+
    <param name="te" value="xterm-color"> <!-- "vt102" -->
+
    <param name="fs" value="18">
+
    <param name="gm" value="80x32+0+0">
+
    <param name="port" value="22">
+
    <param name="cipher" value="blowfish"> <!-- "des" -->
+
    <param name="usrname" value="">
+
    <param name="sepframe" value="false">
+
    <param name="quiet" value="false">
+
    <param name="cmdsh" value="false">
+
    <param name="verbose" value="true">
+
    <pa ram name="autoprops" value="none">
+
    <param name="idhost" value="false">
+
    <param name="alive" value="10">
+
    <param name="appletbg" value="white">
+
</applet>
+
</pre></small>
+

Latest revision as of 01:14, 22 October 2008

Subcategories

This category has only the following subcategory.

S

Pages in category "SSH"

The following 7 pages are in this category, out of 7 total.