Hiii guys here i am writing about one of the most basic and popular method for remote administratotion. Here i will try to provide as much information i can.
SSH : (Secure Shell) : It is used to access or log in to a remote machine on the network,using its host name or IP address. Its a secure network data exchange protocol which came up as an enhancement of insecure potocols like telnet ,rsh,etc. SSH encrypts the bi-directional data transfers using cryptographic algorithms and hence it is away from data theft and sniffing.
Here we go with basic functions of SSH Protocol :
> Compression
>Public Key Authentication
>Port Forwarding
>Tunneling
>X11 Forwarding
>File Transfer
It seems to be a complete package for remote administration.
To install SSH Package in Linux based systems , here I am writing command for some distros
1> Debian :
# apt-get install openssh-server
# apt-get install openssh-client
2> Ubuntu
# sudo apt-get install openssh-server
# sudo apt-get install openssh-client
3> RHEL
# rpm -ivh openssh-server
# rpm -ivh openssh-client
4> fedora
# yum install openssh-server
# yum install openssh-client
now i guess you can install both the packages on your machine by issuing respective installation command. In case of windows OS , It does not support SSH as default protocol so we need to use third party agent like puTTy , "Ssh tunnel easy" or any other software. Now lets proceed to see working of ssh protocol. :)
>>>Basic Operations:
1> Remote login
root@sanju]# ssh user@hostname /* we can provide IP address of server in place of hostname
OR
root@sanju]# ssh hostname (this command is equal to ]# ssh root@hostname because we are trying to login from root of our machine to root of remote machine)
It might be possible you may not get connection even after ssh daemon is running on remote machine because system admin has configured SSH daemon to listen to anon-standard port such as 459 instead of 22. In this case you can issue a command to connect via desired port i.e.
root@sanju~]# ssh -p 459 hostname
After all above commands you will be prompted for password and after having proper credential you can access remote machine.
>>> Executing remote commands
Now Lets have some fun :
root@sanju~]# ssh remote-ip 'command'
e.g.
root@sanju~]# ssh hostname 'uname -a' (It will show kernel version and information about OS)
You can also fire this command to host >>> root@sanju~]# ssh user@hostname 'reboot' :P
>>> Input/Output redirection
First let's have a look to these command
echo "hackersgallery" demofile
cat < demofile equivqlent to "cat demofile"
i guess you can easily get what above command is doing. In first command string "hackersgallery" is directed to a file named "demofile" . In second command file "demofile" is directed to "cat" command.
Now move further :
echo hello|command1|command2
here "|" is pipe operator. It uses output of one command as Input to the another command. We can use any number of pipe serially e.g.
root@sanju]# echo "hackersgallery" | tr -d 'l'
output will be > hackersgaery
you can try out some more clubbbing of operators to get interesting results :
root@sanju]# ssh user@remotehost 'cat /etc/passwd | grep root'
SSH protocol also supports data transfer with compression
root@sanju~]# ssh -C user@remotehost
>>> File Transfer
Two data transfer utilities that will help you are SCP and SFTP. SCP stands for secure copy, We can use it to copy data from local machine to remote machine , remote machine to local machine or remote machine to remote machine.
>> local machine to remote machine
scp local_file_path user@remotehost::destination_file_path
>> remote machine to local machine
scp user@remotehost : remote_file_path local_destination_file_path
>> remote machine to remote machine
scp user1@remotehost1 user@remotehost2
We can even use wildcards to select file if we dont know exact name of file we want to get
scp :/home/*.txt /home/sanju/
SFTP stands for secure file transfer protocol.It is secure implementation of of the traditional FTP protocol . we can issue a command as
sftp user@remotehost (after entering password we'll enter sftp prompt)
sftp>
some of the commands that are available under sftp are:
>cd - to change directory on remote machine
>ls - to list remote directory content
>lcd - to change directory on local machine
>lls - to list local directory content
>put - to send or upload files to remote machine from current working directory of local machine
>get - to recieve or download files from remote machine to current working directory of local machine
RUNNING X-WINDOWS REMOTELY
To enable X11 Forwarding , edit ssh_config file
root@sanju~]# vi /etc/ssh/ssh_config
ForwardX11 yes
save and exit
Now to launch GUI apps remotely execute ssh command with X-option. e.g.
root@sanju~]# ssh -X root@remotehost 'vlc'
PORT FORWARDING
One of the important use of SSH is port forwarding, SSH allows you to forward port from client to server and server to client. There are two types of port forwarding Local and Remote. In local port forwarding ports from the client are forwarded to server ports ,Thus the locally forwarded port will act as the proxy port for port on the remote machine.
Local port forwarding
root@sanju~]# ssh -L local_port:remote_host:remote_port e.g.
ssh -L 2020:remotehost:20
here it forwards local port 2020 to remotehost's SSH port 22 , Thus we can use
ssh localhost -p 2020 instead of "ssh remotehost"
In remote port forwarding, ports from server are forwareded to a client port , Thus ports on the remote host will act as the proxy for ports on the local machine.
What is the use of remote forwarding?
Suppose you have local machine that lies inside an internal network connected to the Internet through a routeror gateway- If we want to access the local machine from outside the network , it is impossible to access it directly ,But by forwarding the local ports to a remote host,we can access the local machine through ports of remote host.
so our command will be
ssh -R remoteport :remotehost:localport e.g.
ssh -R 2020:remotehost.com:22
To SSH to the local machine from outside the internal network, we can make use of "remotehost.com " as
ssh remotehost.com:2020
SOCKS4 Proxy
SSH has an interesting feature called dynamic port forwarding with which the SSH TCP connection will work as SOCKS4 proxy.By Connecting to the given port,it handles SOCKS data transfer requests.
What is the use of dynamic port forwarding?
Lets suppose you have a machine on a network that is connected to the internet and you have another machine on the same network that does nothave ant internet connection. By using SSH Dynamic port forwarding you can easily access the internet by setting up the machine with an internet connection to act as the SOCKS4 proxy using SSH tunnel.
For dynamic port forwarding use following command:
ssh -D 3000 remotehost
now in your browser specify proxy setting as:
SOCKS4
hosts : localhost
port : 3000
to enable DNS service in firefox,navigate to about :config page and set
network.proxy.socks_remote_dns = true
There are many more things about SSH that are still to be learned . At last let us write a single shell script to reboot all the switched-on machines in the network.
#!/bin/bash
base_ip="192.168.0.";
for machine in $base_ip{1..255};
do
ping -c2 $machine &> /dev/null ;
if [$? -eq 0];
then
ssh $machine reboot ;
fi
done
<<==================================================>>
regards
sanjeev
No comments:
Post a Comment