13 Feb 2008 My custom putty settings
This is a quick note of my custom putty settings in Windows
Category: Session
Connection type: SSH
Category: Window
Lines of scrollback: 20000
Category: Window > Appearance
Font: Lucida Console, 9-point
Font quality: ClearType
Gap between text and window edge: 3
Category: Window > Translation
Character set: UTF-8
Handling of line drawing characters: Unicode
Category: Window > Selection
Action of mouse buttons: xterm
Paste to clipboard in RTF as well as plain text: enabled
Category: Window > Colours
ANSI Blue: Red:74 Green:74 Blue:255
ANSI Blue Bold: Red:140: Green:140 Blue:255
Category: Connection
Seconds between keepalives (0 to turn off): 30
Category: Connection > SSH > X11
Enable X11 forwarding: enabled
X11 forwarding is enabled to to let me access remote X applications in Windows using Xming.
Posted by Hans-Henry Jakobsen
20 Jan 2008 Use ssh on multiple servers simultaneous
If you have many servers to manage and want to perform the same tasks on each of the machine every day, then you should look at the package named clusterssh.
Install the clusterssh package
apt-get install clusterssh
Perform the same command on the three servers server1 server2 and server3
cssh server1 server2 server3
This opens three ssh consoles, one for each server, and a little console for you to type your commands.
Tags: clusterssh, Debian, ssh
Posted by Hans-Henry Jakobsen
09 Jan 2008 SFTP in batch mode
This post describes how you use sftp in batch mode. If you don’t want to type in your password read my SSH without a password post.
Create a file named myCommands.sftp that contains the commands you want to run. My file looks like this
# Change to your desired directory locally lcd /data/Hattori # Change to the desired directory on the remote server cd /backup # Transfer all remote files locally get * # We're done with this session bye
Next you run the sftp session
sftp -b myCommands.sftp example.com
That should be all that is necessary to download your files from the remote server.
This example could easily have been extended with a crontab entry.
Posted by Hans-Henry Jakobsen
09 Jan 2008 SSH Without a Password
The following steps can be used to ssh from one system to another without specifying a password.
Notes:
- The system from which the ssh session is started via the ssh command is the client.
- The system that the ssh session connects to is the server.
- These steps seem to work on systems running OpenSSH.
- The steps assume that a DSA key is being used. To use a RSA key substitute ‘rsa’ for ‘dsa’.
- The steps assume that you are using a Bourne-like shell (sh, ksh or bash)
- You should consider the security risks before implementing this feature
Steps:
- On the client run the following commands:
-
$ mkdir -p $HOME/.ssh
-
$ chmod 0700 $HOME/.ssh
-
$ ssh-keygen -t rsa -f $HOME/.ssh/id_rsa -P ''
This should result in two files, $HOME/.ssh/id_dsa (private key) and $HOME/.ssh/id_dsa.pub (public key).
- Copy $HOME/.ssh/id_dsa.pub to the server.
- On the server run the following commands:
-
$ cat id_rsa.pub >> $HOME/.ssh/authorized_keys2
-
$ chmod 0600 $HOME/.ssh/authorized_keys2
- On the client test the results by ssh’ing to the server:
-
$ ssh -i $HOME/.ssh/id_dsa server
- (Optional) Add the following $HOME/.ssh/config on the client:
Host server IdentityFile ~/.ssh/id_dsa
Depending on the version of OpenSSH the following commands may also be required:
$ cat id_rsa.pub >> $HOME/.ssh/authorized_keys $ chmod 0600 $HOME/.ssh/authorized_keys
An alternative is to create a link from authorized_keys2 to authorized_keys:
$ cd $HOME/.ssh && ln -s authorized_keys2 authorized_keys
This allows ssh access to the server without having to specify the path to the id_dsa file as an argument to ssh each time.
Tags: ssh
Posted by Hans-Henry Jakobsen
20 Dec 2007 Limit ssh access by MAC-address using iptables
This is a simple iptables rule to allow ssh access to a specific MAC-address
iptables -A INPUT -p tcp --destination-port 22 -m mac --mac-source XX:XX:XX:XX:XX:XX -j ACCEPT
This is a nice rule to allow only your laptop ssh access on your servers no matter what IP-address you may have while you are on the road. You do offcourse need to replace XX:XX:XX:XX:XX:XX with your actual MAC-address.
After allowing this rule you should keep an eye on your laptop :)
Posted by Hans-Henry Jakobsen
