msgbartop
A chronological documentation test project, nothing serious, really!
msgbarbottom

20 Jan 2008 Use ssh on multiple servers simultaneous

If you have many servers to manage and want to perform the same tasks on each of the machine every day, then you should look at the package named clusterssh.

Install the clusterssh package

apt-get install clusterssh

Perform the same command on the three servers server1 server2 and server3

cssh server1 server2 server3

This opens three ssh consoles, one for each server, and a little console for you to type your commands.

Tags: , ,

Posted by

09 Jan 2008 SFTP in batch mode

This post describes how you use sftp in batch mode. If you don’t want to type in your password read my SSH without a password post.Create a file named myCommands.sftp that contains the commands you want to run. My file looks like this

# Change to your desired directory locallylcd /data/Hattori# Change to the desired directory on the remote servercd /backup# Transfer all remote files locallyget *# We're done with this sessionbye

Next you run the sftp session

sftp -b myCommands.sftp example.com

That should be all that is necessary to download your files from the remote server.This example could easily have been extended with a crontab entry.

Tags: , ,

Posted by

09 Jan 2008 SSH Without a Password

The following steps can be used to ssh from one system to another without specifying a password.
Notes:

  • The system from which the ssh session is started via the ssh command is the client.
  • The system that the ssh session connects to is the server.
  • These steps seem to work on systems running OpenSSH.
  • The steps assume that a DSA key is being used. To use a RSA key substitute ‘rsa’ for ‘dsa’.
  • The steps assume that you are using a Bourne-like shell (sh, ksh or bash)
  • You should consider the security risks before implementing this feature

Steps:

  1. On the client run the following commands:
  2. $ mkdir -p $HOME/.ssh
  3. $ chmod 0700 $HOME/.ssh
  4. $ ssh-keygen -t rsa -f $HOME/.ssh/id_rsa -P ''

    This should result in two files, $HOME/.ssh/id_rsa (private key) and $HOME/.ssh/id_rsa.pub (public key).

  5. Copy $HOME/.ssh/id_rsa.pub to the server.
  6. On the server run the following commands:
  7. $ cat id_rsa.pub >> $HOME/.ssh/authorized_keys2
  8. $ chmod 0600 $HOME/.ssh/authorized_keys2
  9. Depending on the version of OpenSSH the following commands may also be required:

    $ cat id_rsa.pub >> $HOME/.ssh/authorized_keys
    $ chmod 0600 $HOME/.ssh/authorized_keys

    An alternative is to create a link from authorized_keys2 to authorized_keys:

    $ cd $HOME/.ssh && ln -s authorized_keys2 authorized_keys
  10. On the client test the results by ssh’ing to the server:
  11. $ ssh -i $HOME/.ssh/id_rsa server
  12. (Optional) Add the following $HOME/.ssh/config on the client:
    Host server
    IdentityFile ~/.ssh/id_rsa
  13. This allows ssh access to the server without having to specify the path to the id_rsa file as an argument to ssh each time.

    Tags:

    Posted by

20 Dec 2007 Limit ssh access by MAC-address using iptables

This is a simple iptables rule to allow ssh access to a specific MAC-address

iptables -A INPUT -p tcp --destination-port 22 -m mac --mac-source XX:XX:XX:XX:XX:XX -j ACCEPT

This is a nice rule to allow only your laptop ssh access on your servers no matter what IP-address you may have while you are on the road. You do offcourse need to replace XX:XX:XX:XX:XX:XX with your actual MAC-address.

After allowing this rule you should keep an eye on your laptop :)

Tags: ,

Posted by

07 Dec 2007 Run X programs through ssh

A easy way to run remote X programs (from another host) on your local linux installation is to connect to it via ssh using the -Y switch.

For instance if you would like to run up2date in graphical mode on a remote machine but the server doesn’t have X installed. Then this is a great way of doing it.

On your host

ssh -Y remote_machine_name.com

When you have successfully connected to the remote host you start the up2date command.
up2date

Soon after you will get the up2date windows on your local linux machine.

Your sshd server should have enabled the X11Forwarding directive. This is enabled in your local local machines ssh config /etc/ssh/sshd_config file

X11Forwarding yes

The command you run can be anything else, for instance xterm.

Tags: , , ,

Posted by