A chronological documentation test project, nothing serious, really!

13 Feb 2008 My custom putty settings

This is a quick note of my custom putty settings in Windows

Putty configuration

Category: Session
Connection type: SSH

Category: Window
Lines of scrollback: 20000

Category: Window > Appearance
Font: Lucida Console, 9-point
Font quality: ClearType
Gap between text and window edge: 3

Category: Window > Translation
Character set: UTF-8
Handling of line drawing characters: Unicode

Category: Window > Selection
Action of mouse buttons: xterm
Paste to clipboard in RTF as well as plain text: enabled

Category: Window > Colours
ANSI Blue: Red:74 Green:74 Blue:255
ANSI Blue Bold: Red:140: Green:140 Blue:255

Category: Connection
Seconds between keepalives (0 to turn off): 30

Category: Connection > SSH > X11
Enable X11 forwarding: enabled

X11 forwarding is enabled to to let me access remote X applications in Windows using Xming.

Tags: , ,

Posted by

20 Jan 2008 Use ssh on multiple servers simultaneous

If you have many servers to manage and want to perform the same tasks on each of the machine every day, then you should look at the package named clusterssh.

Install the clusterssh package

apt-get install clusterssh

Perform the same command on the three servers server1 server2 and server3

cssh server1 server2 server3

This opens three ssh consoles, one for each server, and a little console for you to type your commands.

Tags: , ,

Posted by

09 Jan 2008 SFTP in batch mode

This post describes how you use sftp in batch mode. If you don’t want to type in your password read my SSH without a password post.Create a file named myCommands.sftp that contains the commands you want to run. My file looks like this

# Change to your desired directory locallylcd /data/Hattori# Change to the desired directory on the remote servercd /backup# Transfer all remote files locallyget *# We're done with this sessionbye

Next you run the sftp session

sftp -b myCommands.sftp

That should be all that is necessary to download your files from the remote server.This example could easily have been extended with a crontab entry.

Tags: , ,

Posted by

09 Jan 2008 SSH Without a Password

The following steps can be used to ssh from one system to another without specifying a password.

  • The system from which the ssh session is started via the ssh command is the client.
  • The system that the ssh session connects to is the server.
  • These steps seem to work on systems running OpenSSH.
  • The steps assume that a DSA key is being used. To use a RSA key substitute ‘rsa’ for ‘dsa’.
  • The steps assume that you are using a Bourne-like shell (sh, ksh or bash)
  • You should consider the security risks before implementing this feature


  1. On the client run the following commands:
  2. $ mkdir -p $HOME/.ssh
  3. $ chmod 0700 $HOME/.ssh
  4. $ ssh-keygen -t rsa -f $HOME/.ssh/id_rsa -P ''

    This should result in two files, $HOME/.ssh/id_rsa (private key) and $HOME/.ssh/ (public key).

  5. Copy $HOME/.ssh/ to the server.
  6. On the server run the following commands:
  7. $ cat >> $HOME/.ssh/authorized_keys2
  8. $ chmod 0600 $HOME/.ssh/authorized_keys2
  9. Depending on the version of OpenSSH the following commands may also be required:

    $ cat >> $HOME/.ssh/authorized_keys
    $ chmod 0600 $HOME/.ssh/authorized_keys

    An alternative is to create a link from authorized_keys2 to authorized_keys:

    $ cd $HOME/.ssh && ln -s authorized_keys2 authorized_keys
  10. On the client test the results by ssh’ing to the server:
  11. $ ssh -i $HOME/.ssh/id_rsa server
  12. (Optional) Add the following $HOME/.ssh/config on the client:
    Host server
    IdentityFile ~/.ssh/id_rsa
  13. This allows ssh access to the server without having to specify the path to the id_rsa file as an argument to ssh each time.


    Posted by

20 Dec 2007 Limit ssh access by MAC-address using iptables

This is a simple iptables rule to allow ssh access to a specific MAC-address

iptables -A INPUT -p tcp --destination-port 22 -m mac --mac-source XX:XX:XX:XX:XX:XX -j ACCEPT

This is a nice rule to allow only your laptop ssh access on your servers no matter what IP-address you may have while you are on the road. You do offcourse need to replace XX:XX:XX:XX:XX:XX with your actual MAC-address.

After allowing this rule you should keep an eye on your laptop :)

Tags: ,

Posted by