Remote Login

On this page:

There are different tools to connect to a computer remotely. To secure login on a remote machine:

    ssh -X username@remote_hostname_or_IP
      

The -X option enables the graphical interface, and may not be needed.

One essential tool to transfer files is scp (see below for more details). Another nice program is sftp, an interactive tool allowing secure file transfer and also basic file manipulation. Connect to the remote server as

    sftp username@remote_hostname_or_IP
      

This opens a shell (similar to ftp) with typical basic commands. For example, ls lists the files of the current directory on the remote machine, and lls does the same for the local machine (the same logic applies for other usual commands). The command get remoteFile localFile transfers the remote file to the specified local file. The command put localFile remoteFile transfers the local file to the specified remote file. As usual, the option -r can be used for recursive transfer of directories. A list of available commands can be obtained with help.

How to scp without prompting for password

Whenever you need to use scp (secure copy) to copy files, it asks for passwords. It can get really annoying the fact that the password is asked every time. Fortunately, scp it's easily scriptable.

Suppose we want to copy the file abc.tgz to an account of a remote machine:

    scp abc.tgz user@foo:/documents
      

We can do it without the need of entering the user password, but still in a secure way thanks to ssh.

  1. First, generate a public/private key pair on the local machine:
        ssh-keygen -t rsa
            
  2. Then press Enter and leave blank the passphrase (since we don't want one). Your public key has been saved in ~/.ssh/id_rsa.pub
  3. Copy the content of public key id_rsa.pub just generated to the remote machine. You can use scp to make the copy. If you are logging in as a user, it would be in /home/user/.ssh/authorized_keys. Notice that the authorized_keys file can contain keys from other PCs. So, if the file already exists and contains text, you need to append the contents of your public key file to what already is there.

To retrieve files from the remote machine (e.g., using sftp) without typing a password, the same procedure should be repeated to generate and copy the public key of the remote server to the local machine authorized keys.

Refs: Linux Journal, Jayakara Kini's Weblog

SSH Tunnelling (Port Forwarding)

Basics

A remote machine may only be accessible from another specific one. The connection from the local to the remote machine must then be tunneled through an intermediate one. In the following, capital names are variable. We refer to:

Let's assume that the username is the same on both GATEWAY and REMOTE, and let's call it USERID (but it can easily be adapted with the -l option below).

From the user's machine (LOCAL), open a terminal and execute the following command:

    $ ssh -l USERID -L 7777:REMOTE:22 -l USERID GATEWAY  cat -
      

This will open an ssh connection as user USERID to host GATEWAY and execute the command cat -. The latter command will leave the prompt active without performing other actions. While the session is open, all connections are redirected from port 7777 on the LOCAL machine to port 22 on machine REMOTE. The port 7777 is chosen arbitrarily (make sure not to be in conflict with other local ports), while port 22 is the one usually configured on the remote machine (but it can change).

Opening a browser at http://localhost:7777 should show a page informing you that an ssh connection is active. Leave the terminal open so that the connection will be active. Open another terminal and execute any usual ssh command as needed, for example:

    $ ssh -p 7777 USERID@localhost
    $ slogin -p 7777 USERID@localhost
    $ scp -p -P 7777 USERID@localhost:data/file1.txt .
    $ sftp -oPort=7777 USERID@localhost
      

To perform these operations without prompting passwords, the public keys should be exchanged among the different machines as described previously.

To terminate the ssh tunnel, open the terminal where the servers connection was set up and type ctrl-z.

Further configurations

Is is also possible to connect through several machines:

    $ ssh -l USERID -L 7777:REMOTE1:22 -L 7778:REMOTE2:22 -L 7779:REMOTE3:22 gate cat -
      

It is convenient to define aliases in the shell configuration file and avoid typing all the commands each time. For example, add the following line to ~/.bashrc:

    alias sshwork='ssh -l USERID -L 7777:REMOTE:22  GATEWAY  cat -'
      

Refs: MPCDF.

Prevent SSH session freezing

After a period of inactivity the SSH session may freeze. A simple trick to prevent this is to send a NULL packet, e.g., every 100 seconds to keep the connection alive. To do this change the (client) configuration by adding the following lines to /etc/ssh/ssh_config:

    Host *
    # Add the following line after the existing ones (if any)
        ServerAliveInterval 100