• Home
  • The Song
  • The Avatar
  • The Cat
  • Contact the Cat

Gyp the Cat dot Com

Useful SSH Commands (Including Mac OSX)
internet

Useful SSH Commands (Including Mac OSX)

SSH Port Forwarding Examples

SSH is a very flexible and very useful tool for those of us working across multiple systems sometimes in multiple locations.  Here are a few SSH commands I regularly use and include mostly SSH port forwarding.  I use all these commands regularly on Linux and Mac OSX and they all work quite happily!

You’ll need to run all these commands from Terminal on your Mac, or Terminal on Linux.  The exact same logic also works fine with PuTTY on Windows too but you’ll have to dig around the various options to find all the sections.

The following command opens a port on my local machine and forwards it to a remote machine.  The useful part of this command is it looks like my connections are coming from the intermediate host.

ssh -L [local port]:[remote host]:[remote port] [user]@[intermediate host]

So for example if I want to connect to an RDP server at 1.2.3.4 via SSH and I want it to look like it’s coming from 5.6.7.8 (if there is IP filtering on a firewall for instance), I’d use the following command:

ssh -L 3389:1.2.3.4:3389 [email protected]

All I need to do is open up my RDP client and point it at localhost and I’ll connect through to 1.2.3.4.

If I want to do something similar but say want to use a proxy server on 1.2.3.4 I’d use a command like the following:

ssh -L 8080:1.2.3.4:8080 [email protected]

Although this one isn’t specifically port forwarding it still operates in a similar logic fashion. Sometimes we can’t access an SSH daemon from where we are and we need to go through an intermediate host, we use the following context:

ssh -t [user]@[remote machine we can access] ssh [user]@[remote machine we can’t access]

For example:

ssh -t [email protected] ssh [email protected]

SSH Certificate Based Logons

Sometimes it’s very good to be able to logon without needing a password.  For instance if we want to run commands but don’t want an interactive logon on a remote machine, or if you have multiple users of the same machine.

Firstly you need to generate yourself a key, you can then use this same key on numerous different machines.

[alert style=”red”] Be warned if you have an SSH certificate already this will overwrite it!  Check in ~/.ssh in your home directory if you have an files that may look something like id_rsa or id_dsa.  So if you depend on it then don’t run this command.  If you do have files in here you can jump down to the section about ssh-copy-id.[/alert]

Type in the following to create our public and private key pair:

ssh-keygen -t rsa

You will be greeted by some prompts, you can press enter to accept the defaults:

Enter file in which to save the key (/Users/gyp/.ssh/id_rsa): [enter]
Enter passphrase (empty for no passphrase): [enter]
Enter same passphrase again: [enter]
Your identification has been saved in /Users/gyp/.ssh/id_rsa.
Your public key has been saved in /Users/gyp/.ssh/id_rsa.pub.
The key fingerprint is:0b:03:a6:9e:[redacted]:64:64:2e:93:d5:[redacted] [email protected][yourmachine].companya.local
The key’s randomart image is:
+–[ RSA 2048]—-+
|        . o.     |
|       . oo.     |
|    o + .  o     |
|   o B    E      |
|  [redacted]        |
| . . = o .       |
|  o.. . .        |
|  ..+o           |
|   [redacted]          |
+—————–+

Now with ssh-copy-id we are ready to copy it to our remote machine, run the following on Linux:

ssh-copy-id [user]@[remote machine]

For example:

ssh-copy-id [email protected]

If you’re on a Mac you may have to go through the following (since Mac OSX doesn’t have the ssh-copy-id command installed by default):

scp ~/.ssh/id_rsa.pub [user]@[remote machine]
ssh [user]@[remote machine]
cat id_rsa.pub >> ~/.ssh/authorized_keys
logout

Now if you try ssh [user]@[remote machine] it shouldn’t ask you for a password.

If you use this method a lot don’t forget to backup your keys up somewhere safe where you can get them but no one else can!

Related

Written by gyp - June 20, 2013 - 2790 Views
Tags | internet, linux, security, ssh, ubuntu

You Might Also Like

Bonding Interfaces on Ubuntu 12.04LTS

March 12, 2014

Spammers Ignore MX Records

October 8, 2010

ISC(2) CISSP Revision Notes – Business Continuity and Disaster Planning

November 25, 2013

No Comment

Please Post Your Comments & Reviews
Cancel reply

Your email address will not be published. Required fields are marked *

Previous Post
Next Post

Latest Posts

  • Kusto Geolocation IP Lookup
  • Monitoring Tor Usage in Azure Sentinel, ASC, MDATP and ALA
  • HTTP to HTTPS Redirect on Azure CDN
  • Strongswan IPSec (Including Cryptomap) to Microsoft Azure Virtual Network Gateway
  • Black Ops 3 NAT Type Strict & PS4 NAT Type 3 with pfSense Fixed!
  • Sorry for the lack of posts
  • How to Block Internet Access with Group Policy (GPO)
  • Enforcing Microsoft Office 365 and Azure Tennancy with McAfee Web Gateway (MWG)
  • Scanning Subnet for Issuing Certificate Authority with OpenSSL
  • How to Configure Windows 2012 NPS for Radius Authentication with Ubiquiti Unifi

Top Posts & Pages

  • How to Block Internet Access with Group Policy (GPO)
    How to Block Internet Access with Group Policy (GPO)
  • IPSec VPN Host to Host on Ubuntu 14.04 with strongSwan
    IPSec VPN Host to Host on Ubuntu 14.04 with strongSwan
  • How to fix Mail Loops Back to Myself
    How to fix Mail Loops Back to Myself
  • ISEB Business Analysis (BA) Revision Notes
    ISEB Business Analysis (BA) Revision Notes
  • HTTP to HTTPS Redirect on Azure CDN
    HTTP to HTTPS Redirect on Azure CDN
  • How to Configure Windows 2012 NPS for Radius Authentication with Ubiquiti Unifi
    How to Configure Windows 2012 NPS for Radius Authentication with Ubiquiti Unifi
  • 3 Ethical Dilemma for Information Security Professionals
    3 Ethical Dilemma for Information Security Professionals
  • Using SSH as a SOCKS VPN on Mac OS
    Using SSH as a SOCKS VPN on Mac OS
  • Why Does Lightening McQueen Stick His Tongue Out?
    Why Does Lightening McQueen Stick His Tongue Out?
  • Black Ops 3 NAT Type Strict & PS4 NAT Type 3 with pfSense Fixed!
    Black Ops 3 NAT Type Strict & PS4 NAT Type 3 with pfSense Fixed!

Tags

apache2 azure azure log analytics blops business centos cheating cissp cloudflare cryptography dns game google gyp internet iphone ipsec isc linux mac marketing microsoft mw2 mx mysql nginx pfsense postfix proxy ps3 qualification radius revision security seo smtp socks squid ssh strongswan tinyproxy ubuntu windows 2012 wordpress xdecrypt.com
Gyp the Cat dot Com

Some rights retained Gyp the Cat Dot Com