Superhero Ninja

Tag: SSH

  • Using SSH to host a local git repository (simplest way)

    I shift laptops and devices a lot, and mounting storage is not ideal between devices. For my use case I decided I liked a git repo the best for document storage (markdown files)

    To be able to access that repo I wanted it to be accessible on my server, from my home via SSH. (Remotely I use VPN to my home network to sync)

    When searching for remote Git repositories I mostly see paid alternatives or fullblown Git servers being advertised. That is too much functionality for me, and not necessary.

    Solution

    1. Create repo on server
    2. Clone repo on client(s) via ssh

    These are all that’s necessary, and it’s so much simpler than using Git servers.

    1. Create repo (on server)

    # connect to your server
ssh yourserver
# change directory to your project
cd /git
# create a git repo
git init --bare notesmygoats.git

    2. Clone repo on client(s)

    # cd into the directory which will contain your git repo
cd /home/notetaker/documents
#git clone the remote repo
git clone yourserver:/git/notesmegoats.git
Cloning into 'notemegoats'...
remote: Enumerating objects: 3, done.
remote: Counting objects: 100% (3/3), done.
remote: Total 3 (delta 0), reused 0 (delta 0), pack-reused 0
Receiving objects: 100% (3/3), done.

    Tips

    Use links to create structure

    The directory /git/ is a link to a folder in my storage. I like to use links to create logical structure, that’s completely personal though.
    If you can SSH into a server, you can use any directory for the git repo, just make sure you replace the clone command with the directory you’re actually using:

    git clone yourserver:/home/youruser/mygitrepo

    Bare repository

    Copied from https://www.atlassian.com/git/tutorials/setting-up-a-repository/git-init

    The –bare flag creates a repository that doesn’t have a working directory, making it impossible to edit files and commit changes in that repository. You would create a bare repository to git push and git pull from, but never directly commit to it. Central repositories should always be created as bare repositories because pushing branches to a non-bare repository has the potential to overwrite changes. Think of --bare as a way to mark a repository as a storage facility, as opposed to a development environment. This means that for virtually all Git workflows, the central repository is bare, and developers local repositories are non-bare.

  • Using SSH to forward the same local port to multiple external hosts

    Okay, this is kinda awesome :-), I got my geek on 🙂
    My application is connecting to a cluster of external servers but my application can configure hostname but can’t configure port.
    So I wanted to connect to a remote cluster using SSH tunneling, but I was unable to forward everything because the port binding to localhost (127.0.0.1) can only be used once.
    Then I saw that you can use multiple loopback addresses! See this page: https://en.wikipedia.org/wiki/Loopback
    Basically you can bind the portforward to 127.0.0.2, 127.0.0.3 till 127.255.255.254, that should provide enough addresses, right!? 🙂
    So I can use multiple port forwards from my localhost(s) to the six remote hosts like this:

    ssh somedomain.com \
-L 127.0.0.1:9042:external-node1.somedomain.com:9042 \
-L 127.0.0.2:9042:external-node2.somedomain.com:9042 \
-L 127.0.0.3:9042:external-node3.somedomain.com:9042 \
-L 127.0.0.4:9042:external-node4.somedomain.com:9042 \
-L 127.0.0.5:9042:external-node5.somedomain.com:9042 \
-L 127.0.0.6:9042:external-node6.somedomain.com:9042

  • Create a simple HTTPS server with OPENSSL S_SERVER

    This post will mostly serve as a reference for future posts, the goal is to create the simplest HTTPS webserver possible, which will serve to test certificates, authentication via private keys and in the end; configure SSL offloading to an Apache HTTPD, which will act as a proxy between your client and the secure endpoint.
    GOAL: At the end of this article, you will have a running secure web server which you can access via your web browser and/or via an SSL client. (more…)

  • Remove host from SSH KnownHosts file without seeing the hostname

    This post is mostly a bookmark for myself. I’ve been using search engines way too often to find this command..
    The command to remove a host from a knownhosts file without seeing the actual hostname in the knownhosts file is the following:
    [code]ssh-keygen -R HOSTNAME[/code]
    (more…)

  • SSH Remote Execute command, multiple command and with interaction

    This article shows how to execute remote commands via ssh, but you’ll send the commands from your own shell.
    [code highlight=”1″]
    ssh my_server ‘ls -l /home/my_home_dir’
    [/code]
    This will result in this output:
    [code highlight=”1″]
    $ ssh ae2 ‘ls -lha ~’
    total 36K
    drwxr-xr-x 2 joris joris 4.0K Jan 23 11:42 .
    drwxr-xr-x. 5 root root 4.0K Jan 23 11:41 ..
    -rw-r–r– 1 joris joris 54 Jan 23 11:41 .bash_logout
    -rw-r–r– 1 joris joris 507 Jan 23 11:41 .bash_profile
    -rw-r–r– 1 joris joris 213 Jan 23 11:41 .bashrc
    -rw——- 1 joris joris 51 Jan 23 11:42 .history
    -rw-r–r– 1 joris joris 171 Jan 23 11:41 .kshrc
    -rw-r–r– 1 joris joris 375 Jan 23 11:41 .profile
    -rw-r–r– 1 joris joris 153 Jan 23 11:41 .vimrc
    [/code]
    What’s even better, is that you can run multiple commands separated with a semi colon, like this:
    [code highlight=”1″]
    ssh my_server ‘ls -l /home/my_home_dir;whoami’
    [/code]
    And the best trick is this one, user input with an interactive command, sending input and output back and forth!
    [code highlight=”1″]
    ssh -t my_server ‘vi ~/.bash_profile’
    [/code]

  • SSH: Different settings (keys!) for different hosts

    There’s a simple way to create aliases in a SSH config file. This way you can connect way easier to different hosts, combined with this blog post to use keys to log in.
    Where you used to use this connect string:

    ssh [email protected]
[email protected]'s password: <<enter boresome password>>

    You can now just enter

    ssh pi

    Where “pi” is the alias that you’ll be using!
    The only thing you’ll need to do is create the following file:
    [[ ~/.ssh/config ]]

    Host pi
  HostName 192.168.0.5
  User pi
  << (!) Only add below line if you're using keys to log in >>
  IdentityFile ~/.ssh/keys/raspberry_key

    Aint that awesome!?
    Ps. If you’re still being asked to enter your password, check your keys and please look at this blog post I wrote.
     

  • SSH without password

    SSH is one of the most friendly deamons in the Linux toolbox, you can port forward your home server, you can surf the internet via your own proxy server, you can transfer files, it’s the first thing I set up on a freshly installed box and by far the most used service around my home (yeah, that’s nerdy) 🙂
    This post will outline how you can create a public and private RSA key pair, and then we will use that key pair to authenticate ourselves to another computer in the network.
    We will need to complete the following steps:

    1. Create a public/private rsa key pair
    2. Copy the public key to the remote host via ssh-copy-id
    3. Login to the remote system without a password

    Create a public/private rsa key pair

    If you haven’t created a rsa key pair yet, we can create it with this command:

    ssh-keygen

    As shown in this screenshot:
    Screenshot from 2014-07-28 21:28:18If you have previously created a key pair, you will be asked to replace this.
    For my home machines I don’t use a passphrase, if you’re more paranoid (or careful) you can do so. Please read this article for more info on passphrases and how to use them.
    The keys have been generated in /home/yourloginname/.ssh and are called id_rsa and id_rsa.pub.
    Never, never send someone your private (id_rsa) key! That is the same as handing over your house keys..

    Copy the public key to the remote host via ssh-copy-id

    This step should be repeated for all hosts to which you want to SSH with the newly created RSA key pair.
    The command used is:

    ssh-copy-id -i ~/.ssh/id_rsa [email protected]

    Screenshot from 2014-07-28 21:30:35
     
    You will need to enter your password one last time, after that your public key is added to the authorized_keys file, which is automatically created on the target system.
    After this step you don’t need to use a password any more!

    Login to the remote system without a password

    Just SSH into the remote system:
    Screenshot from 2014-07-28 21:32:01
    And wonder what you’re gonna do with all that extra time you’ve just won because entering passwords belongs to the past… 🙂
     
     

  • SSH through a proxy to a remote server

    I wanted to SSH into my home server from my workplace but I couldn’t reach it directly because of the way the network was set up.
    As it turns out it is quite easy to do by using the corkscrew program.
    Edit ~/.ssh/config and add the following lines:

    Host home joris.his.homeserver.com
    Hostname joris.his.homeserver.com
    User joris
    ProxyCommand corkscrew proxyserveraddress proxyserverport %h %p

    The most important part is the ProxyCommand, this lets your ssh client know that it should use corkscrew as a proxy to your host. %h means the host of your remote server, %p means the port of your remote server.