Tag: ssh
Restricting access to SFTP / SCP
by Mostafa on Oct.18, 2009, under How To ..., Linux, Software
rssh is a tool that allows SFTP/SCP for file transfers over SSH but denies shell access — useful for preventing users from running commands on the system. More details are available on the tool’s homepage.
I first came across it on this page.
SSH Blacklisting
by Mostafa on Nov.29, 2007, under How To ..., Linux, Software
After getting around 1500 failed ssh login attempts a day for a while on a server I manage, I decided to look into tools that automatically blacklist offending IPs.
Sshblack fits the bill perfectly. A HOWTO (including an init-script) for REDHAT-like systems is available from the OSS Watch Wiki.
SSH automatic reconnect on timeout
by Mostafa on Mar.15, 2006, under How To ..., Linux, Software
There may already be some builtin option that allows a client to reconnect when a timeout occurs but I was too lazy to look through the man pages. So I came up with line of bash commands that will do just that:
$ while [ 1 ]; do ssh user@host.domain; sleep 120; done
This will keep reconnecting to the host 120 seconds after a connection drops out for whatever reason. This is specially handy to make sure that a remote tunnel stays open. Right now I use it to reach a single host (A,http) on a remote private network from home (B) via another machine in the private network (C) and an intermediate SSH server (D):
-
[user@C ~]$ while [ 1 ]; do ssh -R someport:A:80 user@D; sleep 120; done
-
[user@B ~]$ ssh -L 80:localhost:someport user@D
-
[root@B ~]# echo "127.0.0.1 A" >> /etc/hosts
Now it is possible to type “http://A” and visit the site from B as easily as from within the remote private network.
Proxy Bypass
by Mostafa on Jan.10, 2006, under How To ..., Linux, Software
I guess it’s usual for every institution to have a central firewall/proxy that all internal traffic must go through to reach the outside world. I am by no means paranoid about security/privacy but it got me thinking.
… And once again, SSH to the rescue! It almost feels like the possibilites of a SSH tunnel with Local port forwarding are limitless 😀
I just picked up a public German proxy from this page:
http://www.publicproxyservers.com/index.html
And then setup a SSH connection to forward local port 8080 to proxy:port. Then for the browser I just set localhost:8080 as the proxy.
Well, the speed is a little short of astounding but it’s very much usable 😀 Now all that the central firewall/proxy should be seeing is a bunch of encrypted traffic.