Posts Tagged ‘SSH’
Send Ctrl-A to sessions in SCREEN
By chys on November 27th, 2008C-A servers as the command hotkey in SCREEN. To send Ctrl-A to the session in SCREEN, simply use C-A a.
Example: the shell in SCREEN calls ssh, and SCREEN is again used in the remote machine. To detach the session in the remote SCREEN, press C-A a d.
This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.
SSH without password
By chys on November 21st, 2008Log into the client end and run ssh-keygen (In some systems parameter -t rsa is needed).
Then append ~/.ssh/id_rsa.pub (client end) to file ~/.ssh/authorized_keys (create it if not present) at the server end.
Done!
This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.
Tags: SSH
Always start denyhosts with sshd
By chys on October 24th, 2008Denyhosts is a small tool that frequently checks SSH daemon logs for incoming requests and put suspective IPs into /etc/hosts.deny.
For some reason, denyhosts was not running in recent days in my machine. (It should be automatically started at boot time, but was not.) Today I restarted it, and 7 IPs were immediately banned. They are from all around the world: 1 from US, 1 from Germany, 1 from Turkey, 1 from Armenia, and the rest 3 from China (respectively Xiamen University, Tianjin Netcom, and Qingdao Guangdian).
I then checked /var/log/messages, and found 5236 attacks in the last 5 days.
Yes, hackers all around the world are doing all kinds of brute-force attacks. Last summer, I found someone was using my anonymous proxy at port 3128, which had been open for just a few hours, to send hundreds of spams.
This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.
tcpdump
By chys on October 24th, 2008I wanted to find out if remote X creates a lot of network flows, so I logged into a remote computer with “ssh -Y“, started xclock, and then typed tcpdump. Then screen began scrolling up crazily like this:
13:21:00.694367 IP xxx.xxx.xx.xx.45762 > 192.168.1.3.ssh: . ack 60640 win 2003 <nop,nop,timestamp 191668683 75287130>
13:21:00.694430 IP 192.168.1.3.ssh > xxx.xxx.xx.xx.45762: P 70416:70464(48) ack 113 win 501 <nop,nop,timestamp 191668683 75287200>
Was X sending/receiving lots of data even if it seems to be idling? It shouldn’t be so silly.. And… Finally I realized what a big mistake I had made… It was like putting a microphone against a loudspeaker…
This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.
SSH with X
By chys on October 22nd, 2008Just successfully started FCITX and typed Chinese in OpenOffice remotely..
X11 forwarding should be first enabled both at the server and client ends.
At the server end, put “X11Forwarding yes” in /etc/ssh/sshd_config, restart SSH daemon and it should be able to forward X11 requests.
At the client end, connect with “ssh -X
Host *
ForwardX11 yes
ForwardX11Trusted yes
The last line is not needed if “ssh -X” works. In some circumstances only “ssh -Y” does, then ForwardX11Trusted is necessary.
ps1. If network is slow, “-C” (compress) may help.
ps2. X must be running with “-nolisten” argument, which (I guess) is the default in most distributions.
This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.
