ssh

You are currently browsing articles tagged ssh.

I run SSHd on my Android phone. This means I can copy files via wireless SFTP, and back it up with BackupPC. It beats using USB or Dropbox. With Android 4.1 and up (Jelly Bean), the default umask for files has changed from “000” (users/programs can write to nearly any file) to “077” (users/programs can only write to files they own). This is better, but meanwhile many Android programs expect the old behaviour. QuickSSHd (a 99p Android dropbear SSH server) is one of them.

Read the rest of this entry »

Tags: ,

I like GNU Screen. I also like SSH agent forwarding. Combining these two makes for very easy, password-less, large file transfers between two remote hosts.

Read the rest of this entry »

Tags: ,

Philip continues to play devil’s advocate / script kiddie for my telnet URL handler. My input checker allowed host/port definitions to begin with a hyphen character. That’s an invalid domain name, so I ignored the possibility that someone might try it. Philip used it to pass a switch to the telnet/ssh command.

Read the rest of this entry »

Tags: , ,

After I wrote yesterday’s post, Philip reminded me of the dangers of not validating your inputs. Here is a better telnet/ssh handler which checks the URL passed to it.

Read the rest of this entry »

Tags: , ,

Firefox’s telnet protocol handler in Linux stopped working some time after version 3.0. I manage a network of switches, routers, and other devices with command-line interfaces. Wouldn’t it be nice to be able to click on telnet:// or ssh:// URLs again?

Read the rest of this entry »

Tags: , ,

I’ve been searching for a good remote desktop client for a long time. My requirements are simple. It must:

  1. save passwords
  2. manage connections via the GUI
  3. support VNC and RDP
  4. work with our IP KVM

This last requirement is the kicker. When I change hosts on our Adderview IP KVM, it draws one frame at 0x0 resolution, and then changes to the resolution of the new host. This has crashed every VNC client I’ve tried except xvnc4viewer. Which of course, doesn’t save passwords or have a GUI (the raw X menu when you press F8 does not count).

I have tried KRDC, Vinagre, xtightvncviewer, and a number of simpler command-line VNC clients. They all seem to be designed to support the “my Mom needs tech support” problem, not the “I manage remote servers” problem. KRDC won’t even login to my KVM; it just hangs after authentication. I suppose that’s better than crashing, but it is still a show stopping bug for me.

Read the rest of this entry »

Tags: , , ,

Last week I upgraded from Kubuntu 9.10 “Karmic Koala” to 10.04 “Lucid Lynx”. The word “upgrade” here is misleading, since I chose to reformat to take advantage of filesystem changes. However, I imported much of my customisations from backup. Here are my notes on Lucid, from the perspective of a long-time Kubuntu user.

Read the rest of this entry »

Tags: , , , , ,

You really shouldn’t allow SSH logins via password. This is doubly true for root. On most of my hosts we allow SSH for normal users with a password, but restrict root to SSH keys only. And we always protect against brute force attacks with fail2ban.

If you aren’t already using SSH keys and SSH agent, you should. SSH agent forwarding allows for secure sideways authentication. For example:

Read the rest of this entry »

Tags: ,

Dirty sshfs hack: smount

I love SSHFS. I manage a lot of machines, and I very often want to do something like this:

diff root@server1:/etc/randomrcfile root@server2:/etc/randomrcfile

There are ways to do this with Kompare (a KDE diff app) and the fish:// Kioslave, but not on the command line. SSHFS makes it easy:

mkdir /tmp/server1 /tmp/server2
sshfs root@server1:/ /tmp/server1/
sshfs root@server2:/ /tmp/server2/
diff /tmp/server1/etc/randomrcfile /tmp/server2/etc/randomrcfile

I do this so often that I’ve written my own script to handle this for me, smount. Copy it somewhere in your path, remove the extension (or don’t, as you prefer), and optionally make a copy or symlink called “sumount”. Now you can rapidly mount and unmount multiple hosts.

Read the rest of this entry »

Tags: , ,