User Tools

Site Tools


docs:tips_n_tricks:ssh.html

SSH

Reverse SSH Tunnel

Imagine you need access from a remote system to a local system, that is allowed to open ssh sessions to the remote system, but the remote system is not allowed to access your local services. This can be solved by using ssh tunnels.

To enable access to a service on port 389 on a local system for the remote system client, open an ssh tunnel to the remote system by

ssh -R 10389:localhost:389 -f -N client

Now, you can access the local service on localhost:10389 on the remote system.

Transport Terminal Encoding

To transport your local LC_CTYPE setting to the remote host, use the line

Host *
   SendEnv LC_CTYPE

in ~/.ssh/config

Avoid waiting for GSSAPI timeout

On some systems, ssh connects seem to be slow due to waiting for GSSAPI authentication timeout. This can be avoided by the following config in ~/.ssh/config:

Host *
  GSSAPIAuthentication no

List Fingerprints

To verify the keys in your .ssh/authorized_key file, you can list the fingerprints by:

ssh-keygen -l -f .ssh/authorized_keys

Lock Keys in Agent on Mac OS X (maybe BSD)

eval `SSH_ASKPASS=/usr/local/bin/ssh_askpass.sh ssh-agent`
ssh-add -c [keyfile]  
ssh -A <remote-host>

/usr/local/bin/ssh_askpass.sh:

#! /bin/sh

exec xmessage -buttons 'Yes:0,No:1' "$@"

Get rid of "PAM service(sshd) ignoring max retries; 6 > 3"

Add

MaxAuthTries 3

to /etc/ssh/sshd_config

References

docs/tips_n_tricks/ssh.html.txt · Last modified: 10.06.2017 13:50 CEST by peter