Imagine you need access from a remote system to a local system, that is allowed to open ssh sessions to the remote system, but the remote system is not allowed to access your local services. This can be solved by using ssh tunnels.
To enable access to a service on port 389 on a local system for the remote system client, open an ssh tunnel to the remote system by
ssh -R 10389:localhost:389 -f -N client
Now, you can access the local service on localhost:10389 on the remote system.
To transport your local LC_CTYPE setting to the remote host, use the line
Host * SendEnv LC_CTYPE
in ~/.ssh/config
On some systems, ssh connects seem to be slow due to waiting for GSSAPI authentication timeout.
This can be avoided by the following config in ~/.ssh/config
:
Host * GSSAPIAuthentication no
To verify the keys in your .ssh/authorized_key
file, you can list the fingerprints by:
ssh-keygen -l -f .ssh/authorized_keys
eval `SSH_ASKPASS=/usr/local/bin/ssh_askpass.sh ssh-agent` ssh-add -c [keyfile] ssh -A <remote-host>
/usr/local/bin/ssh_askpass.sh
:
#! /bin/sh exec xmessage -buttons 'Yes:0,No:1' "$@"
Add
MaxAuthTries 3
to /etc/ssh/sshd_config