Archive

Articles taggués ‘ssh’

Munin: Monitoring the “unreachable” hosts

08/01/2019 Comments off

Source: munin-monitoring.org
There are a number of situations where you’d like to run munin-node on hosts not directly available to the Munin server. This article describes a few scenarios and different alternatives to set up monitoring. Monitoring hosts behind a non-routing server.

In this scenario, a *nix server sits between the Munin server and one or more Munin nodes. The server in-between reaches both the Munin server and the Munin node, but the Munin server does not reach the Munin node or vice versa.

To enable for Munin monitoring, there are several approaches, but mainly either using SSH tunneling or “bouncing” via the in-between server.

SSH tunneling

The illustration below shows the principle. By using SSH tunneling only one SSH connection is required, even if you need to reach several hosts on “the other side”. The Munin server listens to different ports on the localhost interface. A configuration example is included. Note that there is also a FAQ entry on using SSH that contains very useful information.

MuninSSHForwarding

Bouncing

This workaround uses netcat and inetd/xinetd to forward the queries from the Munin server. All incoming connections to defined ports are automatically forwarded to the Munin node using netcat.

MuninPortForwarding

 

Utiliser la commande ssh-copy-id depuis Mac OSX

06/01/2019 Comments off

Comment rendre la commande ssh-copy-id disponible sur Mac OS X

Si vous avez tenté d’utiliser la commande ssh-copy-id sur Mac OS X, vous avez dû vous rendre compte que, même si openssh est installé nativement, cette commande n’est pas disponible.

Heureusement, cette commande est un simple script qu’il suffit de copier au bon endroit, de lui donner les bons droits et SURPRISE la commande est disponible.

Et comme je suis sympa, eh bien je vous donne tout ça. 😉 Pour commencer le script ssh-copy-id

Ensuite, la méthodologie à suivre pour le mettre en place:

  • Télécharger le fichier
  • Déplacer le fichier dans le répertoire /usr/bin
  • Lui donner les droits nécessaires
$ chmod 755 /usr/bin/ssh-copy-id

Edit

Si vous utilisez homebrew, il existe un package pour faire la même chose :
brew install ssh-copy-id

 

Source: Mikael Randy

Categories: Système Tags: , , ,

Debian/Ubuntu Linux: Restrict an SSH user session to a specific directory by setting chrooted jail

03/01/2019 Comments off

Source: nixCraft

I setup a web-server. I need to grant a user ssh access but I do not trust users. How can I limit user session to a specific directory such as /home/httpd/$USERNAME? How do I set up a ssh chroort jail on a Linux operating systems?

You can interactive shell with special root directory on a Linux or Unix-like systems. You can set the pathname (such as /home/httpd/foo) of a directory to chroot to after authentication. All components of the pathname must be root owned directories that are not writable by any other user or group. After the chroot, sshd changes the working directory to the user’s home directory.

Say hello to ChrootDirectory directive

From the sshd_config man page:

The ChrootDirectory must contain the necessary files and directo ries to support the user’s session. For an interactive session this requires at least a shell, typically sh(1), and basic /dev nodes such as null(4), zero(4), stdin(4), stdout(4), stderr(4), arandom(4) and tty(4) devices. For file transfer sessions using « sftp », no additional configuration of the environment is necessary if the in-process sftp server is used, though sessions which use logging do require /dev/log inside the chroot directory.

Lire la suite…

Categories: Système Tags: , , , ,

Set Up SSH Tunneling on a Linux / Unix / BSD Server To Bypass NAT

23/12/2018 Comments off

I‘m a new Linux / Unix system user. How can I set encrypted tunnel between my desktop/laptop computer and server in a remote data center to bypass the limits in a network? How do I create a reverse SSH tunnel on Unix-like systems?

SSH tunnelling can be thought as a poor-man’s-VPN. It is handy in situations where you would like to hide your traffic from any body who might be listening on the wire or eavsdropping.

You can use such tunnel between your computer and your Unix/BSD/Linux server to bypass limits placed by a network or to bypass NAT, and more.
Lire la suite…

Categories: Réseau, Système Tags: , ,

Linux/Unix: OpenSSH Multiplexer To Speed Up OpenSSH Connections

20/12/2018 Comments off

Source: nixCraft

How can I multiplex SSH sessions by setting up a master session and then having subsequent sessions go through the master to speed up my ssh connection on a Linux or Unix-like operating systems?

Multiplexing is nothing but send more than one ssh connection over a single connection. OpenSSH can reuse an existing TCP connection for multiple concurrent SSH sessions. This results into reduction of the overhead of creating new TCP connections. First, you need to set a ControlMaster to open a Unix domain socket locally.

Lire la suite…

Categories: Système, Tutoriel Tags: ,