Beyond Security: OpenSSH skills

Source: Internet
Author: User
Keywords Nbsp; ssh we can.
Tags access connections display example files gui gui programs host

OpenSSH is an important remote management tool on Linux and is known for its security. It is believed that most users are already familiar with the use of openssh, such as using SSH for remote connections, using SCP, sftp copying files, and so on. But the power of OpenSSH is much more than that, and we will show you the following.

1.x11 forwarding

Using the-X option, you can display GUI programs on remote Linux locally. Log on to the remote system and enable X11 forwarding you can use the following command:

ssh-x user@host

Of course, the x11forwarding parameter of the target system profile/etc/ssh/sshd_config should be set to Yes and the OpenSSH daemon should run.

2. Through the firewall

Beware of malicious attacks similar to firesheep in public networks. A good security approach is to use SSL/HTTPS encryption instead of using plaintext to send information.

We have another option. If we want to avoid firewalls configured to disallow the use of the HTTP/SMTP protocol and establish an SSH security channel, you can use the following command:

ssh-nd 9999 User@hostname

Ports can be adjusted arbitrarily to avoid conflicts with other services.

3. Execute remote command

You do not have to log on, or you can execute commands on the remote system. For example, you can check disk space with the following command:

$SSH host DF

We can even use pipelines, for example:

$ dd IF=/DEV/DSP | Ssh-c user@host DD OF=/DEV/DSP

4. Port forwarding

Now let's discuss the topic of port forwarding. OpenSSH port forwarding is divided into local port forwarding and remote port forwarding, which differs in the direction of port mapping. We use port forwarding to easily bypass firewalls. For example, suppose your work network does not allow access to reddit.com. Please run:

# ssh Yourserver-l 80:reddit.com:80

This allows us to access reddit.com indirectly through "YourServer". If you use the-g parameter, you can allow other computers in the workspace to access reddit.com through your computer:

# ssh Yourserver-l 80:reddit.com:80-g

5.SSH File System

Through the fuse project and the SSHFS project, we can talk about remote SSH mount to local. FUSE4X can be used on Mac platforms.

You can use the following command to simplify the installation of SSHFS:

$ sudo port install SSHFS

We can use the following command to mount:

$ SSHFS remote-host:local-mount-directory

OpenSSH There are many powerful functions to be excavated, welcome to put forward their own views. (Zhang Zhiping/compiling)

(Responsible editor: The good of the Legacy)

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.