<< Click here to Goto HomePage


Monday, October 30, 2006

How to use SSH :: A basic step-by-step guide

There are a couple of ways that you can access a shell remotely on most Linux/Unix systems. SSH, which is an acronym for Secure SHell, was designed and created to provide the best security when accessing another computer remotely. Not only does it encrypt the session, it also provides better authentication facilities as well as features like X session forwarding, port forwarding and more so that you can increase the security of other protocols. It can use different forms of encryption ranging anywhere from 512 bit on up to as high as 32768 bits.

Simple connect

The first thing we'll do ijavascript:void(0)
Publishs simply connect to a remote machine. This is accomplished by running 'ssh hostname' on your local machine. The hostname that you supply as an argument is the hostname of the remote machine that you want to connect to. By default, ssh will assume that you want to authenticate as the same user you use on your local machine. To override this and use a different user, simply use username@domain.com as the argument:

ssh username@domain.com

The first time around, it will ask you if you wish to add the remote host to a list of known_hosts, go ahead and say yes.

X11 session forwarding
You can login to a remote desktop machine and run some X windows program like Gnumeric, Gimp or even Firefox and the program will run on the remote computer, but will display its graphical output on your local computer. The key to making it work is using the -X option, which means "forward the X connection through the SSH connection"

ssh -X username@domain.com

and run the application from the remote console. If you get a "DISPLAY is not set" error, it means that sshd isn't configured to accept session forwarding. To enable this, open /etc/ssh/sshd_config in a text editor and uncomment (or add) the following line:

X11Forwarding yes

TCP Port Forwarding

Like X11 session forwarding, SSH can also forward other TCP application level ports both forward and backwards across the SSH session that you establish. For example, you can setup a port forward for your connection from your home machine to work.company.com so that it will take connections to localhost port 3306 and forward them to the remote side mysql.company.com port 3306.

ssh -L 3306:mysql.company.com:3306 username@work.company.com

where -L is the local port. Again, the option AllowTcpForwarding yes should be enabled in sshd_config.

You can also reverse the direction and create a reverse port forward. This can be useful if you want to connect to a machine remotely to allow connections back in. For instance, I use this sometimes so that I can create a reverse port 22 (SSH) tunnel in order to reconnect through SSH to a machine that is behind a firewall once I have gone away from that network:

ssh -R 8022:localhost:22 username@my.home.ip.address

This will connect to my home machine and start listening on port 8022 there. Once I get home, I can then connect back to the machine I created the connection from, using the following command:

ssh -p 8022 username@localhost

SOCKS5 proxy

You can set a SOCKS5 proxy similar to port forwarding, except you don't have to specify the address that you want to forward to:

ssh -D 1324 username@domain.com

Run commands over SSH

Sometimes, you don't really want to run a shell like Bash on the host you are connecting to. Maybe you just want to run a command and exit. So simply run:

ssh username@domain uptime

and it will print the current time, uptime, users and so on.

Keep SSH connection alive

If for whatever reason, your session just dies after X minutes of inactivity (idle), you can simply fix this problem by adding the following lines to ~/.ssh/config :

Host *
Protocol 2
ServerAliveInterval 60

This tricks many firewalls that would otherwise drop the connection to keep your connection going.


  1. Anonymous said,

    thanks for ssh articles, it is very easy to understand

    on 9/13/2007 9:56 AM

  2. Anonymous said,

    thanks for easy to understand SSH blog

    on 9/13/2007 9:58 AM