Category Archives: System Administration

SSH Tunnelling to Remote Servers, and with Local Address Binding

Posted on by
16

It’s often required to open different kind of connections to a server where there is available just a SSH account (or where only the port 22 is open).
Using ssh tunneling it’s easy to to access any port on the server, or even to connect to any other servers reachable from the server where the SSH account is available.

To access directly (i.e. with MySQL Query Browser) a MySQL service on the remote server, where the access to the port 3306 is denied, the trick is to open a SSH tunnel to the remote server, mapping an arbitrary local port the the remote port 3306. In the following example the local port 5306 is used:

ssh -L 5306:remoteserver.com:3306 remoteuser@remoteserver.com

In this case, the local port 5306 is forwarded (with ssh tunnelling) to remoteserver.com, that attaches the tunnel on its port 3306.
When the tunnel is open, it’s only required to setup MySQL Query Browser to connect on localhost:5306 and the connection will be magically forwarded to the remote server on its port 3306.

Simple ssh tunnelling of a MySQL Connection

Simple ssh tunnelling of a MySQL Connection

It’s even possible to set the remote side of the tunnel to be mapped not on the remote server itself, but on a different host.
For example, if the local computer is not allowed to access IRC servers, an idea could be to use a remote server where a SSH account is available to tunnel the IRC connections.

Here is an example:

ssh -L 8666:ircserver.org:6666 remoteuser@remoteserver.com

In this case the local port 8666 is mapped on the port 6666 of the IRC server ircserver.org, so the local IRC client (i.e. mIRC) should be simply setup to connect on localhost on the port 8666.

SSH Tunnelling to a Different Remote Host

SSH Tunnelling to a Different Remote Host

Finally, other people in the local network might desire to use the tunnel to the remote server (in this example it’s a IRC server). If the client that opened the SSH tunnel has the IP address 192.168.1.1, the other clients on the local network should connect to 192.168.1.1:8666 to reach the remote ircserver.org on the port 6666.

In this last case, it’s important to make sure that the tunnel binds to the correct local IP address.
If the local client has 2 addresses: 127.0.0.1 and 192.168.1.1, it’s useful to open the tunnel binding it on 192.168.1.1. In this way other clients on the LAN can use the tunnel. This is the syntax:

ssh -L 192.168.1.1:8666:ircserver.org:6666 remoteuser@remoteserver.com
SSH Tunnelling with Local Address Binding

SSH Tunnelling with Local Address Binding

Executing Commands and Scripts Remotely with ssh

Posted on by
5

Often it’s required to execute on a remote server a command or a whole bash script.
Not everyone knows that through ssh it’s possible to execute this task.

Here’s the ssh syntax:

usage: ssh [-1246AaCfgKkMNnqsTtVvXxY] [-b bind_address] [-c cipher_spec]
           [-D [bind_address:]port] [-e escape_char] [-F configfile]
           [-i identity_file] [-L [bind_address:]port:host:hostport]
           [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]
           [-R [bind_address:]port:host:hostport] [-S ctl_path]
           [-w local_tun[:remote_tun]] [user@]hostname [command]

In the following example , the ls command is run on the remote server.

ssh remoteuser@remoteserver.com ls

To run a local script on the remote server, it’s required to upload it (through scp), set it as executable and finally run it.

The related example:

scp myscript.sh remoteuser@remoteserver.com:/remotedir/myscript.sh
ssh remoteuser@remoteserver.com "chmod +x /remotedir/myscript.sh"
ssh remoteuser@remoteserver.com /remotedir/myscript.sh

Of course it’s required to type the password after each command (or to use a identity key file)

Looking through the ssh options it’s possible to find many other feature offered by this common command.

Copying Files between Clients and Servers over ssh using scp

Posted on by
Reply

It’s quite common to need to upload or download file between one or more servers and the local computer.

If it’s available a ssh access on the servers, using scp to transfer file from and to the server could be a very good option.

Here’s its syntax:

usage: scp [-1246BCpqrv] [-c cipher] [-F ssh_config] [-i identity_file]
           [-l limit] [-o ssh_option] [-P port] [-S program]
           [[user@]host1:]file1 ... [[user@]host2:]file2

A very simple example:

scp localfilename.txt remoteuser@www.remotehost.com:remotefilename.txt

The previous example copies localfilename.txt from the local directory to the server www.remotehost.com using remoteuser as the ssh account to authenticate on the remote server. On the remote server the transferred file will be stored as remotefilename.txt in the default login directory of remoteuser.

Copying file from and to specific directories:

scp /localdir/localfilename.txt remoteuser@www.remotehost.com:/remotedir/remotefilename.txt

Compared to the previous example, in this case, the file is taken from /localdir/localfilename.txt and stored remotely on /remotedir/remotefilename.txt.
Obviously remoteuser should have write permission on the remote directory where the file is going to be written.

In the next case, the authentication is made through a keyfile, this is the syntax:

scp -i keyfile /localdir/localfilename.txt remoteuser@www.remotehost.com:/remotedir/remotefilename.txt

In this case to login as remoteuser there will not be a prompt for password, but keyfile is used as identity file.

It’s even possible to copy directly files from one server to another

scp firstremoteuser@www.firstserver.com:/filename.txt anotherremoteuser@www.anotherserver.com:/remotedir/remotefilename.txt

Finally one of the best features is to copy recursively directory trees to the remote server:

scp -r /localdirectory remoteuser@www.remoteserver.com:/remotedirectory

In this case, the whole content of localdirectory is recursively copied into remotedirectory. This can be very useful for moving quickly website structures.
I hope you’ve found some useful information in this tutorial.