I would like to not have to type the user I ssh to a server as when I ssh to said server.
If there was a way I could set ssh to only connect to servers x and y with username z, that would be good. It still has to connect to all other servers with my username.
That seems like the only possibility right now, because I don't want to do any of the following:
change my username
make an alias for ssh ( ssh = ssh -l z )
create a script that is specific for a single server.
I'm starting to think this isn't really possible in the way I want.
create a ~/.ssh/config file or edit your existing one.
and an entry like this;
Host foo
HostName foo.bar.com
Port 22
User username
Then you can just type ssh foo
Related
In my old Windows 10 I have ssh config file that resides in .ssh/config and the content of the file was simple:
# Read more about SSH config files: https://linux.die.net/man/5/ssh_config
Host server1
HostName ip 1 here
User ubuntu
IdentityFile key1
Host server2
HostName ip 2 here
User ubuntu
IdentityFile key2
and I was able to use for example ssh server1 from anywhere in the command line and that did work for me.
Now I did reset my Windows and I did add all the required configuration and when I try to enter my servers using the old way which is ssh server1 I get some message that says permission denied public key.
The solution that is working for me at the moment is just to use this command instead: ssh -F pathtoconfig server1
But I really like the old command, it's just simple and shorter. How can I achieve that?
I try to configure a passwordless ssh connection from server 1 to server 2.
At server 1 the user is called "user1", at the second server the user is called "user2". Can I make a passwordless ssh connection for this constellation somehow?
Normal ssh-keygen + put the content of the id_rsa.pub in the auhtorized_keys of the other server is not working.
Do someone know a possibility for that?
By the way. It is not possible to add a user called "user2" on server 1.
Thanks
You have various options, but the first thing you need to do is put user1's key in the authorized_keys file of user2 on server2. That's basically saying "anyone with this key can claim to be user2". Next you have a couple of options - first, and probably easiest, is to specify the username directly in the ssh command:
ssh user2#server2
To avoid having to remember that each time, add an entry into your .ssh/config file (the file may not exist yet):
Host server2
User user1
Then you'll be able to just do ssh server2.
I'm using SSH tunneling for the first time, so I'm trying to understand how to configure it.
I've got a remote Linux server that hosts a MySQL database that I'm trying to connect to. In order to access the MySQL database directly through a software that only recognizes local databases, I suppose SSH tunneling would be the right way to set up the access, correct?
Now, I'm trying to set up the tunneling on my 'home' computer which is running the software that's trying to access the MySQL database. My first question is whether this is reverse tunneling or normal tunneling? Secondly, is it local tunneling or remote tunneling?
Finally, from what I understand, my code is supposed to look something like
ssh -L 8080:mylinuxserver.mycompany.com:22 myuser#mylinuxserver.mycompany.com
Is this correct? Is my source port '22' since I'm using SSH and is my destination port 8080 (or is there something more appropriate)?
When I try to use the above code, I am able to login using my passphrase (since my key is already in the MyLinuxServer) but when I ping localhost:8080, it cannot find the host.
What am I doing wrong?
I've got a remote Linux server that hosts a MySQL database that I'm trying to connect to
The command should be:
ssh -L 8080:localhost:3306 myuser#mylinuxserver.mycompany.com
Where:
8080: is hte local port on your workstation
localhost: is corresponding to mylinuxserver.mycompany.com
3306: the MySQL port on above localhost.
then connect (from your workstation) to MySQL as:
mysql -h 127.0.0.1 --port=8080
Besides, ping localhost:8080 is wrong. Ping cannot work that way.
Try this:
ssh -f ssh_user#mylinuxserver.mycompany.com -L 3307:mysql1.example.com:3306 -N
Next, to access the mysql your trying to connect to:
mysql -h 127.0.0.1 -P 3307
I manually deploy websites through SSH, I manage source code in github/bitbucket. For every new site I'm currently generating a new keypair on the server and adding it to github/bitbucket, so that I can pull chances from server.
I came across a feature in capistrano to use local machine's key pair for pulling updates to server, which is ssh_options[:forward_agent] = true
How can I do something like this and forward my local machine's keypair to the server I'm SSH-ing into, so that I can avoid adding keys into github/bitbucket for every new site.
This turned out to be very simple, complete guide is here Using SSH Forwarding
In essence, you need to create a ~/.ssh/config file, if it doesn't exist.
Then, add the hosts (either domain name or IP address in the file and set ForwardAgent yes)
Sample Code:
Host example.com
ForwardAgent yes
Makes SSH life a lot easier.
Create ~/.ssh/config
Fill it with (host address is the address of the host you want to allow creds to be forwarded to):
Host [host address]
ForwardAgent yes
If you haven't already run ssh-agent, run it:
ssh-agent
Take the output from that command and paste it into the terminal. This will set the environment variables that need to be set for agent forwarding to work. Optionally, you can replace this and step 3 with:
eval "$(ssh-agent)"
Add the key you want forwarded to the ssh agent:
ssh-add [path to key if there is one]/[key_name].pem
Log into the remote host:
ssh -A [user]#[hostname]
From here, if you log into another host that accepts that key, it will just work:
ssh [user]#[hostname]
To use it simply with the default identity (id_rsa) you can use the following couple of command:
ssh-add
ssh -A [username]#[server-address]
The configuration file is very helpful but the trick for agent forwarding does the ssh-add command. It seems that this have to be initial triggered before any remote connections or after restart of the computer. To permanently add the key try the following solution from the user daminetreg:
Add private key permanently with ssh-add on Ubuntu
It is very useful :
ssh -i [private-key] -A [user]#[host]
You can set one command in bash_aliases or other command routines.
I need to do some work on a server to which I don't have direct access to. I do have access to my company network (via vpn). If I were on that network, I could access the server directly. But, for some reason when I'm on the vpn, I can't access the server directly.
So, I need to ssh into an intermediary ubuntu box, and then create an ssh tunnel from that box to the server.
Then, I can do my work on my laptop and send it through a local tunnel that points to a foreign tunnel (on my ubuntu box) that goes to the server.
But I don't know how to do a tunnel that creates another tunnel to a third server.
Any ideas?
Thanks,
Scott
What are you trying to achieve? If you just want to get to a shell on the server then ssh into the Ubuntu box and then ssh from there to the server.
If you want to access some other network resource on the server then you want to forward a port from the server (where you can't get to it) to the Ubuntu box (where you can). Take a look at the -L option in ssh.
Edit:
Copying files to the server:
tar c path/* | ssh ubuntuName 'ssh serverName "tar x"'
Copying stuff back:
ssh ubuntuName 'ssh serverName "tar c path/*"' | tar x
Obviously you need to change ubuntuName, serverName and path/* to what you want. To use rsync you need the -E option and the same trick of wrapping one ssh command inside another. After reading your comment I'd say that the most general answer to your question is that the trick is making ssh execute a command on the target machine. You do this by specifying the command as an argument after the machine name. If you use ssh as the target command for ssh to execute then you get the two-hop behaviour that you are looking for. Then it is just a matter of playing with quotes until everything is escaped correctly.
It's just a double port forward. Forward the ports from the PC to the ubuntu box, then on the ubuntu box forward those destination ports to the final endpoint. It's been a while since I've done command line ssh (been trapped in windows hell :)), so I can't give the command line you need. Another possibility is to use the SOCKS proxy ability built into SSH.
To connect from your local machine over a second machine to a specific port on the third machine you can use the ssh -N -L option:
ssh -N second_machine -L 8080:third_machine:8082
This maps the Port 8082 on the third machine to port 8080 on the local machine (eg. http://localhost:8080/ ).