I want to create a service that will allow me to display documents and media (think PDF and JPEG) that are stored in the filesystem of a remote server to which I connect by ssh. X11 forwarding doesn't cut it because it's too slow. Instead I want to design a protocol that will copy files from the remote system on demand, then display them.
My question is twofold:
How do I acquire a port on the remote machine? Since I may have multiple connections going, I cannot simply use a single well-known port—I will have to allocate a port dynamically.
Once I have my port, how do I communicate it to the display applications on the remote machine? SSH X11 forwarding communicates by setting the DISPLAY environment variable, and agent forwarding communicates by setting the SSH_AUTH_SOCK environment variable. Perhaps I can do something creative with a remote command?
I welcome any ideas.
Do you really need a remote port? If you can ssh into the remote machine, why not run a command and send data back over the ssh command, like rsync, Mercurial, Git, and so on do. SSH can provide an 8-bit clean connection, so it's just like having a socket connection.
To be clear, what i am suggesting is:
SSH from origin to the destination
In the SSH session, run a command on the destination that writes data to its standard output
The standard output is sent over the SSH connection from destination to origin
Collect the data that emerges from the standard output of SSH on the origin machine
There is then no need to open a particular port on either the origin or the destination.
Indeed, if what you really want is "a protocol that will copy files from the remote system on demand", how about SCP, SFTP, or rsync over SSH?
Related
I am fairly new to ssh and still learning it. Recently I have made a tunnel connection with an ssh host and managed to successfully transfer data/files from my machine to the server with the command: scp file.extension user#hostIP:/directory/directory.
While this was successful, I am kinda struggling to reverse it, sending data/files from the server to the client. How would one go about completing that? Do I need to make some changes to ssh_config or just CLI commands are enough?
You need to change the order:
scp user#hostIP:/directory/directory file.extension
that's accomplishing the invert operation, off course, assuming that the address is correct, the file exists and you have the necessary privileges.
I have a machine that I want to setup an SFTP connection to. The SSH server is running properly, I can ssh into it from my client computer, and I can SFTP in from my smartphone. I'm just a bit confused on how to properly configure the ~/.netrc file. The server computer is running Ubuntu, the client computer is running OSX.
Here are my main requirements for what I'm trying to configure:
Alias. I don't have a DNS name for the computer I'm connecting to, just the IP address. ~/.ssh/config is great because it basically assigns aliases to connections, and then specifies the hostname, port, etc. Looking at the man page for ~/.netrc, I don't see a way to do this.
Private Key. This SFTP connection is validated using a private key. I don't see anything in the ~/.netrc man page about how to specify the key.
If ~/.netrc is the wrong way to go, what alternatives would be better?
I'm working on a project that requires me to run my code on a remote Unix server, that is not available to connect to directly (you first have to log in to the "gate" node and then to this server).
What's really bad is that they disabled key authentication, so each time I need to ssh into it, I have to type in my password twice. It's really annoying and I wonder what's the best way to transfer my local modifications of source files to this server, compile and run them without having to provide those passwords so many times.
I have no sudo access to any of those servers (neither to this "gate", nor to this target server). Any ideas on how to make the whole process more efficient?
EDIT: Martin Prikryl provided a great answer below, but it's suitable for Windows and I'm on a Mac :) I guess it might be a good thing to have it documented here also for *NIX systems.
You are looking for SSH tunneling.
WinSCP SFTP client supports one-hop SSH tunneling natively.
See the Tunnel page on WinSCP Advanced Site Settings dialog.
I assume that after you transfer the file, you need to open SSH terminal to compile the file.
You may be able to make use of WinSCP Console window for that step.
Alternatively, if you need/want to use a real SSH terminal client, make use of an existing SSH tunnel, created by WinSCP, and connect with PuTTY (or any other SSH client) over it.
In the Local tunnel port of WinSCP Tunnel page, select a fixed port number (instead of the default Autoselect). In PuTTY enter "localhost" to Host Name and the selected port in Port.
(I'm the author of WinSCP)
I'm using winexe to communicate with Windows running inside a virtual machine on my Linux system, to perform various test scenarios. I really don't want to have to be root to start the VMs.
When I start my Linux virtual machines, which I control with SSH, I simply map the SSH port (22) to a different, non-reserved port (>1024; say 19000). So I can start the VM without requiring root privileges. Then I use ssh -p 19000 ... when I want to ssh to the VM, and it works great.
But I cannot find a way to have winexe choose a different port than the default (I'm not sure what the default port is, actually; does it use 445 like SMB?). Is there a way to do it?
Note I cannot run an SSH server on Windows; because of my test environment requirements I can't add an SSH server to the virtual machines. Plus even if I were allowed I've had nothing but pain trying to get an SSH server to work reliably on Windows.
Winexe source code shows that the client-server communications happen over SMB in named pipes. As if you would write into unix pipes over nfs.
This results that it is very unlikely, that you can change the port. Maybe you can do that on the Linux side, but you have probably no way to do that in your Windows VM.
I'd like to use a server between two machines (with no static IP). The only IP known to me is the server's IP address. I'd like to build/use a system that listens to 2 different ports within the server and whatever is received from localhost:portA is sent to localhost:portB and vise versa. Consequently, both machines (with java apps) can communicate through the server in the middle.
Please what is the best solution to do this. I'm working on linux system and I thought of using an SSH java API (hudson / ganymed-ssh-2) to build a port forwarding server application.
Some issue:
1) determining the size of the data transmitted to buffer read or not to forward it to the other port.
2)The speed of reading/writing bytes.
If you can use ssh protocol you can tunnel local or remote ports (this need support on server side). You can also think about an OpenSSH VPN (take a look on ssh -w option, this will create a real VPN (TUN/TAP device is required). ).
You can use the the ssh program. Take a look at the -L and -R options specifically.