IPG Doc

User Tools

Site Tools

Trace:
ssh-remote

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
ssh-remote [2007/02/13 09:10] damirssh-remote [2007/08/01 18:00] (current) damir
Line 1: Line 1:
 ====== HowTo connect to servers using SSH ====== ====== HowTo connect to servers using SSH ======
  
-To connect to server, local or remote, you can use the **ssh** client program. When you start a connection to the server using this program, the two machine involved, encrypt all the network traffic generated, so nobody can spy on your connection and see what you are doing. This kind of connection is the only available if you want to use terminal session to connect to our server, no matter if the connection is made locally or from a remote workstation.+To connect to server, local or remote, you can use the **ssh** client program. When you start a connection to the server using this program, the two machine involved, encrypt all the network traffic generated, so nobody can spy on your connection and see what you are doing. __This kind of connection is the only one available if you want to use terminal session to connect to our servers__, no matter if the connection is made locally or from a remote workstation.
  
-==== Connecting to server ====+ 
 + 
 + 
 + 
 + 
 + 
 +===== Connecting to server =====
  
 All you have to do in order to connect to a local or remote server is to open a terminal window and use the command All you have to do in order to connect to a local or remote server is to open a terminal window and use the command
  
- ssh <name of the server>+  ssh <name of the server>
  
 where <name of the server> can be the letteral name of the server or his IP Address. If this is the first time you try to connect to the server, the system present the remote key and ask you to confirm the connection. Just answer **yes** to the question and the remote system will ask for your username and password.\\ where <name of the server> can be the letteral name of the server or his IP Address. If this is the first time you try to connect to the server, the system present the remote key and ask you to confirm the connection. Just answer **yes** to the question and the remote system will ask for your username and password.\\
-The username parameter is normally inherithed from the login you are using in the local system, so you have to insert only your password to access the remote system. +The username parameter is normally inherited from the login you are using in the local system, so you have to insert only your password to access the remote system. 
-<note warning+After opening the connection you can work on the server as you where logged on the consolle.\\ 
-If you are using the session of another use, to access the remote server, use the **-l <username>** parameter in order to indicate the username you want use on the remote machine.+<note> 
 +If you are using the session of another user, to access the remote server, use the **-l <username>** parameter in order to indicate the username you want use on the remote machine.\\ 
 +\\ 
 +Windows users can use [[http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html|putty]], a ssh client with graphical interface, or install [[http://www.cygwin.com/|CygWin]], the Linux-like environment for Windows.
 </note> </note>
-After opening the connection you can work on the server as you where logged to the consolle.\\+ 
  
-== I want graphics ==+===== I want graphics =====
  
-With the base connection, as the one explained above, you can't access to the graphical interface of the remote system. In order to start programs that have a graphical interface you must use a specific parameter that instruct the system to forward even the graphics connections.+With the base connection, you can't access to the graphical interface of the remote system. In order to start programs that have a graphical interface you must use a specific parameter that instruct the system to forward even the graphics connections.
  
- ssh -l <username> -Y <remote server>+  ssh -l <username> -Y <remote server>
  
 With the -Y parameter we can start a program on the remote server and his graphical window (if exist) will be displayed on our linux workstation (this works also in windows, if you install CygWin). The program is completely running in the remote server, only the graphical interface is displayed on the local machine. With the -Y parameter we can start a program on the remote server and his graphical window (if exist) will be displayed on our linux workstation (this works also in windows, if you install CygWin). The program is completely running in the remote server, only the graphical interface is displayed on the local machine.
  
 <note tip> <note tip>
-If you use this trick to see the graphical interface of a machine connected on the other side of the planet, check the bandwidth you can use. X11 connection require a lot of bandwidth.+If you use this trick to see the graphical interface of a machine connected on the other side of the planet, check the bandwidth you can use. connection require a lot of bandwidth.
 </note> </note>
  
-== How Access more than one Server == 
  
-In a perfect world, Firewalls dosn't exist, but here on heart, Firewalls are absolutely necessary. Firewalls have just one mission: "block everything suspicious or dangerous that is transmitted on the network". To do this the Firewalls limits the possibilities of connection from remote networks, no mater if the user connecting is good or bad. Of course this means disavantages for the allowed user that can't access directly the servers of the protected network, but must pass from a **gateway**. +===== How Access more than one Server =====
  
-The simple solution is to connect to the gateway and then, from the gateway, open a ssh connection to the remote server. This can be annoying and difficult if you have to  connect to differents remote server at the same time.\\ +In a perfect world, Firewalls doesn't exist, but here on earth, Firewalls are absolutely necessary. Firewalls have just one mission: __//block everything suspicious or dangerous that is transmitted on the network//__. To do this the Firewalls limits the possibilities of connection from remote networks, no matter if the user connecting is good or bad. Of course this means disadvantages for the allowed user that can't access directly the servers of the protected network, but must pass from a **gateway**. 
-A second option is to connect to the gateway, and at the same time open different **tunnels** that permit to connect to the remote server directly.\\+
  
- ssh -l <username> <gateway> -L 2222:<internal linux server>:22+The simple solution is to connect to the gateway and then, from the gateway, open a ssh connection to the remote server. This can be annoying and difficult if you have to  connect to different remote server at the same time.\\ 
 +A second option is to connect to the gateway and, at the same time, open different **tunnels** that permit to connect to the remote server directly.\\
  
-After the correct login in the **gateway**, ssh generate a **tunnel** from the port 2222 of the workstation we are using, to the port 22 of the <internal linux server>. Therefore, we can open another window on the local workstation and from there we can connect to the <internal linux server> directly, pointing the ssh the opened local port:+  ssh -l <username> <gateway> -L 2222:<linux server behind firewall>:22 
 + 
 +After the correct login in the **gateway**, ssh generate a **tunnel** from the port 2222 of the workstation we are using, to the port 22 of the <linux server behind firewall>. Therefore, we can open another window on the local workstation and from there we can connect to the <linux server behind firewall> directly, pointing the ssh to the opened local port:
    
- ssh -l <username> 127.0.0.1 -p 2222+  ssh -l <username> 127.0.0.1 -p 2222
  
 This solution can be useful for connectin even to remote graphical interfaces, as the Remote Desktop used by Windows XP computers: This solution can be useful for connectin even to remote graphical interfaces, as the Remote Desktop used by Windows XP computers:
  
- ssh -l <username> <gateway> -L 3390:<internal windows server>:3389+  ssh -l <username> <gateway> -L 3390:<windows server behind firewall>:3389 
 + 
 + 
 +Or to create a **tunnel** inside another **tunnel** 
 + 
 +  ssh -l <username> <gateway> -L 2222:<linux server behind firewall>:22 
 +  ssh -l <username> 127.0.0.1 -p 2222 -L 3333:<2nd linux server behind firewall>:22 
 + 
 +The two command above must be executed from 2 different terminal windows. 
 + 
 + 
 +===== HowTo connect to a Graphic Interface ===== 
 + 
 +Sometime you have the need to access a server, but this server don't accept terminal connections, it has only graphical interface (yes, we are talking about MS Windows). Even in this case you have some alternatives: 
 + 
 +If the version of Windows running on the server is quite old, you can install the program Real VNC (or some other package that derive from this). This program install in the machine and can be used to access the graphical interface of the Operating System, as if in front of the monitor. Remember that the graphical view you have is the same view that has the user that **is** in front of the monitor of the server. 
 + 
 +If this server is directly connected to Internet (not real smart thing to do!) you can connect to using the **vncviewer** client program directly: 
 +   
 +  vncviewer <address of remote window server> 
 + 
 +else, if the server is behind a Firewall you can connect to the **gateway** and then use a tunnel for the connection to the server: 
 + 
 +  vncviewer -via username@gateway> <address of remote window server> 
 + 
 +The connections used in the first example are in clear from. This means that all the traffic traveling from you laptop and the server is readable to anyone that has access to the routers you use. The second example is more secure, before establishing the vnc session, the system create a ssh connection with the gateway and encrypt all the traffic traveling on the public Internet. 
 + 
 +<note> 
 +Sometime can be useful to access the complete graphical interface of Linux from a remote system. In this case we need to launch the **vncserver** process on the linux server that can be used from remote users to access his graphical interface as happens with windows. 
 +</note> 
 + 
 +A second method to connect to Windows graphical interface is the use of **Remote Desktop** (**rdesktop** for Linux users), both programs use the RDP protocol, developed by MicroSoft. With this client, the users can open a new session on the remote Windows Server and work directly in the graphical interface. The RDP protocol has good performances even on slow connections. To connect to a remote server from a linux workstation open a terminal window and use the command 
 + 
 +  rdesktop <address of remote server> -u <username> 
 + 
 +If the server is behind a Firewall, you have to open a ssh connection to a **gateway** before you can connect to the server. Use the ssh command to open a tunnel and then the rdesktop command to connect to the remote server passing on the tunnel. 
 + 
 +  * Open the tunnel to the remote server 
 + 
 +      ssh -l <username> <gateway> -L 3390:<internal windows server>:3389 
 + 
 +  * Open the rdesktop connection to the remote server passing in the tunnel 
 + 
 +      rdesktop <127.0.0.1>:3390 -u <username> 
 + 
 + 
 +====== ======
  
 +Other useful informations can be found on the manual pages of the commands and on Internet.
  
  
ssh-remote.1171354221.txt.gz · Last modified: 2007/02/13 09:10 by damir