What is a good basic iptables config? Basic rules needed: Allow incoming TCP to 22 for SSH but blocks all others. Allow outgoing TCP/UDP connections. You may consider using the following rules as a start: for tables in iptables ip6tables ; do # Flush existing rules $tables -F # Default policy $tables -P INPUT DROP […]
Posts tagged SSH
87 posts in total.
How to use iptables to limit rates new SSH incoming connections from each IP on Linux?
How to use iptables to limit rates new SSH incoming connections from each IP on Linux? For example, at most 6 SSH connection attempts every 60 seconds. You may use these rules (skip the first one, if you have set the basic rules): for tables in iptables ip6tables ; do # Allow established inbound connections […]
How to kick off a user on a Linux box?
I want to kick off a user such as “bob” on a Linux box which I managed remotely. How to do this? bob may log on the Linux box by various ways: Log on the screen on the Linux box (locally) with a X server. Log on remotely by a ssh shell. Log on by […]
ssh error with message “WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!”
I got an error message when ssh to a server like: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that a host key has just been changed. The fingerprint for […]
How to jump the GFW in mainland China
As is known, you cannot access some banned website in mainland China but we need them sometimes. 1, Download myentunnel from [1] 2, Config your myentunnel according to [2] 3, Download Firefox and config it in the light of [3] 4, Try facebook.com and check if it goes well References: [1] http://www.vpsmm.com/page/MyEnTunnel/ [2] http://linuxroad.blog.51cto.com/765922/1075684 Answered […]
How to unlock a locked SSH terminal accidentally by ctrl-s on Linux?
I find I sometimes lock the SSH terminal accidentally by ctrl-s on Linux. How to unlock/unfreeze it? Ctrl-s: lock the SSH terminal. Ctrl-q: unlock the SSH terminal. Answered by Eric Z Ma.
How to set up a VPN over SSH?
SSH tunnel and port forwarding is great and convenient to use. But is it possible to set up a VPN like connection over SSH? If you are on Linux or Mac, you can use sshuttle: https://github.com/apenwarr/sshuttle If you are on Windows, you can use ProxyCap: http://www.proxycap.com/index.html Both are great software. Answered by Eric Z Ma.
Git branching tutorial
Good tutorials on git branching. The “Git Branching” chapter of Pro Git book is the best one that I ever seen: http://git-scm.com/book/en/Git-Branching It deserve the time to study the whole chapter. If you are working with a git server, this chapter is especially useful: http://git-scm.com/book/en/Git-Branching-Remote-Branches Answered by Eric Z Ma.
Running Chrome over SSH tunnel
How to run Chrome on remote host over a SSH tunnel? This way, I can access resource that can only be accessed inside the remote host’s network. Running Chrome over a SSH tunnel is much easier than running Firefox over SSH from a Linux host: First, ssh to the remote host with -X option: ssh […]
Direct multi-hop ssh connection
How to use multi-hop ssh connection without needs to ssh multiple times? As a example, you are connecting to server.example.com through proxy.example.com from laptop.example.com as follows: laptop —-> proxy —-> server 2 possible methods: Method 1: Use the similar method as in Directly SSH to hosts using internal IPs through the gateway. Add this to […]
How to improve ssh/scp performance on Linux?
ssh/scp are convenient and handy tools on Linux. Is is possible to further improve its speed/performance? Please check this post for how to improve ssh/scp performance: https://www.systutorials.com/5450/improving-sshscp-performance-by-choosing-ciphers/ Answered by Eric Z Ma.
Directly SSH to hosts using internal IPs through the gateway
We have many hosts with internal IPs like 10.0.3.* behind a gateway, say gateway.example.org. The hosts with internal IP connect to the Internet through the gateway. How to directly SSH to hosts using internal IPs through the gateway? Here is the solution: Directly SSH to Hosts with LAN IPs Through the Gateway Answered by Eric […]
Rsync with non-standard ssh ports
This problem appears when I try to rsync directories with hosts inside a cluster used NAT for forwarding ports to internal nodes. Hence, the ssh port for internal nodes are not the default 22. So, how to use rsync with the non-standard ssh ports? The -e options of rsync play the trick very well. For […]
How to use different keys for different git servers?
I have access to different git servers. I have several keys for these servers. How to use different keys for different git servers? Use the .ssh/config file to specify different configuration for different SSH servers used by git: For example: Host git.example.org Port 22111 IdentityFile ~/.ssh/id_rsa.git.example.org Host code.example.org Port 22 IdentityFile ~/.ssh/id_rsa.code.example.org which specifies the […]
Shared hosting services with SSH enabled
Which shared hosting services have SSH enabled? SSH is a great tool for management and development. Lots shared hosting services support SSH. Here is a non-complete list: Dreamhost SSH on dreamhost: http://wiki.dreamhost.com/Enabling_Shell_Access BlueHost SSH on BlueHost: http://my.bluehost.com/cgi/help/180 GoDaddy SSH on GoDaddy: http://support.godaddy.com/help/article/4942 HostGator SSH on HostGator: http://support.hostgator.com/articles/hosting-guide/lets-get-started/how-do-i-get-and-use-ssh-access HostMonster SSH on HostMonster: http://my.hostmonster.com/cgi/help/180 ServerGrove SSH on […]
How to save PuTTY profiles/sessions?
PuTTY is a great SSH client on Windows. However, how to save it’s profiles/sessions that I saved so that I can migrate my settings from one machine to another? PuTTY saves its settings in the registry of Windows. You can find it in the registry editor by run regedit under: HKEY_CURRENT_USERSoftwareSimonTatham You can save your […]
How to spawn a background process in a bash script
For example, I want to spawn many ssh background processes in one bash script: for i in `cat ./all-hosts` do ssh $i “ifconfig | grep Link” done Simply adding a & to the ssh commands does not work. Here is the script that works: for i in `cat ./all-hosts` do ssh $i “ifconfig | grep […]
Force Linux to reboot
How to force Linux to reboot when the reboot command does not work. Enable the use of the magic SysRq option: # echo 1 > /proc/sys/kernel/sysrq Reboot the machine: # echo b > /proc/sysrq-trigger Answered by anonymous. Even if you could not log on the system but sshd is working, you can force the Linux […]
How to print the text in a web page?
How to efficiently print a webpage? E.g. I want to only print the text for some pages but with figures for some other pages. I tried to copy the webpage to a document, but the format turns to be just terrible. One good tool that I use is PrinterFriendly which can convert a webpage to […]
How to activate or deactivate a Linux host with Gnome remotely?
I have a Fedora Linux server with Gnome 3. I want to lock / unlock the remote Gnome desktop remotely. How to activate or deactivate it remotely through SSH? Use gnome-screensaver-command. It is not specific to Gnome 3. Turn the screensaver on (blank the screen): $ gnome-screensaver-command -a If the screensaver is active then deactivate […]
