SSH & Me!

Question: What is SSH?

Answer: Secure Shell or SSH is a network protocol that allows data to be exchanged using a secure channel between two networked devices

Here is how I utilize this ssh daemon in my daily life.

!)I have 3 intranet servers ( sshgateway, intrawebmail, and winterminal)
!)Firewall is configured so that I can only ssh to sshgateway from external i.e. My Home.

When I need to configure my linux server @ my office from anywhere,

#ssh root@sshgateway.mydomain.net

Ok internet connection is too slow...

#ssh -C –CompressionLevel=9 root@sshgateway.mydomain.net

Oh, I configured my server not to listen on port 22 (default sshd port) for security reason.

#ssh -p 443 root@sshgateway.mydomain.net

I must ssh to intrawebmail to fix some problems,but I can only access to sshgateway.

#ssh -t root@sshgateway.mydomain.net ssh root@intrawebmail

Now I get access to intrawebmail server.

Fixed! I need to check webmail from intrawebmail that is only accessible in office.

#ssh -L 8080:intrawebmail:80 root@sshgateway

1)In firefox, go to Tools>Option>Advanced>Network>Setting
2)In SOCKS host  127.0.0.1 port 8080
Now I can check my office webmail from outside.

How about my winterminal? Is it healthy?

#ssh -L 3389:interminal:3389

1)Now I can remote desktop to 127.0.0.1 that redirect to winterminal.

From public internet hot spot, I want to check my bank account. Network is not secure.
So, I will tunnel my traffic through my office network.(Some may call it "Bypassing Firewall")

#ssh -D 9999 root@sshgateway.mydomain.net

1)In firefox, go to Tools>Option>Advanced>Network>Setting
2)In SOCKS host  127.0.0.1 port 9999
Now my traffic is encrypted and  I can check my bank account securely

One of my friends asks me to help with setting up a linux server. Although I want to help, his server is in Myanmar and I can not ssh to it because it is extremely protected by ISP.

What I do is:
I ask him to ssh to my sshgateway from his highly protected server;

#ssh -R 9999:127.0.0.1:22 root@sshgateway.mydomain.net

Then, on my sshgateway server , I ssh back to his linux server by using:

#ssh -p 9999 root@localhost

Now I can ssh to a host behind NAT and Firewall.

LAST BUT NOT LEAST

Now you know how we can utilize SSH in various ways. But let me remind you that running a ssh host on internet is not as easy as you think.

Believe it or not: everyday I get 5 to 13 report emails from my ssh server that tell  
“ Some body is attacking ssh server by using bruteforcing............... and blah blah blah”

If you don't give enough attention to this log messages , somebody may be able to root your server one day. That compromised ssh daemon can even put you into jail.

Don't worry! I will show you how to secure ssh server, but not now. LATER.......

Hope it gives you some knowledge......
netlynker

Q: What is the best remote administration tool for Windows??
A: A car!