Herramientas de usuario
wiki2:ssh
Diferencias
Muestra las diferencias entre dos versiones de la página.
| Ambos lados, revisión anterior Revisión previa Próxima revisión | Revisión previa | ||
|
wiki2:ssh [2022/02/28 09:21] alfred [Old method to create a key] |
wiki2:ssh [2022/05/25 07:38] (actual) |
||
|---|---|---|---|
| Línea 111: | Línea 111: | ||
| UsePAM yes | UsePAM yes | ||
| </code> | </code> | ||
| + | |||
| + | Añade un fichero ''.profile'' a /home/alfred no encriptado con el siguiente contenido: | ||
| + | <code> | ||
| + | /usr/bin/ecryptfs-mount-private | ||
| + | cd | ||
| + | source .profile | ||
| + | </code> | ||
| + | |||
| + | De esta forma te pedirá el password para desencriptar el directorio home, pero podrás acceder a él. Si no lo haces, piensa que tu clave está encriptada, se ha de tener una sesión abierta incluso para poder montarlo. | ||
| + | |||
| + | ==== Opción alternativa ==== | ||
| + | * https://superuser.com/a/312878 | ||
| + | |||
| + | <code> | ||
| + | # Make your public key accessible | ||
| + | mkdir -m 700 /home/.ecryptfs/$USER/.ssh | ||
| + | echo $YOUR_PUBLIC_KEY > /home/.ecryptfs/$USER/.ssh/authorized_keys | ||
| + | ln -s /home/.ecryptfs/$USER/.ssh/authorized_keys ~/.ssh/authorized_keys | ||
| + | ecryptfs-umount-private | ||
| + | chmod 700 $HOME | ||
| + | mkdir -m 700 ~/.ssh | ||
| + | ln -s /home/.ecryptfs/$USER/.ssh/authorized_keys ~/.ssh/authorized_keys | ||
| + | |||
| + | # Make it auto-mount with first login. | ||
| + | # Note: it can cause problems with automated login. | ||
| + | echo /usr/bin/ecryptfs-mount-private > ~/.profile | ||
| + | echo cd >> ~/.profile | ||
| + | echo source .profile >> ~/.profile | ||
| + | ecryptfs-mount-private | ||
| + | </code> | ||
| + | |||
| ===== SSH Tunel ===== | ===== SSH Tunel ===== | ||
| <code> | <code> | ||
| Línea 135: | Línea 166: | ||
| ssh -R "0.0.0.0:81:0.0.0.0:8000" webapps | ssh -R "0.0.0.0:81:0.0.0.0:8000" webapps | ||
| </code> | </code> | ||
| - | Este ejemplo sirve el puerto 81 de la interface 0.0.0.0 en webapps, redirigido a la interface local 0.0.0.0:8000. | + | Este ejemplo sirve el puerto 81 de la interface 0.0.0.0 en webapps, redirigido a la interface local 0.0.0.0:8000. Es decir, cualquier petición que llegue por la 81 a webapps será mapeada al puerto local 8000 donde una app puede estar escuchando. Se puede escribir así también: ''ssh -R 81:0.0.0.0:8000 webapps'' (tengo dudas de si el 0.0.0.0 es necesario). |
| - | Para que pueda funcionar directamente necesitarás cambiar la configuración por defecto de ''/etc/sshd_config'', concretamente el valor: | + | 📌 Para que pueda funcionar directamente necesitarás cambiar la configuración por defecto de ''/etc/sshd_config'', concretamente el valor: |
| <code> | <code> | ||
| GatewayPorts no | GatewayPorts no | ||
| Línea 169: | Línea 200: | ||
| the same as myserver. To make that transparent you should add an entry to the hosts file. If you don't | the same as myserver. To make that transparent you should add an entry to the hosts file. If you don't | ||
| do that vhosts will not work. If you want a SOCKS-proxy connection you could also use | do that vhosts will not work. If you want a SOCKS-proxy connection you could also use | ||
| + | |||
| $ ssh -D 5000 user@myserver | $ ssh -D 5000 user@myserver | ||
| This will create a SOCKS-proxy on localhost port 5000 which routes all requests through myserver. | This will create a SOCKS-proxy on localhost port 5000 which routes all requests through myserver. | ||
| Línea 197: | Línea 229: | ||
| </code> | </code> | ||
| + | |||
| + | ==== Tunnels, port mapping table ==== | ||
| + | |||
| + | ^ Command ^ Meaning ^ | ||
| + | | ssh -L 8000:127.0.0.1:8000 dev | You are mapping the port 8000 from the ''dev'' host to localhost, port 8000. Now you can connect to ''localhost:8000'' and ''dev:8000'' will respond. | | ||
| + | | ssh -L 8000:127.0.0.1:8000 -L 5432:127.0.0.1:5432 dev | You are mapping the port 8000 and 5432 from the ''dev'' host to localhost, both on the same portport 8000. As previous but two. | | ||
| + | | ssh -R 8000:127.0.0.1:8000 shappsrv | You are mapping the port 8000 from ''localhost'' to the ''shappsrv'' host. When a request arrives to ''shappsrv:8000'' it will be redirected to ''localhost:8000''. | | ||
| + | | ssh -D 1337 -q -C -N webapps | You are creating a SOCKS5 proxy in local host to ''webapps'', port 1337. It will make any connection done to this port to outside as it was from webapps. | | ||
| + | |||
| + | Parameters: | ||
| + | |||
| + | * ''-q'' Quiet mode. No errors or warnings will be shown. | ||
| + | * ''-C'' Compress communication. | ||
| + | * ''-N'' Do not execute a command. | ||
wiki2/ssh.1646040109.txt.gz · Última modificación: 2022/02/28 10:21 (editor externo)
Herramientas de la página
Excepto donde se indique lo contrario, el contenido de este wiki esta bajo la siguiente licencia: CC Attribution-Noncommercial-Share Alike 4.0 International
