Connectivity Tips

SSH passwordless login

Let us assume that we want to connect to an SSH server from a Linux client without entering your password each time. We use “cli_ip” and “srv_ip” to represent the ip addresses of the client and server. The steps can be summarised as follows.

Step 1: Create authentication SSH-Kegen keys on the client.

On your client machine run the command:

ssh-keygen -t rsa -b 4096

Step 2: Create .ssh directory on the server.

First, SSH to the server and check if the directory “.ssh” exits on your home directory. Since “.ssh” is a hidden directory, you can check its existence by the following command in the terminal

ls -la

If the directory does not exist, create it by

mkdir .ssh

Step 3: Upload generated public keys from the client to the server

Run the following command to upload the generated public key in Step 1 from the client to the server

cat .ssh/id_rsa.pub | ssh your_username@srv_ip 'cat >> .ssh/authorized_keys'

Step 4: Set directory permissions on the server

Due to different SSH versions on servers, we need to set permissions on .ssh directory and authorized_keys file. First, SSH to the server and then run the following commands

chmod 700 .ssh 
chmod 640 .ssh/authorized_keys

Step 5: Login from client to server without password

Now you should be able to remotely login to the server srv_ip from client cli_ip with SSH without entering your password

ssh your_username@srv_ip 

Persistent SSH Connection using autossh

“Autossh” is a program that starts a copy of ssh, monitors it, and restarts the connection if necessary. To install autossh on Debian/Ubuntu you can run

sudo apt-get install autossh

and to install it on CentOS/Fedora/RHEL you can run

sudo yum install autossh 

It can also be installed on OSX by the following command

brew install autossh

To run autossh, a sample command can be as follows

autossh -M 0 -o "ServerAliveInterval 30" -o "ServerAliveCountMax 3" -o "ExitOnForwardFailure yes" -R 8080:127.0.0.1:80 -R 2222:10.0.0.100:22 -D *:3128 rmt_s rv_ip

The option “-M port[:echo_port]” specifies the base monitoring port to use. Without the echo port, this port and the port immediately above it (port + 1) should be something nothing else is using. Autossh will send test data on the base monitoring port and receive it back on the port above. For example, if you specify “-M 20000”, autossh will set up forwards so that it can send data on port 20000 and receive it back on 20001. Setting the monitor port to 0 turns the monitoring function off, and autossh will only restart ssh upon ssh’s exit. For example, if you are using a recent version of OpenSSH, you may wish to explore using the “ServerAliveInterval” and “ServerAliveCountMax” options to have the SSH client exit if it finds itself no longer connected to the server. In many ways, this may be a better solution than the monitoring port.

Using SSHuttle to tunnel the traffic

“sshuttle” is a transparent proxy server that works as a poor man’s VPN over ssh. You don’t need an admin account on your remote system. It supports DNS tunneling and works with Linux and MacOS platforms.

sshuttle is one of the simplest, yet very powerful way to setup VPN on any network to which you have SSH access. The beauty of this application is you need root access in your local system, but don’t need any administrative access on your remote side.

One can install sshuttle by running

apt-get install sshuttle

Then, to use it as a VPN on your local machine to forward all traffic to the remote server, one can run:

sshuttle -r username@sshserver 0.0.0.0/0

If we would also like our DNS queries to be proxied through the DNS server of the server we are connected to, the following command can be run:

sshuttle --dns -r username@sshserver 0/0