Linux¶

October 30, 2021
in Linux, MacOS, Networking
2 min read

Learn SSH: Config File

In this article series, I will explain how to use a command-line terminal to connect to secure shell (SSH) servers, using the config file for quick access to frequently used servers, and setting up an SSH server on macOS, Ubuntu, or CentOS.

Table of Contents:

SSH config file makes it easier to connect to frequently used servers. Here, I start with a simple server setup and then explain how to setup proxy jumps.

SSH config file is located in home directory under .ssh folder:

~/.ssh/config

For each server, add a block of text starting with Host followed by a memorable name for that server.

Host favorite_ssh

Add information like the address of the host on the following line with indentation:

Host favorite_ssh
        HostName ip_or_address_of_server
        User username_at_the_server

Now save the file. To connect to the server, in a terminal window simply type ssh followed by the name you chose in the config file:

$ ssh favorite_ssh

This is equivalent of typing the following command:

$ ssh username_at_the_server@ip_or_address_of_server

You can add the identity file location to the config file as well:

Host favorite_ssh
        HostName ip_or_address_of_server
        User username_at_the_server
        IdentityFile ~/.ssh/my_private_key

which is equivalent of the following command:

$ ssh username_at_the_server@ip_or_address_of_server -i ~/.ssh/my_private_key

You can add multiple servers to the config file:

Host favorite_ssh
        HostName ip_or_address_of_server
        User username_at_the_server
        IdentityFile ~/.ssh/my_private_key

Host favorite_ssh_2
        HostName ip_or_address_of_server_2
        User username_at_the_server_2
        IdentityFile ~/.ssh/my_private_key_2

Host favorite_ssh_3
        HostName ip_or_address_of_server_3
        User username_at_the_server_3
        IdentityFile ~/.ssh/my_private_key_3

You can add a proxy or jump server to the config file as well and use it to connect to your favorite_ssh:

Host proxy_1
        HostName ip_or_address_of_proxy_server
        User username_at_proxy_server
        IdentityFile ~/.ssh/proxy_server_private_key

Host favorite_ssh
        HostName ip_or_address_of_server
        User username_at_the_server
        IdentityFile ~/.ssh/my_private_key
        ProxyJump proxy_1

You can also use wildcards to apply the same setting to a range of IP addresses (10.0.* and 10.1.0.*):

Host proxy_1
        HostName ip_or_address_of_proxy_server
        User username_at_proxy_server
        IdentityFile ~/.ssh/proxy_server_private_key

Host 10.0.*
        User username_at_these_servers
        IdentityFile ~/.ssh/my_private_key_for_all_the_servers
        ProxyJump proxy_1

Host 10.1.0.*
        ProxyJump proxy_1

Now to connect to a server with IP address of 10.0.0.1, you can use the following command:

$ ssh 10.0.0.1

Or to connect to 10.1.0.2 with a username my_user, you can run:

$ ssh my_user@10.1.0.2

Let me know your questions and comments in the comment section.

July 10, 2021
in Linux, MacOS, Networking
2 min read

Learn SSH: CLI Commands

In this article series, I will explain how to use a command-line terminal to connect to secure shell (SSH) servers, using the config file for quick access to frequently used servers, and setting up an SSH server on macOS, Ubuntu, or CentOS.

Table of Contents:

Establish SSH Connection

To SSH to a remote server with a username and password, type the following command in a terminal:

ssh username@server_address

You will be prompted for a password.

To SSH to a remote server with a private key, type the following command in a terminal:

ssh username@server_address -i ~/path/to/private/key

Replace ~/path/to/private/key with the actual path to your private key.

To connect to a remote server on a specific port, use the -p flag:

ssh username@server_address -p port_number

or

ssh username@server_address -i ~/path/to/private/key -p port_number

Replace port_number with the actual port number of the remote server.

Local Forward

To access a remote service, such as a database server on your local machine, you can use local port forwarding:

ssh -L localPort:server_address:remotePort username@server_address

For example, if the service you are trying to access locally is accessible on the remote server on port 5555, you can use the following command to get access to that service on a local port, such as 5657:

ssh -L 5657:server_address:5555 username@server_address

Now you can connect to the service using localhost:5657 or 127.0.0.1:5657.

Remote Forward

To access a local service on the remote server, you can use remote port forwarding:

ssh -R localPort:server_address:remotePort username@server_address

Jumpbox

To access a protected server through another accessible server, use the -j flag. Consider server_a as the jump box and server_b as the protected server you're trying to reach:

Local --> server_a --> server_b

ssh -J username_a@server_a username_b@server_b

If you need to jump through more servers, try the following command:

Local --> server_a --> server_b --> server_c

ssh -J username_a@server_a,username_b@server_b username_c@server_c

Socks Proxy

To access the network and browse the private web pages on a remote server, you can create a SOCKS proxy. Choose a port number for your proxy, such as 8080, and create the link as:

ssh -D 8080 username@server_address

Now, set up a proxy on your local machine/browser to 127.0.0.1:8080 address and port.

Let me know your questions and comments in the comment section.

Next article in the series: SSH Config File

August 13, 2019
in Linux, Programming
1 min read

Install Python 3.7 on CentOS with All Dependencies

In this post, I will go through installing Python 3.7 and all its dependencies on CentOS. Unlike Ubuntu, Python is not readily accessible using yum package manager on CentOS. Therefore, we first need to install a few packages before installing Python.

$ sudo yum groupinstall -y "Development Tools"

$ sudo yum install -y gcc zlib-devel bzip2 bzip2-devel readline-devel sqlite sqlite-devel openssl-devel tk-devel libffi-devel xz-devel gdbm-devel ncurses-devel db4-devel wget

Now that we installed all the dependencies, we need to download the latest Python from its website, https://www.python.org/downloads/:

$ wget https://www.python.org/ftp/python/3.7.4/Python-3.7.4.tgz

Then, we need to extract the files from the archive and configure the installation:

$ tar -xzvf Python-3.7.4.tgz

$ sudo sh Python-3.7.4/configure --enable-optimizations

Finally, we run the following command to install Python:

$ sudo make altinstall

Your Python is now installed in the following folder: /usr/local/bin/

Optionally, you can make a link to access your Python using python3 command:

$ sudo ln -s /usr/local/bin/python3.7 /usr/bin/python3

$ sudo ln -s /usr/local/bin/pip3.7 /usr/bin/pip3

Note, if you cannot access Python by typing python3, you may need to add the following line to your .bashrc file:

export PATH=$PATH:/usr/local/bin/

Note: Your .bashrc is located in your home folder.

Now, disconnect and then connect back to your machine.

Please let me know if you had any questions or concerns in the comment section.

August 12, 2019
in Linux, MacOS, Networking
2 min read

Learn SSH: Introduction to SSH on Unix-Based Systems

In this article series, I will explain how to use a command-line terminal to connect to secure shell (SSH) servers, using the config file for quick access to frequently used servers, and setting up an SSH server on macOS, Ubuntu, or CentOS.

Table of Contents:

So, what is SSH, and why we use it? SSH is a Transport layer protocol. And, we use SSH to create secure tunnels between two machines, or a client and a server. For instance, we can run resource-demanding software on a server to speed up our work or deploy our website on it.

To get started, I recommend installing an Ubuntu server or CentOS minimal using Virtualbox on your computer. Then, open the following file with root privileges using your favorite text editor:

/etc/ssh/sshd_config

For instance, we can use vi to open the file:

$ sudo vi /etc/ssh/sshd_config

This file is the configuration file for the SSH daemon on your virtual machine. Here, we need to make sure the following line is not commented out using # and it is set to yes:

PasswordAuthentication yes

If we make any changes to this file, we need to restart the ssh service using the following command:

$ sudo systemctl restart sshd

Now, we need to find our virtual machine's IP address (host-only adaptor) to connect to it.

Now, we can open up a terminal on our computer (not inside the virtual machine!) and connect to our virtual machine using the username and password we set during server installation:

$ ssh username@virtual_machine_IP_address

In my case, the result looks like this:

$ ssh sina@192.168.56.3
The authenticity of host '192.168.56.3 (192.168.56.3)' can't be established.
ECDSA key fingerprint is SHA256:MyF58hvhnjfyBHdQEl9fkpiGyGMG+b1W2LPfzpUQYu4.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.56.3' (ECDSA) to the list of known hosts.
sina@192.168.56.3's password:
Last login: Mon Aug 12 00:00:00 2019
[sina@localhost ~]$

Now, we are successfully connected to the virtual machine using SSH! We can run any command on the virtual machine using the terminal on our local computer.

Next article in the series: SSH CLI Commands