SSH

Installation
Transmission over asymmetrical encryption
Enable X11 forwarding to run GUI programs over SSH
- On server
- On client
SSH-based proxy
SSH-based tunnels
- Local SSH port forwarding
- Remote SSH port forwarding

Secure shell (SSH) is the most popular and efficient method for remote access. This post introduces SSH relevant issues, from installation to configuration.

Installation

Take Archlinux for instance here.

pacman -S openssh

Transmission over asymmetrical encryption

Generate key pair on the client

ssh-keygen -t rsa

Copy the public key to the server

scp ~/.ssh/id_rsa.pub USERNAME@SERVER:~/.ssh/authorized_keys
#or
ssh-copy-id -i ~/.ssh/id_rsa.pub USERNAME@SERVER

Enable `X11 forwarding` to run GUI programs over SSH

On server

Installation

pacman -S xorg-xauth

Configuration

Add following line in /etc/ssh/sshd_config

X11Forwarding yes

On client

Add following lines in /etc/ssh/ssh_config

ForwardAgent yes
ForwardX11 yes
ForwardX11Trusted yes

SSH-based proxy

For clear description, we consider such a simple scenario. Suppose you intend to access host A, but the direct access is not permitted. Instead, you can access host B, which is granted to access host A. In this case, you can access host A via host B, i.e., which plays a proxy role. Following command can make host B a SOCK proxy.

ssh -N -D PORT USERNAME@B

where

PORT is the port index of a local port.
USERNAME is the account for login on host B.
Option -N means the port forwarding only, without any command executed remotely.

Then, a SOCK proxy is ready whereby you can access host A as freely as you are on host B.

SSH-based tunnels¹

Local SSH port forwarding

Suppose there are 3 hosts, denoted by A, B, and C, respectively. Host C is providing some service on port RPORT, e.g., HTTP on port 80, and host A intends to access it. However, due to some network restriction, host A cannot directly access the service provided by host C, but host B can.

To the end, running following command on host A can map the remote port RPORT on host C to a local port LPORT.

ssh -L LPORT:C:RPORT B

In this case, host A can enjoy the desired service on host C by its local port LPORT.

Remote SSH port forwarding

Consider a similar scenario that there are 3 hosts, A and B. Host A is providing some service on LPORT. For some reason, host A cannot be accessible, but host B is available.

Running following command on host A can map the local port LPORT to a remote port, RPORT, on host B.

ssh -R RPORT:localhost:LPORT B

In this case, visiting port RPORT on host B is exactly the same as accessing to port LPORT on host A.

Footnotes:

https://www.tunnelsup.com/how-to-create-ssh-tunnels/

SSH

Table of Contents