OpenSSH Tips and Tricks

Previously, we looked at the basics of key management in OpenSSH, which in my opinion, really need to be understood before you start to play with all the other fine trickery OpenSSH offers. Key management is important, and easy, and now that we all understand how to manage keys, we can get on with the fun stuff.

Because I take OpenSSH for granted, I don’t really think about what I do with it. So here are some pointers and tips to various SSH-related commands that can make life easier, more secure, and hopefully better. This really is just the tip of the iceberg; there is so much more that OpenSSH can do, but I hope this at least gives you some new tricks and inspires some further investigation.

Running remote X applications

If you want to run a remote X11 program locally, you can do that via OpenSSH, taking advantage of its encryption benefits. With X running, open a terminal and type:

$ ssh -fX user@host firefox

This will fire up FireFox on the remote computer, and display the output over an encrypted SSH connection on the local display. You will need X11Forwarding yes enabled on the remote server (usually it is; if not, check /etc/ssh/sshd_config or /etc/sshd_config).

Easy connections to remote using screen

When you first log into a system and run screen, you have multiple terminals open that can be switched around. If you need to disconnect from the system, have a network outage, or switch from one wireless network to another, running the remote session under screen will prevent whatever processes are currently running from terminating prematurely. However, when you do run screen like this, typically you would log in directly and then start, or resume, screen.

Instead, you can do this with one command, which has the advantage of logging you out immediately when disconnecting from the screen:

$ ssh -t user@host screen -r

This also has the benefit of not starting an extra shell process just to launch screen. This will not work, however, if screen is not already running on the remote host.

Also note that you can run almost any command remotely, like this. The -t command forces pseudo-tty allocation, so you can use this to run simple commands, or interactive commands like a MySQL client login, or alternatives to screen like tmux.

Encrypted tunnels to remote hosts

This is one of the best uses of OpenSSH. With tunneling, you can tell OpenSSH to create a tunnel to a port on the remote server, and connect to it locally. For instance, if you run a private web server, where port 80 is not available to the internet (via a firewalled port), you can use the following to connect to it:

$ ssh -N -L8080:127.0.0.1:80 user@remotehost

Then point your browser to http://127.0.0.1:8080 and it will connect to port 80 on remotehost, through the SSH tunnel. Keep in mind that, for web connections at least, it will only connect to an IP, so name-based virtual hosting is out, or at least reaching a name-based virtual host would be.

On the other hand, if you have a MySQL service or some other firewalled service, you can use the same technique to get to that service as well. If you wanted to connect to MySQL on remotehost you might use:

$ ssh -N -L3306:127.0.0.1:3306 remotehost

Then point your MySQL client application to the localhost (127.0.0.1) and port 3306. The general syntax of the -L command is “local_port:local_ip:remote_port”.

Creating a SOCKS5 proxy

One really neat thing OpenSSH can do is create a SOCKS5 proxy, which is a direct connection proxy. This allows you to tunnel all HTTP requests, or any other kind of traffic that can be sent through a SOCKS5 proxy, via SSH through a server you can access. This might be useful at a coffee shop, for instance, where you want to direct all HTTP traffic through your SSH proxy to your system at home or the office, in order to avoid potential snooping or data theft (looking directly at you, FireSheep).

The command I use to create the SOCKS5 proxy using OpenSSH is:

$ ssh -C2qTnNM -D 8080 user@remotehost

This creates a compressed connection that forces pseudo-tty allocation, as well as places the ssh client into master mode for connection sharing (see man ssh for more details on the other options). The proxy will live on port 8080 of the local host. A quick test is to use something like curl with whatismyip.com:

$ curl --socks5 127.0.0.1:8080 www.whatismyip.com/automation/n09230945.asp

Call curl with that command, then compare it to using curl on that URL directly and you should see two different IP addresses — the first being the remote server’s IP, and the second being your own.

Since curl is really only useful for testing, check out FoxyProxy for Firefox in order to make Firefox use the proxy.

These are just a few things that OpenSSH can do, but I think they’re very useful. OpenSSH truly is a ubiquitous Swiss-Army knife utility; it is pre-installed and available on pretty much every major operating system with the exception of Windows. It may be intimidating if you’re just figuring it out for the first time, but spend some time playing with it and that investment will definitely pay off.

Need Cisco IOS?

If you need Cisco IOS for learning purpose you can use this link.

You can use GNS3 to simulate cisco router using the real IOS.

http://www.mmnt.ru/int/get?in=f&st=c2500&ot=221

Have fun..

Cisco Feature Navigator

If you want to know all features which supported by specific cisco router you can find it at this link.

http://tools.cisco.com/ITDIT/CFN/Dispatch?act=rlsSelect&task=search&searchby=software

Cisco provides good tools to find many information about their products.

Have fun..!

Windows Live Writer

Windows Live Writer is an offline blog editor. This is a freeware so you can download it without charged. You can write your blog offline and save it in your notebook before publish it when you are online. The really interesting part is that, while geared for Windows Live Spaces users, Live Writer works with blog CMSs like WordPress, Movable Type, LiveJournal and Blogger. Just install it into your notebook and you can write your blog any where and any time. Windows Live writer is equiped with many features which compatible with many blog CMSs.

These are a few features for your consideration :

• The WYSIWYG editor is amazingly intuitive and simple to use.
• Advanced text formatting features, such as headings and tables, are included in the WYSIWYG editor.
• Extensible via plugins (it reminds me of WordPress in that regard)
• Auto Save (this feature needs no explanation)
• Choice between HTML/XHTML on a per blog basis. This is good if you’re a stickler for clean and well formed code.
• Supports FTP upload. One thing that bothered me in the previous version was that images and files could only be uploaded via the blog’s XMLRPC file (not good if you plan to store your files in a folder outside of the blog). This time around, they got it right — even better that right because the FTP set up was smooth and extremely intuitive.
• Supports date modification, which means you can set a post to publish in the future (or the past if you so choose).
• Tag support with a variety of providers, including custom providers.
• Advanced image insertion that supports thumbnails and lets you add some basic styles, such as drop shadow and photo style borders, to your images. You can even apply some more advanced image styling such as black & white conversion, sepia tone, as well as others.
• Video insertion which will come in handy if you’re a vlogger.
• Customizable ping list with trackback support
• In line spell checking
• Multiple writing views including layouts that mimic your blog and a full in software preview of the entry as it would appear on the blog.
• Quick switching between views by using their shortcut keys.

You can download Windows Live Writer at http://download.live.com/writer. Happy blogging!

Seesmic = facebook + twitter

Seesmic is an application for monitoring and updating your facebook and twitter account. I knew this application by twitter page. Seesmic is awesome. You can update your status at facebook and twitter at the same time. This is a desktop application which installed in your PC and run like a messenger application so you can updating your status any time you want. You can download seesmic at http://www.seesmic.com/.

installing XP in SATA-enabled notebook

When I bought TravelMate 6292 last month, it made me annoyed with the performance because Vista needs a lot of resources from this machine (this was before I updated the Vista). 2.0 GHz Core 2 Duo Processor and 1 Gigs DDR2 were nothing for Vista. Vista has made me spent for additional 3 Gigs DDR2 for better performance. Travelmate 6292 was bundled with Vista Business Edition. It is annoying for XP lovers who want to install XP in there (you should have the license first before installing). That’s because XP needs Sata Driver to be installed in Travelmate 6292 before XP installation. The problem is it needs floppy drive to install Sata Driver. Unfortunately, floppy drive age has passed away. 6292 doesn’t have floppy drive. After a lot of browsed pages, tips, and forums, finally I’ve found a great tips about how to install XP in your TravelMate 6292. I can install XP without the floppy drive. I need to slip-streamed the driver to XP installation progress. How to do that? You can try these steps!

1. Thanks to Dino Nuhagic who develop nLite for us to solve “Vista-to-XP Migration”. You can download nLite at http://www.nliteos.com/download.html. Install the nLite!

2. You need to download Sata Driver for TravelMate 6292 (Intel Chipset 965GM). Ask to uncle google for the file! Download and extract to your harddisk!

3. Also you need to copy your XP installation CD to a folder in your harddisk. It will be needed by nLite in creating a new installation CD which merged with Sata Driver.

4. Run your nLite and follow the instructions!

5. Tadaa.. You’ve got a new installation CD with Sata Driver included.

6. You can install your XP in common way.