Wednesday, February 27, 2013

SSH and remote administration. Not just for the command line.

Having the ability to remotely access a network is a great benefit for someone who does remote maintenance or troubleshooting. My tool of choice for this is SSH because:
  • Fairly Secure
  • Less hassel then a full VPN 
  • Installed by default on most Linux installations. 
  • Very flexible. 
SSH stands for Secure SHell and that is exactly what you get with the basic invocation of SSH:

 ssh plecebo@my.example.com   

The first time you execute this command your SSH client will ask you if you want to accept the certificate of the machine you are connecting to. Usually this is a fairly safe practice, but for those who strive for excellent security practices it is usually best to not accept this certificate but obtain it through some verifiable means (physically copy from the remote server and add it on your local machine). That being said I usually accept the certificate.

Once this command executes you will have a terminal open on the remote machine. This is exactly like the terminal you had open on your local machine.

Sometimes working in the terminal can be a real pain in the ass. Especially if there are good alternatives such as a web interface. You may want to connect to a remote network and use and application (web browser) as if you were sitting on site. SSH can help with that using Dynamic Port Forwarding.

 ssh plecebo@my.example.com -D 1234 -N  

This creates a Dynamic forward (SOCKS Proxy) from your computer to the remote computer on port 1234. The -N option keeps sneaky stuff from being executed on the remote machine. It is not required but recommended.

Now configure your application to use the proxy (localhost:1234) and all proxy traffic goes through to the remote computer and appears to come from that network. Most browsers have proxy settings you can configure. Here is a screen shot of Firefox configured for the above proxy.


What if you want to use an application to connect to a private resource on the remote network? For example you want to Remote Desktop into a windows XP machine on the remote network. SSH has you covered.

 ssh plecebo@my.example.com -L3388:192.168.1.100:3389 

This creates a tunnel through the remote computer to the resource behind the firewall. After you execute this command you simply use the address 127.0.0.1:3388 in your application and you will be connected to the resource on the remote network at 192.168.1.100:3389 (3389 is the remote desktop port).




There are also many Remote desktop clients that will connect via SSH for you. I like to use Remmina (http://remmina.sourceforge.net/) since it comes installed by default in Ubuntu and it suits my needs very well.