Ssh from linux to mac

SSH Command — Usage, Options, Configuration

Practically every Unix and Linux system includes the ssh command. This command is used to start the SSH client program that enables secure connection to the SSH server on a remote machine. The ssh command is used from logging into the remote machine, transferring files between the two machines, and for executing commands on the remote machine.

Contents

SSH Command in Linux

The ssh command provides a secure encrypted connection between two hosts over an insecure network. This connection can also be used for terminal access, file transfers, and for tunneling other applications. Graphical X11 applications can also be run securely over SSH from a remote location.

Other SSH Commands

There are other SSH commands besides the client ssh . Each has its own page.

ssh-keygen — creates a key pair for public key authentication

ssh-copy-id — configures a public key as authorized on a server

ssh-agent — agent to hold private key for single sign-on

ssh-add — tool to add a key to the agent

scp — file transfer client with RCP-like command interface

sftp — file transfer client with FTP-like command interface

Using the Linux client

Linux typically uses the OpenSSH client. The ssh command to log into a remote machine is very simple. To log in to a remote computer called sample.ssh.com, type the following command at a shell prompt:

If this is the first time you use ssh to connect to this remote machine, you will see a message like:

Type yes to continue. This will add the server to your list of known hosts (

/.ssh/known_hosts ) as seen in the following message:

Each server has a host key , and the above question related to verifying and saving the host key, so that next time you connect to the server, it can verify that it actually is the same server.

Once the server connection has been established, the user is authenticated. Typically, it asks for a password. For some servers, you may be required to type in a one-time password generated by a special hardware token.

Once authentication has been accepted, you will be at the shell prompt for the remote machine.

Specifying a different user name

It is also possible to use a different username at the remote machine by entering the command as:

The above can also be expressed with the syntax:

Executing remote commands on the server

The ssh command is often also used to remotely execute commands on the remote machine without logging in to a shell prompt. The syntax for this is:

For example, to execute the command:

on host sample.ssh.com, type the following command at a shell prompt:

After authenticating to the remote server, the contents of the remote directory will be displayed, and you will return to your local shell prompt. -x Disables X11 forwarding.

SSH client configuration file

The ssh command reads its configuration from the SSH client configuration file

/.ssh/config . For more information, see the page on SSH client configuration file .

Configuring public key authentication

To configure passwordless public key authentication , you may want to create an SSH key and set up an authorized_keys file. See the pages on ssh-keygen and ssh-copy-id for more information.

Configuring port forwarding

Command-line options can be used to set up port forwarding. Local fowarding means that a local port (at the client computer) is tunneled to an IP address and port from the server. Remote forwarding means that a remote port (at the server computer) is forwarded to a given IP address and port from the client machine. See the page on configuring port forwarding on how to configure them.

OpenSSH also supports forwarding Unix domain sockets and IP packets from a tunnel device to establish a VPN (Virtual Private Network).

SSH command line options

Some of the most important command-line options for the OpenSSH client are:

-1 Use protocol version 1 only.

-2 Use protocol version 2 only.

-4 Use IPv4 addresses only.

-6 Use IPv6 addresses only.

-A Enable forwarding of the authentication agent connection.

-a Disable forwarding of the authentication agent connection.

-C Use data compression

-c cipher_spec Selects the cipher specification for encrypting the session.

-D [bind_address:] port Dynamic application-level port forwarding. This allocates a socket to listen to port on the local side. When a connection is made to this port, the connection is forwarded over the secure channel, and the application protocol is then used to determine where to connect to from the remote machine.

-E log_file Append debug logs to log_file instead of standard error.

-F configfile Specifies a per-user configuration file. The default for the per-user configuration file is

-g Allows remote hosts to connect to local forwarded ports.

-i identity_file A file from which the identity key (private key) for public key authentication is read.

-J [user@] host [:port] Connect to the target host by first making a ssh connection to the pjump host[(/iam/jump-host) and then establishing a TCP forwarding to the ultimate destination from there.

-l login_name Specifies the user to log in as on the remote machine.

-p port Port to connect to on the remote host.

-V Display the version number.

-X Enables X11 forwarding.

A little history

SSH replaced several older commands and protocols in Unix and Linux the 1990s. The include telnet , rlogin , and rsh .

SSH runs at TCP/IP port 22. This is right between ftp and telnet, which are 20 years older. Read the story of how SSH got port 22 .

The following video summarizes how and why SSH was originally developed.

Together with our customers, our mission is to secure their digital business on on-premises, cloud, and hybrid ecosystems cost-efficiently, at scale, and without disruptions to their operations or business continuity.

Источник

X11 forwarding from Linux to Mac over SSH

There comes a point where it is useful to run Linux GUI apps elsewhere every once in a while and in my case virt-manager. Thus I set about figuring out how to use X11 forwarding from Arch Linux to Mac OS X 10.9 Mavericks. This is how it’s done.

Linux side configuration

As usual, most of this information comes from the fantastic Arch wiki post here.

First you’ll need to install SSH if you havn’t already and set a root password.

Next edit a couple of config files under /etc/ssh first sshd_config

• Enable the AllowTcpForwarding
• Enable the X11Forwarding
• Set the X11DisplayOffset
• Enable the X11UseLocalhost

Next *ssh_config*note the subtle file name differences.

• Enable the ForwardX11 option in ssh_config

Then restart SSH for these changes to take effect.

We are done on the Linux side now, time to move over to your Mac.

Mac configuration

I use a program called XQuartz to do this which is available here.

Download and install it then log out and in again.

Next load up your terminal client and connect to your Linux box with an ssh command with the -X option as follows:

Once you’re in you should be able to load X based applications, in my instance I simply installed virt-manager via pacman and ran it from the command line with:

Источник

how to run Emacs in «ssh -X» from Linux to Mac OS X (with XForwarding)?

At work I get a choice of two laptops to use, Windows or Mac. Being a linux guy, I thought the MacBook Pro will be a good fit.

So I bring the MacBook Pro laptop home, and realize it doesn’t have a right-ctrl key. And the bottom panel is annoying as hell. So I say, no problem, I’ll sort all that out later, for now I’ll use it as a server and remotely ssh into it from my crispy Xfce workstation environment. Well.

I’ve spent about a day trying to figure out:

How to ssh into the mac from my Fedora workstation, run emacs and have it show up (XForwarded) on my linux workstation ? You know like this:

I’ve installed XQuartz and changed /etc/sshd_config and /private/etc/sshd_config with:

Mind you, xeyes works, and so does xclock , yay .

Apparently X forwarding is working okay, since other gui apps are showing up remotely. But as for Emacs, foggetaboutit.

The default Emacs from /usr/bin/emacs just runs it in -nw mode. Then I’ve installed the latest Emacs 24.3 (into /Applications/Emacs.app/Contents/MacOS/Emacs ). This time, if I’m physically logged into the laptop (i.e. from the laptop keyboard) running Emacs from ssh shows up on the laptop’s screen . WTF? If I logout of the laptop, then I get:

I’m at my wits ends. Any ideas why other X apps work? Anything special about Emacs?

Источник

Как жить в Mac OS без Putty? Аналоги.

В Windows проблема подключения по SSH полностью решалась с помощью всем известной утилиты PuTTY. Пользователи Linux тоже не остаются в обиде, и на их платформе есть это приложение. Странно, но для Мак платформы разработчики PuTTY не сделали. Пришлось искать варианты.

Установка PuTTY на Mac OS

Во первых, для поклонников этой программы, есть вариант установки самой PuTTY на Мак, с помощью систем портирования Linux программ на Mac OS (Homebrew,Xcode, XQuartz). Подробно о такой установке написано в этой статье.

Аналоги PuTTY на Мак

Кроме этого есть аналоги программы для Мака.

Правда его цена немного «кусается». Программа предлагается по цене 80$! С сайта разработчика можно скачать Trial версию на 30 дней.

Apple Store при запросе «ssh client» показывает программу vSSH . Цена программы уже более гуманная — 169 рублей.

Использование терминала для SSH соединения

Но самым популярным в Mac OS является использование консольного терминала.

Тут рекомендуется вместо стандартного терминала платформы использовать приложение iTerm2 — пожалуй, самый популярный терминал для Мак Оси доступный бесплатно.

Для инициации SSH соединения используется команда:

ssh 192.168.1.1 -l user

В принципе, для большинства задач этого хватает.
Выбор за вами!

Поделиться «Как жить в Mac OS без Putty? Аналоги.»

Источник

Ssh from linux to mac

Last updated on: 2019-12-20

Authored by: Rackspace Support

This article provides steps for connecting to a cloud server from a computer running Linux® or MacOS® X by using Secure Shell (SSH). It also discusses generating an SSH key and adding a public key to the server.

Introduction

SSH is a protocol through which you can access your cloud server and run shell commands. You can use SSH keys to identify trusted computers without the need for passwords and to interact with your servers.

SSH is encrypted with Secure Sockets Layer (SSL), which makes it difficult for these communications to be intercepted and read.

Note: Many of the commands in this article must be run on your local computer. The default commands listed are for the Linux command line or MacOS X Terminal. To make SSH connections from Windows®, you can use a client similar to the free program, PuTTY. To generate keys, you can use a related program, PuTTYGen.

Log in

Using the Internet Protocol (IP) address and password for your cloud server, log in by running the following ssh command with username@ipaddress as the argument:

The system prompts you to enter the password for the account to which you’re connecting.

Remote host identification

If you rebuilt your cloud server, you might get the following message:

One of the security features of SSH is that when you log in to a cloud server, the remote host has its own key that identifies it. When you try to connect, your SSH client checks the server’s key against any keys that it has saved from previous connections to that IP address. After you rebuild a cloud server, that remote host key changes, so your computer warns you of possibly suspicious activity.

To ensure the security of your server, you can use the web console in the Cloud Control Panel to verify your server’s new key. If you’re confident that you aren’t being spoofed, you can skip that step and delete the record of the old SSH host key as follows:

On your local computer, edit the SSH known_hosts file and remove any lines that start with your cloud server’s IP address.

Note: Use the editor of your choice, such as nano on Debian or the Ubuntu operating system or vi on RPM or CENTOS servers. For simplicity, this article just uses nano . If you prefer to use vi , substitute vi for nano in the edit commands. For more on using nano , see /support/how-to/modify-your-hosts-file/.

If you are not using Linux or MacOS X on your local computer, the location of the known_hosts file might differ. Refer to your OS for information about the file location. PuTTY on Windows gives you the option to replace the saved host key.

Generate a new SSH key pair

You can secure SSH access to your cloud server against brute force password attacks by using a public-private key pair. A public key is placed on the server and a matching private key is placed on your local computer. If you configure SSH on your server to accept only connections using keys, then no one can log in by using just a password. Connecting clients are required to use a private key that has a public key registered on the server. For more on security, review Linux server security best practices.

Use the following steps to generate an SSH key pair:

Run the following command using your email address as a label. Substitute your email address for your_email@example.com in the command.

A message indicates that your public-private RSA key pair is being generated.

At the prompt, press Enter to use the default location or enter a file in which to save the key and press Enter.

If you want the additional security of a password for the key pair, enter a passphraseand press Enter. If you don’t want to use a password with the key pair, press Enter to continue without setting one.

Your key pair is generated, and the output looks similar to the following example:

Optionally, add your new key to the local ssh-agent file to enable SSH to find your key without the need to specify its location every time that you connect:

You can use an SSH configuration shortcut instead of the ssh-agent file by following the instructions in the Shortcut configuration section later in this article.

Add the public key to your cloud account

To make it easy to add your key to new cloud servers that you create, upload the public key to your cloud account by following these steps:

In the top navigation bar, click Select a Product > Rackspace Cloud.

Select Servers > SSH Keys.

Click Add Public Key.

Enter a key name, such as Work Laptop, to remind you which computer this key is for.

Select the region for which you want to store the public key. To store your key in multiple regions, repeat these steps for each region. The key must reside in the same region as the server.

Paste the contents of the id_rsa.pub file that you created into the Public Key field. You can get the file contents by either opening the file in a text editor or by running the following command:

Click Add Public Key.

If you want to add the key manually, instead of by using the Control Panel, review Linux server security best practices and use the following command:

Create a new server by using a stored key

When you create a new cloud server, you can add a stored key to the new server.

On the Create Server page, expand the Advanced Options section.

From the SSH Key menu, select your key from the list.

If you don’t see a stored key in the list, you can perform one of the following actions:

• Switch the region for the new server to the region where you have stored the SSH key.
• Repeat the steps in the preceding section, Add the public key to your cloud account, to add the key to the region in which you want to create the new server.

Add the key to an existing server

You can’t use the Cloud Control Panel to add a public key to an existing server. Follow these steps to add the key manually:

On your cloud server, create a directory named .ssh in the home folder of the user that you connect to by using SSH.

Create or edit the authorized_keys file and add your public key to the list of authorized keys by using the following command:

A key is all on one line, so ensure that the key isn’t broken by line breaks. You can have multiple keys in the authorized_keys file, with one key per line.

Set the correct permissions on the key by using the following commands:

If you have any issues and need to fix permissions issues, run the following comand:

After you have added the public key to the authorized_keys, you can make an SSH connection by using your key pair instead of the account password.

Shortcut configuration

Use the following instructions to set up a connection shortcut by creating a

/.ssh/config file on your local computer and adding your server and key details to it.

Using a text editor, add the following text to the

/.ssh/config file, changing the values to match your server information:

Each of the following entries describes a feature of the server:

• Host: A shortcut name that you use to tell SSH to use this connection.
• HostName: The address of the server to which you connect.
• User: The name of the user account to connect to on the server.
• IdentityFile: The location of the private key file (id_rsa).

After you set up the config file, connect to the server by using the following command with your shortcut name:

Troubleshooting

If you have trouble making a new connection after you restart the server, use the following steps to help you resolve the issue:

The best way to troubleshoot SSH or SFTP login issues is to attempt to login through SSH while logged into the Emergency Console and to watch the log, which typically includes the reason for a failure. If no reason is given, it could be a firewall issue. For RPM servers, run the following command to watch the log:

For Debian servers, run the following command to watch the log:

If you get a connection timeout error, check the IP address that you used to ensure that it’s correct. You might also check the server’s iptables to ensure that it isn’t blocking the port used by SSH.

If you get a connection refused error, you might be trying to use SSH with the wrong port. If you changed your server to listen to a port other than 22, use the -p option with SSH to specify the port.

If your login is rejected, then you might have an issue with your key. Change the sshd configuration to allow password connections by setting PasswordAuthentication to yes . Restart the server and try again. If you connect after these changes, then the issue is with the key and you must verify that the key is in the right place on the server.

If all else fails, review your changes and restart the SSH daemon on the server by running the following command:

If you get a message that the SSH service is unknown, run the command with sshd as the service name instead.

Share this information:

©2020 Rackspace US, Inc.

Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License

Источник