Apollo Connecting the World

Diligence and Intelligence

Posts Tagged ‘ssh

SSH Tunnel in Linux

leave a comment »

It is easy in Windows to create SSH tunnel with the help of many tools (e.g. putty). How to do it in Linux? It is easier. 🙂

Suppose mike has an account on remote machine sshserver.com, which is used to be the one to connect.

Open an terminal, type command:
$ssh -N mike@sshserver.com -D 7070

Input the password, and now you have created the SSH tunnel. To use it as a proxy, just config your browser, add a socks 5 proxy, with the proxy as: “127.0.0.1:7070”.

OK, now you can surf the Internet with the proxy.

 

Note.
Some articles use -L parameter in the SSH commands, please refer to [1].

Preference:
[1] http://blog.fredrikbostrom.net/2009/04/10/ssh-tunnel-from-the-command-line

 

Advertisements

Written by apollozhao

2011/07/01 at 11:45

Posted in Internet, Linux, ssh, SSH Tunnel

Tagged with , , , ,

[zz]从零开始傻瓜翻墙攻略:Chrome+SSH,内附其他超简单翻墙法(亲自试用过,一个浏览器搞定国内外所有网站,浏览国内网站也不降速,super傻瓜的教程~)

with one comment

from: http://blog.renren.com/GetEntry.do?id=486627822&owner=249428072

我同学推荐给我一个网址,http://nobodycanstop.us/,进入后在对话框中输入你想要翻墙看的网站,然后点击”GO”。TMD,看YOUTUBE视频速度像飞一样,一个网址等于让下面所有教程作废,操作超级简单,强烈推荐所有浏览到此日志的同学先试用这个网址。向李纪开同学表示感谢~这个翻墙方式全当在上述网站不稳定时留做备用。

零开始傻瓜翻墙攻略:Chrome+SSH

从 GFW BLOG 作者:GFW BLOG 功夫网

不差钱的,可以直接上taobao购买VPN,包年大概不到一百元,省却很多不必要的麻烦。

喜欢DIY或狂差钱的,往下看。从零开始,为了迅速,请按步骤来;本人刚刚走通(windows 7环境下,XP类似),只要严格按照步骤走,相信马上就能看到曙光。

转载请注明出处:http://idoit41.spaces.live.com

step 1. 申请免费的SSH

<自己已有国外的ftp的话,此步骤可跳过,不过要得到ftp服务器的地址、登录名、密码,及SFTP(即ssh)的端口。>

新申请自己的ssh,推荐两个免费的国外网站,如下:A)的申请过程快捷,如果只需要ssh代理,推荐使用这个;B)功能较强大,提供ftp建站等功能,但是创建账户需要等数个小时。

A) CJB.net

到cjb.net注册申请shell Account,猛击这里:http://www.cjb.net/cgi-bin/shell.cgi?action=signup

select a shell处,选择“bash”即可。

收到注册确认信后,点击里面的链接,激活。

按step 4填入MyEnTunnel,SSH端口号为22或443。

B) atbhost.net

http://www.atbhost.net注册,选择“Free Hosting”这个package下单,选择域名,比如:ilikeit.abthost.us,然后Next,选择:“I am a new customer”,填写注册信息(假定用户名为killwall),email要填正确,用于验证。

片刻之后,会收到验证信,点击里面的链接,激活帐号。这个时候其实帐户还未创建好,需等待不超过12小时(我是5个小时后收到,等待期间可进行后面的步骤),会再收到另一封通知信,告知你Hosting Account已经建立好,含帐户基本信息和Control Panel(即CPanel)的地址(形如: http://ilikeit.atbhost.us:2082),这样你就可以登录并管理自己的帐户了。

登录后,可以使用向导,先把语言设为“中文”,可以一路Next学习一下。回到“HOME”页,点击下面的“FTP帐户”,在“账户管理”里,找到主帐户killwall,点击最后面的“配置FTP客户端”,会看到FTP账户信息,其中SFTP服务器端口即为ssh端口(如2022),记下来,以备后用。

至此,SSH帐户已搞定,后面验证可用性。

C)可参见附录一:免费SSH帐号整理——启光博客

step 2. 安装chrome

猛击下载:Chrome

step 3. 安装chrome扩展Switchy!

在Chrome浏览器中猛击下载: Switchy!

如果上面的地址访问不了,请至这个地址下载和安装:http://www.uushare.com/user/mengzehe/file/2794594 ,将下载文件直接拖入chrome浏览器即可安装。

安装好请关闭。

step 4. 安装MyEnTunnel

猛击下载:MyEnTunnel 3.5.2

解压后,运行:myentunnel.exe

如下图进行配置,注意本地端口的设置,为了不与系统当前设置冲突,建议自行设定一个,如2012,然后点击“连接”,观察“状态”标签页,会有“链接成功”的log出现,表示成功。

step 5. 安装Privoxy

猛击下载: Privoxy 3.0.16

安装之后运行,选择菜单:Options-> Edit Main Configuration,将会用记事本打开,在最后重新起一行加入:forward-socks5 / 127.0.0.1:2012 .      // 注意最后有个”.”。

此处的2012需与step 4.MyEnTunnel中的本地端口保持一致。保存,关闭记事本。

关闭Privoxy(在任务栏上的privoxy图标上点右键,选“退出”),然后重新打开Privoxy。

step 6. 配置Switchy!

点击Chrome地址栏右边的地球图标,选择“Options”,打开Switchy!配置页面:

在Proxy Profiles标签页:

1)Profile Name: Free SSH (自己随便起一个)
2)选择Manual Configuration
3)HTTP Proxy:127.0.0.1, Port: 8118(即Privoxy的端口)
4)勾选:“Use the same proxy server for all protocols”

点击“Save”按钮保存。如下图所示。

切换到Switch Rules标签页:

1)勾选: Enable Switch Rules
2)勾选: Online Rule List
Rule List URL填入:http://autoproxy-gfwlist.googlecode.com/svn/trunk/gfwlist.txt (被墙列表)
Reload Every选择:15 Minutes (*后面还会改动一次)
Proxy Profile选择: Free SSH(与上面的Profile Name保持一致)
3)勾选:AutoProxy Compatible List

点击“Save”按钮保存。如下图所示。

step 7. 测试

关闭Chrome,重新打开。

点击“地球”图标,选择“Auto Switch Mode”,即根据RuleList(即上面的gfwlist)来智能分辨是否采用代理的方式进行访问。

然后在地址栏输入“twitter.com”,感受自由的气息吧。

成功后,可以上面的Reload Every由15Minutes改为3 Hours。

<最后提醒一下:电脑重启后,想继续使用chrome自由翻墙,需要保持MyEnTunnel和Privoxy是正常运行状态。>

#end

翻墙利器”赛风”(Psiphon)代理新网址:http://wrcaonima.info/。被墙网站收集:http://delicious.com/GFWbookmark,请使用GFWlist为标签,帮助我们收集被墙网站的信息。敬请订阅GFW Blog:http://feeds2.feedburner.com/chinagfwblog,邮件订阅:https://groups.google.com/group/gfw-blog。更多翻墙工具介绍和下载: 推客浏览器(http://twitbrowser.net/blog/,墙内镜像:http://tm005.nl.am/),Sesawe(http://www.sesawwe.net/)。翻墙互助小组邮件列表: http://groups.google.com/group/bypassgfw。

附录1 免费SSH账号整理– 启光博客

从 GFW BLOG 作者:GFW BLOG 功夫网

来源:http://www.iewb.net/index.php/qg/1492.html

(1)国内代理网站分享的免费SSH账号两枚

ssh服务器1地址: ssh1.dailiav.com

用户名字:dailiav

密码:321311233

端口:22

ssh服务器2地址: ssh2.dailiav.com

用户名字:dailiavcom

密码:797897533

端口:22

经启光博客2010-06-27测试 可用,速度不错,不过不可以看Youtube视频,可以浏览Twitter等网站,感谢dailiavcom提供!

(2)美国freessh.us免费SSH账号

网站:www.freessh.us

在你打开网站后可以看到两枚SSH账号和密码,为了防止滥用,密码五分钟更换一次,已连接 用户不受影响。

(3)SiteFrost.com提供美国免费空间和免费SSH帐号

申请免费空间,自带的免费SSH账号可以使用,比较稳定,不过空间要人工审核,以后要每月去论坛发贴才可继续使用,虽然麻烦些,但也防止了滥用,而且速度真的不错。

(4)cjb.net专来免费SSH账号

cjb.net这个启光博客推荐过,在Firefox+SSH与Chrome+SSH中都是用的这个网站做演示,速度一般,不过申请特别简单。注册网址:http://www.cjb.net/cgi-bin /shell.cgi?action=signup

(5)一个提供免费SSH账号整理的网站

http://shells.red-pill.eu/

这上面提供很多可以免费申请SSH账号的网站, 第一页提供的那些网站都不错,虽然都是英文站,但对于一个想翻墙的网友来说应该不算什么。

Written by apollozhao

2010/08/31 at 09:37

Posted in Internet

Tagged with , ,

Maintain the Program Running on the Remote Machine while Network Is Not Persistent

leave a comment »

Let’s take this scenario:

You ssh to a remote machine and work (eg. run programs). When a network error occurs that you lost connection to the remote machine, your work will be interrupted in half way, and even worse, your work will be lost without being stored. What you have to do is ssh to that machine again and do the work again. So the following question rises:

How to preserve my work in remote machine while connection failure is possible?

The solution is simple. Use a program “screen” in the remote machine.

When ssh to remote machine, before you want to run any programs or do other work, you first type “screen” to open a screen. The function of the screen is that, it provide you with a new terminal, in which you can do you work as usual in a ordinal terminal, however, the work in screen is safe if you lost connection to the remote. If you ssh again, and use screen to the previous job, you will see your work is preserved. You can continue your work easily.

Some cmd for screen:

1. detach (temporarily go out of the screen): Ctrl+a, d

2. see the detached screens: screen -list (or: screen -ls). You will get all the screens, in a form of [pid.tty.host]

3. re-attach to the screen: screen -r tty (or: screen -r pid.tty.host)

Reference:
1. http://www.ibm.com/developerworks/cn/linux/l-cn-screen/

Written by apollozhao

2010/04/30 at 12:38

SSH: a window poped “enter password to unlock the private key”

with 2 comments

I met with this situation:
I created RSA keypair for ssh and copied my public key onto a remote machine B. (Note that in order to create the ssh keypair, you have to enter the passphrase.) So I hoped I could ssh to B without typing password every time.

And I came up with a problem:
Every time I wanted to ssh to the machine B, there was a window (I use Gnome) poped with “enter password to unlock the private key”. What I can do is either enter the password (and it is not your own password nor the login password to B) and click “OK”, or click “Deny”. If you enter the wrong password, you will not ssh. If you click “Deny”, you are asked to input password to ssh to B, like you ssh to B before when you have not copied the public RSA key onto B.

How to solve it?
I finally tried the passphrase (used to create the ssh RSA keypair) as the password, and click “OK”, and it worked! And I was not asked to enter the login password to B. And this window was not poped again.

I do not know what is the key reason of this window poping problem. But I can ssh now. Maybe I can find out why in the future, or maybe anyone read this article kindly tell me what on earth cause that problem. 🙂

Written by apollozhao

2010/03/16 at 14:38

Posted in Linux, ssh

Tagged with , ,

Do not type password when ssh to a remote machine

leave a comment »

Sometimes you may feel it annoying to type password to ssh onto a remote machine, especially when you are running an automated program which involves ssh to other machines and run commands. Here is a method that enable a user to ssh without typing password.

Principle:
a) Create a key pair on local machine
b) Put the publick key on the remote machine, keep the private key on local machine
c) When ssh to the remote machine, the private & public key matching will be done, and matching will lead to the logging

Assuming there are three machines. A: local machine. B,C: remote machines you want to ssh to.

1. On local machine A, run:
$ssh-keygen -t rsa -f ~/.ssh/id_rsa

This command will generate an rsa key pair. “id_rsa” is the private key, and “id_rsa.pub” is the public key.
(Or you can run: ssh-keygen -t rsa, and do according to the prompted info)

When you are asked to enter passphrase, simply leave it empty. (If you have ssh-agent on A, then you can enter the passphrase. Or you still have to enter this passphrase every you ssh to B and C)

Note:
You have to set the privilege of id_rsa on local machine to:600:
$chmod 600 ~/.ssh/id_rsa

2. Append the content of id_rsa.pub to “~/.ssh/authorized_keys” on remote machine B and C.
In a terminal of the local machine, type:
$cat ~/.ssh/id_rsa.pub | ssh yourname@machineB “cat – >> ~/.ssh/authorized_keys”

Or you can upload the public key to the machine B, and in machine B, do:
$cat id_rsa.pub >> .ssh/authorized_keys

Note:
Maybe machine B and C have to restart the ssh service:
$sudo /etc/init.d/ssh restart # on machine B and C
(works on Ubuntu, similar in other Linux)

3. If A has ssh-agent, and you entered a passphrase when generating the RSA key pair, then run:
$ssh-add
and do according to the prompted information.
And then you can ssh without entering password

Written by apollozhao

2010/03/03 at 13:47

Posted in Linux, ssh

Tagged with , ,

Do not type “yes” or “no” when newly ssh to a remote machine

leave a comment »

Ssh to a remote machine usually will prompt to ask you whether are sure to connect, like the following:
The authenticity of host ‘192.168.1.1 (192.168.1.1)’ can’t be established.
RSA key fingerprint is ********.
Are you sure you want to continue connecting (yes/no)?

You have to type “yes” each time you connect to a new remote machine. There is one mechod to avoid this step.

Open a terminal, type in command:
$echo “StrictHostKeyChecking no” >> ~/.ssh/config
$chmod 644 ~/.ssh/config            // note that the permission of file config matters

That is, creating a file named “config” under directory “~/.ssh”, and the content is “StrictHostkeyChecking no”.

You will not have to type yes again every time you ssh to a new remote machine.

Written by apollozhao

2010/03/03 at 13:28

Posted in Linux, ssh

Tagged with , ,