Hier werden die Unterschiede zwischen zwei Versionen angezeigt.
Beide Seiten der vorigen RevisionVorhergehende ÜberarbeitungNächste Überarbeitung | Vorhergehende Überarbeitung | ||
en:howtos:ssh [2022/02/18 08:32] – [Schritt 3: Eine Passwortabfrage pro Tag] morquai | en:howtos:ssh [2022/02/18 08:40] (aktuell) – [Fazit: Beispiel einer .ssh/config] morquai | ||
---|---|---|---|
Zeile 94: | Zeile 94: | ||
**Note: if you use PuTTY and openssh under Cygwin in parallel, you should look at using PAGEANT (PuTTY) and working with ssh-pageant (openssh under Cygwin). [[https:// | **Note: if you use PuTTY and openssh under Cygwin in parallel, you should look at using PAGEANT (PuTTY) and working with ssh-pageant (openssh under Cygwin). [[https:// | ||
- | ==== Schritt | + | ==== Step 4: Use the SSH key also from server.example.com ==== |
- | Oft findet man eine ganze Serverlandschaft, | + | Often you will find a whole server landscape on which you can register. Once you have deposited the public part of the SSH key on all servers, you can log on to any server from the client without an additional password. But if you now want to jump from one server to the other, you will be asked for the password again, because the agent only runs on our client. It is now an unforgivable sin to copy the private key to the servers |
- | **Ein Private Key darf den Client NIEMALS verlassen.**\\ | + | **A private key must NEVER leave the client.**\\ |
- | Natürlich hat openssh | + | Of course, |
client: ssh -A server.example.com | client: ssh -A server.example.com | ||
server.example.com: | server.example.com: | ||
- | Auch der auf " | + | The ssh command sent to " |
host * | host * | ||
ForwardAgent yes | ForwardAgent yes | ||
- | Und wieder etwas gelernt, man kann für die Definitionen in der .ssh/config Wildcards | + | And learned something again, you can use wildcards |
- | | + | ==== Step 5: Use non-public services locally |
- | ==== Schritt | + | What do you mean with that? A web server runs on server.example.com, |
- | Was ist damit gemeint? Auf server.example.com | + | |
ssh -L 1234: | ssh -L 1234: | ||
- | Was will uns der Dichter damit sagen? Die SSH Session wird überredet, auf dem Client den Port 1234 zu öffnen und jeglichen Traffic auf diesem Port an den Port 443 auf server.example.com (" | + | What is the poet trying to tell us? The SSH session is persuaded to open port 1234 on the client and forward all traffic on that port to port 443 on server.example.com (" |
https:// | https:// | ||
- | um den Webserver zu erreichen. \\ | + | to reach the web server. \\ |
- | Der Eintrag | + | The entry in the .ssh/ |
- | LocalForward | + | LocalForward 1234 localhost: |
- | Verwirrend? Das liegt an der Doppelnutzung von " | + | Confusing? This is due to the dual use of " |
- | Aber in der Serverlandschaft hinter | + | But in the server landscape behind |
ssh -D 3128 server.example.com | ssh -D 3128 server.example.com | ||
- | Wie immer was es das schon. Nur noch im Browse die Proxy Einstellungen einstellen und die alle Webserver, die server.example.com | + | As always, that's it. Just set the proxy settings in the browser and all web servers that can reach server.example.com |
- | Ach ja, wie sieht denn der Eintrag | + | Oh yes, what does the entry in .ssh/ |
- | DynamicForward | + | DynamicForward 3128 |
+ | ==== Conclusion: Example of a .ssh/config ==== | ||
- | + | | |
- | ==== Fazit: Beispiel einer .ssh/config ==== | + | |
- | + | # ssh-agent | |
- | | + | |
- | | + | |
- | # ssh-agent | + | |
ForwardAgent yes | ForwardAgent yes | ||
- | # Bei Ungereimtheiten mit Host Keys wollen wir gefragt werden | + | # If there are any inconsistencies with host keys, we want to be asked |
StrictHostKeyChecking ask | StrictHostKeyChecking ask | ||
- | # den Wert mancher Variablen wollen wir mitschleppen, | + | # We want to carry the value of some variables with us, here those |
- | # die sich auf die Sprachumgebung beziehen | + | # related to the locale |
SendEnv LANG LC_* | SendEnv LANG LC_* | ||
- | # Wo steht nochmal unser Private Key? | + | # Where is our private key again? |
- | IdentityFile | + | IdentityFile ~/ |
- | # Nun zu Server.example.com | + | # Now to Server.example.com |
- | # Da die für alle Hosts geltenden Einstellungen hier ebenfalls gültig sind, brauchen wir nur | + | # Since the settings that apply to all hosts are also valid here, we only need |
- | # anzugeben, was sich ändert oder was hinzukommt | + | # indicate what changes or what is added |
Host Server.example.com | Host Server.example.com | ||
- | # wie lautet unser Benutzename | + | # what is our username |
User user | User user | ||
- | # unser netter | + | # our nice Socks 5 proxy |
- | DynamicForward | + | DynamicForward 3128 |
- | # Der lokale Forward um den Webserver auf server.example.com | + | # The local forward to reach the web server on server.example.com |
- | # ist ja eigentlich unnötig, denn wir haben ja einen Dynamic Forward | + | # is actually unnecessary, because we have a dynamic forward |
- | LocalForward | + | LocalForward 1234 localhost: |
- | # Hier mal ein Beispiel für mehrere Server | + | # Here is an example for multiple servers |
Host *.example.com | Host *.example.com | ||
User user | User user | ||
- | Die Grundlagen sind gelegt und die meisten Fragen beantwortet. Weitergehende | + | The basics have been laid and most questions have been answered. Further |
- | + |