linsec.ca blog » ssh

Two SSH clients to consider for the iPad

vdanen — Wed, 25 May 2011 21:51:03 +0000

This week’s mac tip is Two SSH clients to consider for the iPad. In this tip I look at two really great SSH clients for the iPad (and iPhone as well, although I was mostly just looking at the iPad versions which do vary from their iPhone counterpart): iSSH and Prompt. Really great clients for anyone that needs to SSH into a remote box. They’re quite inexpensive and very well done.

What you need to know about OpenSSH key management

vdanen — Thu, 20 Jan 2011 18:22:44 +0000

This week’s techmail is What you need to know about OpenSSH key management which looks at a few tips and tricks in using OpenSSH public/private keys. It talks about generating keys, using ssh-copy-id to copy keys to servers, and using hashed representations of host keys to obscure what machines you connect to in case someone is able to look at your known_hosts file. If you’re not familiar with OpenSSH or want to move beyond just the simple basics, this tip will help you get started.

Using ExpanDrive to mount remote file systems

vdanen — Sat, 27 Feb 2010 19:00:06 +0000

This week’s mac techmail was Using ExpanDrive to mount remote file systems which takes a look at the ExpanDrive tool, which sits in the menubar and allows you to connect to remote SFTP, SSH, FTP/FTPS, or Amazon S3 file systems and mount them on the computer as if they were local filesystems. It’s essentially a polished front-end for FUSE with sshfs support for the SFTP/SSH connections. It’s a really great tool and while not free, it’s relatively inexpensive and works wonders. With it I can remotely mount the filesystem of my VPS using SSH with keys, or connect to the home filesystem while on the road, etc. And instead of having to navigate the remote filesystem within one application like a traditional FTP client, I can access it using the terminal, Finder, PathFinder, or any other utility that operates on the local filesystem. It securely mounts the remote filesystems to be as available as a SMB or AFP share.

Proxy.pac woes

vdanen — Fri, 24 Apr 2009 22:18:57 +0000

I’m hoping some benevolent reader out there can give me a hand here as I’m banging my head against the wall with this. The scenario is this:

I have one system that can access a private school network and do not want to setup the same vpn connection on other systems. So this little box has a connection to the school vpn, and I have the following in ~/.ssh/config in order to access it, which forwards locally to the proxy server at the school so I can get onto their internal site(s).

Host school
  Hostname fw.school.com
  User vdanen
  LocalForward 33306 dev.school.com:3306
  LocalForward 2228 dev.school.com:3128
  compression yes
  KeepAlive yes

And this works fine. This also means I have to ssh into the box (which is good from an authentication standpoint) in order to access any services. Consider this a poor-man’s VPN. Incidentally it also lets me use some GUI mysql tools to access the database.

I want to use an automatic proxy.pac file on my local web server, so I have http://server/proxy.pac that contains:

function FindProxyForURL(url, host)
{
    if (shExpMatch(url, "http://*.school.com*"))
    {
        return "PROXY localhost:2228; DIRECT";
    }
    if (shExpMatch(url, "https://*.school.com*"))
    {
        return "PROXY localhost:2228; DIRECT";
    }

    return "DIRECT";
}

The problem I have is that I can get to http://*.school.com sites, but https://*.school.com sites aren’t hitting the proxy at all. I use OpenDNS at home, so they keep pointing to OpenDNS. I can work around this in Firefox by setting the network.proxy.{http,ssl} and network.proxy.{http,ssl}_port settings in about:config, but I want this to be system-wide (thus the proxy.pac file). On OS X, if I use the System Preferences to have the auto-proxy setup and point it to the proxy.pac file, I can get the http:// sites from the school, but not the https:// ones (which is problematic).

I’ve been looking and reading all over the place and there doesn’t seem to be anyone with this problem that I’ve found so far, which either means I’m doing something wrong or no one is trying to get to https sites via a proxy setup like this. I’m leaning towards wrong as if I do something like:

$ http_proxy="http://localhost:2228" elinks https://secure.school.com

I get an error about the host being down. But if I ssh into the host and do:

$ http_proxy="http://dev.school.com:3128" elinks https://secure.school.com

It works. I don’t get it because localhost:2228 is most definitely forwarding to dev.school.com:3128. Does anyone have any ideas on what might be wrong here? Getting it to work in Firefox is great, but it also needs to work with Safari as well (if it didn’t, I’d be satisfied with the manual settings in Firefox).

Save time managing multiple systems with Parallel SSH

vdanen — Wed, 24 Dec 2008 02:01:11 +0000

This week’s TechMail is Save time managing multiple systems with Parallel SSH, which discusses using pssh (or Parallel SSH) to do similar operations on multiple systems at the exact same time. Very useful little program indeed.

Chroot users with OpenSSH: An easier way to confine users to their home directories

vdanen — Wed, 02 Jul 2008 23:17:59 +0000

Last week’s TechMail was Chroot users with OpenSSH: An easier way to confine users to their home directories which discusses the new chroot capabilities of newer openssh. Chrooted sftp is very very cool and a welcome addition to openssh, although it would be neat if chrooting shell logins could be as easy.

Use Fuse to mount remote ssh directories

vdanen — Wed, 02 Jul 2008 23:14:19 +0000

Haven’t been keeping up with the TechMails, so here’s the last three works worth. This one is entitled Use Fuse to mount remote ssh directories and it discusses how to use Fuse (user-space filesystem) to mount remote ssh directories as “local” filesystems. Extremely useful stuff.