# HG changeset patch # User Oleksandr Gavenko # Date 1261825571 -7200 # Node ID 0332d38237db427145f27d79ca75a7129c78116e # Parent 0225066150ff15def8690191baa4dcdd8da0a4d2 Rename ssh article to remote-shell. diff -r 0225066150ff -r 0332d38237db remote-shell.rst --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/remote-shell.rst Sat Dec 26 13:06:11 2009 +0200 @@ -0,0 +1,88 @@ +-*- mode: outline; coding: utf-8 -*- + +* ssh. + +** ssh server on cygwin. + + * Инсталлируем стандартный набор утилит Cygwin + пакет openssh. + * Устанавливаем переменную окружения CYGWIN=binmode tty ntsec. + Это можно сделать глобально или через cygwin.bat (только для клиента). + set CYGWIN=binmode tty ntsec + * Создать пользователя (XXX как сделать чтобы этот пользователь не мог логиниться?), + например с именем user. + * Обновить /etc/passwd + $ mkpasswd -l -u user >>/etc/passwd + или + $ mkpasswd -l >/etc/passwd + для обносления всех записей. + * В приглашении bash: + $ mkdir -p /home/user + $ ssh-host-config -y + Стартуем сервер: + $ net start sshd + или + $ cygrunsrv -S sshd + * На удаленной машине логинимся: + $ ssh 192.168.1.26 -l user + * Остановить сервер + $ cygrunsrv -E sshd + +*** Запускаем SSH server на правах произвольного пользователя. + + * Создаем пользователя, например с именем user, задаем ему пароль, + права (т.е. в какие группы будет входить) и т.д., пользователя не блокируем. + * В консоле MMC добавляем оснастку "Параметры безопасности.". Модифицируем параметры: + + "Параметры безопасности."->"Локальные политики."->"Назначение прав пользователя." + ->"Вход в качестве службы."->добавить 'user'. + + "Параметры безопасности."->"Локальные политики."->"Назначение прав пользователя." + ->"Отклонить локальный вход."->удалить 'user' (если был установлен). + + XXX "Принудительное удаленнон завершение." + +** ssh client. + +*** SSH client on Windows. + +**** ssh from Cygwin. + + * Инсталируем openssh из Cygwin. + * В приглашении bash набираем + $ ssh user@192.168.1.38 + или + $ ssh -l user 192.168.1.38 + +** Reverse SSH Tunneling + +Have you ever wanted to ssh to your Linux box that sits behind NAT? Now you can with +reverse SSH tunneling. This document will show you step by step how to set up reverse SSH +tunneling. The reverse SSH tunneling should work fine with Unix like systems. + +Let's assume that Destination's IP is 192.168.20.55 (Linux box that you want to access). + +You want to access from Linux client with IP 138.47.99.99. +Destination (192.168.20.55) <- |NAT| <- Source (138.47.99.99) + +SH from the destination to the source (with public ip) using command below: + + $ ssh -R 19999:localhost:22 sourceuser@138.47.99.99 + +port 19999 can be any unused port. +Now you can SSH from source to destination through SSH tuneling: + + $ ssh localhost -p 19999 + +3rd party servers can also access 192.168.20.55 through Destination (138.47.99.99). +Destination (192.168.20.55) <- |NAT| <- Source (138.47.99.99) <- Bob's server + +From Bob's server: + + $ ssh sourceuser@138.47.99.99 + +After the sucessful login to Source: + + $ ssh localhost -p 19999 + +The connection between destination and source must be alive at all time. Tip: you may run +a command (e.g. watch, top) on Destination to keep the connection active. diff -r 0225066150ff -r 0332d38237db ssh.rst --- a/ssh.rst Sat Dec 26 13:05:34 2009 +0200 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,86 +0,0 @@ --*- mode: outline; coding: windows-1251 -*- - -* SSH server on cygwin. - - * Cygwin + openssh. - * CYGWIN=binmode tty ntsec. - cygwin.bat ( ). - set CYGWIN=binmode tty ntsec - * (XXX ?), - user. - * /etc/passwd - $ mkpasswd -l -u user >>/etc/passwd - - $ mkpasswd -l >/etc/passwd - . - * bash: - $ mkdir -p /home/user - $ ssh-host-config -y - : - $ net start sshd - - $ cygrunsrv -S sshd - * : - $ ssh 192.168.1.26 -l user - * - $ cygrunsrv -E sshd - -** SSH server . - - * , user, , - (.. ) .., . - * MMC " .". : - - " ."->" ."->" ." - ->" ."-> 'user'. - - " ."->" ."->" ." - ->" ."-> 'user' ( ). - - XXX " ." - -* SSH client. - -** SSH client on Windows. - -*** ssh from Cygwin. - - * openssh Cygwin. - * bash - $ ssh user@192.168.1.38 - - $ ssh -l user 192.168.1.38 - -* Reverse SSH Tunneling - -Have you ever wanted to ssh to your Linux box that sits behind NAT? Now you can with -reverse SSH tunneling. This document will show you step by step how to set up reverse SSH -tunneling. The reverse SSH tunneling should work fine with Unix like systems. - -Let's assume that Destination's IP is 192.168.20.55 (Linux box that you want to access). - -You want to access from Linux client with IP 138.47.99.99. -Destination (192.168.20.55) <- |NAT| <- Source (138.47.99.99) - -SH from the destination to the source (with public ip) using command below: - - $ ssh -R 19999:localhost:22 sourceuser@138.47.99.99 - -port 19999 can be any unused port. -Now you can SSH from source to destination through SSH tuneling: - - $ ssh localhost -p 19999 - -3rd party servers can also access 192.168.20.55 through Destination (138.47.99.99). -Destination (192.168.20.55) <- |NAT| <- Source (138.47.99.99) <- Bob's server - -From Bob's server: - - $ ssh sourceuser@138.47.99.99 - -After the sucessful login to Source: - - $ ssh localhost -p 19999 - -The connection between destination and source must be alive at all time. Tip: you may run -a command (e.g. watch, top) on Destination to keep the connection active.