====== SSH ======
See also **[[computing:linux:ssh_keys|Set Up SSH Keys]]**
===== Troubleshooting =====
Verbose:
ssh -v ...
Modify the MTU on your remote workstation PC to eliminate fragmentation (MTU mismatch):
ifconfig eth0 mtu 576
==== Session Timeouts and Slow Logins ====
Take care of both with this one-liner:
On the Client PC:
echo "Host *
ServerAliveInterval 60
GSSAPIAuthentication=no" >> $HOME/.ssh/config
(be sure to copy and paste everything including the CRLF's and spaces)
If a permissions error is thrown:
chmod 600 /home/username/.ssh/config
==== Unknown Terminal Type ====
If you get an error message "unknown terminal type", you can try specifying a different terminal like this:
TERM=xterm-color ssh -l username remote.host.name
===== Non-Standard Port =====
:!: Adjust your firewall first or you may lose access!
vim /etc/ssh/sshd_config
Port 2222
service sshd restart
==== Additional for EL7 ====
Install ''semanage'' if it is not installed and allow ssh on your port:
sudo yum install policycoreutils-python
semanage port -a -t ssh_port_t -p tcp 2222
===== Reverse Tunnels =====
http://www.howtoforge.com/reverse-ssh-tunneling
http://www.alexonlinux.com/reverse-ssh-tunnel-or-connecting-to-computer-behind-nat-router
This technique is used to access an SSH host behind a NAT firewall using a middle-man PC with a static IP address.
* Box behind NAT creates a reverse tunnel connection to the middle-man
* User connects to middleman PC on reverse tunnel port
==== Howto ====
On the middle-man host with a real static IP address:
* Set "GatewayPorts yes" in /etc/ssh/sshd_config
* Restart sshd if sshd_config changed
* Configure to use [[computing:linux:ssh_keys|SSH keys]] rather than passwords
* Less trouble
* More secure
On remote host (behind NAT) that you want to access:
ssh -R 22222:localhost:22 root@middleman
or if SSH is listening on a non-standard port:
ssh -R 22222:localhost:22 root@middleman -p 2222
From your workstation, connect through the middle-man PC:
ssh -p 22222 root@middleman
===== AutoSSH =====
http://www.howtoforge.com/reverse-ssh-tunneling#comment-4762
Use AutoSSH to keep a tunnel up constantly.