====== SSH ======

See also **[[computing:linux:ssh_keys|Set Up SSH Keys]]**

===== Troubleshooting =====

Verbose:

<file>
ssh -v ...
</file>

Modify the MTU on your remote workstation PC to eliminate fragmentation (MTU mismatch):

<file>
ifconfig eth0 mtu 576
</file>

==== Session Timeouts and Slow Logins ====

Take care of both with this one-liner:

On the Client PC:

<file>
echo "Host *
        ServerAliveInterval 60
        GSSAPIAuthentication=no" >> $HOME/.ssh/config
</file>

(be sure to copy and paste everything including the CRLF's and spaces)

If a permissions error is thrown:

<file>
chmod 600 /home/username/.ssh/config
</file>

==== Unknown Terminal Type ====

If you get an error message "unknown terminal type", you can try specifying a different terminal like this:

<file>
TERM=xterm-color ssh -l username remote.host.name
</file>

===== Non-Standard Port =====

:!: Adjust your firewall first or you may lose access!

<file>
vim /etc/ssh/sshd_config

Port 2222

service sshd restart
</file>

==== Additional for EL7 ====

Install ''semanage'' if it is not installed and allow ssh on your port:

<file>
sudo yum install policycoreutils-python

semanage port -a -t ssh_port_t -p tcp 2222
</file>

===== Reverse Tunnels =====

http://www.howtoforge.com/reverse-ssh-tunneling

http://www.alexonlinux.com/reverse-ssh-tunnel-or-connecting-to-computer-behind-nat-router

This technique is used to access an SSH host behind a NAT firewall using a middle-man PC with a static IP address.

  * Box behind NAT creates a reverse tunnel connection to the middle-man
  * User connects to middleman PC on reverse tunnel port

==== Howto ====

On the middle-man host with a real static IP address:

  * Set "GatewayPorts yes" in /etc/ssh/sshd_config
    * Restart sshd if sshd_config changed
  * Configure to use [[computing:linux:ssh_keys|SSH keys]] rather than passwords
    * Less trouble
    * More secure

On remote host (behind NAT) that you want to access:

<file>
ssh -R 22222:localhost:22 root@middleman
</file>

or if SSH is listening on a non-standard port:

<file>
ssh -R 22222:localhost:22 root@middleman -p 2222
</file>

From your workstation, connect through the middle-man PC:

<file>
ssh -p 22222 root@middleman
</file>

===== AutoSSH =====

http://www.howtoforge.com/reverse-ssh-tunneling#comment-4762

Use AutoSSH to keep a tunnel up constantly.