≡ Menu

ssh server

Linux / UNIX: Speed up SSH X11 Forwarding

I've an CentOS based server and Ubuntu based desktop pc. I'm connecting to my CentOS using ssh X11 forwarding feature. However, speed over the Internet is pretty slow for certain apps such as VMWare console. How do I speed up OpenSSH X11 forwarding using Linux / UNIX desktop system?
[click to continue…]

Rsync Change SSH Port Number While Making Backups

How do I change my rsync command port number while making backup to remote server at backup1.example.com port 10253 (my ssh server runs on tcp port # 10253)? How do I change port number while using rsync command?
[click to continue…]

Ubuntu Linux: Start / Stop / Restart OpenSSH ( SSH ) Server

I need to provide a remote access to my Ubuntu Linux based server. How do I start / stop OR restart the ssh server under Ubuntu Linux operating system using command line options?
[click to continue…]

How to: Transfer MySQL database from one server to another UNIX / Linux server

Q. I'm moving my server from local data center to another data center. I've new server up and running. My site is dynmic and I'd like to transfer MySQL database from old server to new server. How do I make transfer smooth and successful?

. The best and secure way is to use ssh to transfer database to another server. You need to use following tools:

=> SSH client
=> SSH Server on remote box
=> mysqldump command
=> UNIX pipes

Let us say you would like to Transfer MySQL database called foo to remote box called bar, enter the following command at shell prompt:
$ mysqldump foo | ssh user@remote.box.bar.com mysql foo

You can just copy table called chocolate (from recipe database) to remote database called icecream using same syntax:
$ mysqldump recipe chocolate | ssh user@remote.box.com mysql icecream

Linux: Openssh (ssh server) deny root user access

Q. How do I block access to root user over ssh session?

A.. sshd (OpenSSH Daemon) is the daemon program for ssh. Server side ssh configuration is defined in /etc/ssh/sshd_config file.

You need to use DenyUsers option to block access to root user.

This option can be followed by a list of user name patterns, separated by spaces. Login is disallowed for user names that match one of the patterns. Only user names are valid; a numerical user ID is not recognized. By default, login is allowed for all users. If the pattern takes the form USER@HOST then USER and HOST are separately checked, restricting logins to particular users from particular hosts.

Open /etc/ssh/sshd_config file

Use vi command:
# vi /etc/ssh/sshd_config

Deny root user access

Append or modify as follows to block root user:
DenyUsers root

If you want to block additional user just append names to DenyUsers
DenyUsers root, user2, user3

Save and close the file. Restart sshd service:
#/etc/init.d/sshd restart

HP-UX start or stop / restart OpenSSH SSHD service

Q. I’ve HP-UX installed on my HP UX UNIX server. But I’m not able to start or restart the OpenSSH ssh server. How do I stop or restart sshd under HP-UX?
A. HP-UX Secure Shell uses Pluggable Authentication Module for password authentication. Server configuration file is located at /opt/ssh/etc/sshd_config.

HP-UX SSHD System Startup and Shutdown script:

/sbin/init.d/secsh {start|stop}

System startup configuration file


Stop HP UX SSH Service

Type the command:
# /sbin/init.d/secsh stop

Start HP UX SSH Service

Type the command:
# /sbin/init.d/secsh start

Ubuntu Linux OpenSSH Server installation and configuration

Q. I have just installed Ubuntu 6.06 and I would like to allow remote login to my system from home via ssh. How do I install and configure SSH server?

A. OpenSSH is a FREE version of the SSH connectivity tools that technical users of the Internet rely on. Users of telnet, rlogin, and ftp may not realize that their password is transmitted across the Internet unencrypted, but it is. OpenSSH encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other attacks. Additionally, OpenSSH provides secure tunneling capabilities and several authentication methods, and supports all SSH protocol versions.

Ubuntu SSHD Installation

Type the following two command to install both ssh client and server:
# sudo apt-get install openssh-server openssh-client

SSHD Configuration

To be frank your server is ready by default. Just test it from your home computer or from same system with the command:
# ssh localhost
# ssh user@your-server-ip-address

How do I use ssh client?

Assuming that your server hostname is userver.mydomain.com and username is vivek, you need to type the following command:
# ssh vivek@userver.mydomain.com
To stop ssh server, enter:
# sudo /etc/init.d/ssh stop
To start sshs server, enter:
# sudo /etc/init.d/ssh start
To restart ssh server, enter:
# sudo /etc/init.d/ssh restart

See also:

Restrict ssh access using Iptable

Q. How do I stop or restrict access to my OpenSSH (SSHD) server using Linux iptables based firewall?

A. Linux iptables firewall can be use to block or restrict access to ssh server. Iptables command is used to set up, maintain, and inspect the tables of IP packet filter rules in the Linux kernel. However, you can also use tcpd, access control facility for internet services.

Use iptables to Restrict ssh access

Following is simple rule that block all incoming ssh access at port 22
iptables -A INPUT -p tcp -s 0/0 --sport 513:65535 -d --dport 22 -m state --state NEW,ESTABLISHED -j DROP

However in real life you need to use something as follows. Let us assume that your ssh server IP address is, remember ssh server use TCP port 22 for all incoming connection. With iptables you can block all incoming connection at port 22 with following two rules:

iptables -A INPUT -p tcp -s 0/0 --sport 513:65535 -d --dport 22 -m state --state NEW,ESTABLISHED -j DROP
iptables -A OUTPUT -p tcp -s --sport 22 -d 0/0 --dport 513:65535 -m state --state ESTABLISHED -j DROP

If you just want to deny access to group of IPS then you need to add following rules to your script:
for i in $IPS
iptables -A INPUT -p tcp -s 0/0 -s $i --sport 513:65535 -d --dport 22 -m state --state NEW,ESTABLISHED -j DROP
iptables -A OUTPUT -p tcp -s --sport 22 -d $i --dport 513:65535 -m state --state ESTABLISHED -j DROP

Add all of above rules to your iptables firewall shell script (do not type @ shell prompt)

See also: