Last active
November 28, 2019 14:42
-
-
Save Eidansoft/239d8394a95d95cdd49f382e5d954be2 to your computer and use it in GitHub Desktop.
SSH tips to play around the machines
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Doc from https://wiki.gentoo.org/wiki/SSH_jump_host | |
| ssh -J jump_named_configured_at_conf,user@host_jump user@end_machine |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Create tunnel to access one port on a machine directly connected to another machine | |
| $ ssh -L 38080:localhost:38080 -fN user@dest_machine_pi | |
| # The -f option is to send the ssh process directly to the background and do not block your tty with a shell on the | |
| # destination. | |
| # The -N option is to tell to ssh that you do not want to run any command (just only open the tunnel without running | |
| # anything else) | |
| # To close that tunnel running in background, you will need to kill its process, you can easely find out the process | |
| # looking by the port you opened: | |
| ps aux | grep 38080 | grep ssh | tr -s " " | cut -d " " -f 2 | xargs -I % kill -9 % | |
| # To accept any Host key, and do not care about the 'Unknown host' error message, this can be useful, but be careful! | |
| ssh-keyscan server_ip >> ~/.ssh/known_hosts | |
| # Multi jump tunneling, is a technic to reach a machine meanwhile you have been jumping from one machine to another | |
| # http://ufasoli.blogspot.com/2013/11/multi-hop-ssh-tunnel-howto-creating-ssh.html | |
| # The -v is just verbose | |
| # ( ) | |
| # ( REQUEST ) | |
| # ( ) | |
| # * ************ ************* ************* ************* | |
| # * * * * * * * * * | |
| # * * LOCAL * * JUMP1 * * JUMP2 * * HOST * | |
| # * port: 38080 * PC * * * * * *DESTINATION* | |
| # ****************** * * * * * * PC2 * | |
| # * * * * * * * * | |
| # * * * * * * * * | |
| # ************ ************* ************* ************* | |
| # *38080 38080* *38080 38080* *38080 * port: 1234 | |
| # * * * * * * | |
| # * * * * * * | |
| # * ******* * * ******* * * ******* * | |
| # ********* SSH ***** ******* SSH **** ***** SSH ********** | |
| # ******* ******* ******* | |
| $ ssh -v -L 38080:localhost:38080 user@JUMP1 -t ssh -v -L 38080:localhost:38080 user@JUMP2 -t ssh -v -L 38080:localhost:1234 user@DESTINATION_PC2 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # To provide Internet through SSH to a disconnected (from Internet) machine, is easy with SSH, just need: | |
| # 1st -> To start a proxy onto your current local machine (with Internet), I will do it with Squid onto a docker: | |
| # The squid.conf file is below, and the squid volume is used to cache the data (only needed if you want save it) | |
| docker run --rm --name squid -d --publish 3128:3128 -v $PWD/squid.conf:/etc/squid/squid.conf -v squid:/var/spool/squid sameersbn/squid:3.5.27-2 | |
| # 2nd -> Then create a reverse tunnel from the destinanion machine toward the proxy (our local machine) | |
| ssh -R 3129:localhost:3128 UNCONNECTED_MACHINE | |
| # 3rd -> Finally configure the disconnected machine to use the proxy. | |
| export http_proxy=http://127.0.0.1:3129 | |
| export https_proxy=http://127.0.0.1:3129 | |
| COMMAND_TO_RUN_THAT_NEEDS_INTERNET | |
| # EXAMPLE for the squid.conf file: | |
| acl SSL_ports port 443 | |
| acl Safe_ports port 80 # http | |
| acl Safe_ports port 21 # ftp | |
| acl Safe_ports port 443 # https | |
| acl Safe_ports port 70 # gopher | |
| acl Safe_ports port 210 # wais | |
| acl Safe_ports port 1025-65535 # unregistered ports | |
| acl Safe_ports port 280 # http-mgmt | |
| acl Safe_ports port 488 # gss-http | |
| acl Safe_ports port 591 # filemaker | |
| acl Safe_ports port 777 # multiling http | |
| acl CONNECT method CONNECT | |
| http_access deny !Safe_ports | |
| http_access deny CONNECT !SSL_ports | |
| http_access allow localhost manager | |
| http_access deny manager | |
| http_access allow all # <- this is the important to accept any connection | |
| # http_access allow localhost <- and this both has been commented out | |
| # http_access deny all <-/ | |
| http_port 3128 | |
| coredump_dir /var/spool/squid | |
| refresh_pattern ^ftp: 1440 20% 10080 | |
| refresh_pattern ^gopher: 1440 0% 1440 | |
| refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 | |
| refresh_pattern (Release|Packages(.gz)*)$ 0 20% 2880 | |
| refresh_pattern . 0 20% 4320 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Doc is here -> https://docs.docker.com/engine/reference/commandline/pull/ | |
| # If docker service is running under systemd, you need to configure it: | |
| # Create a file called /etc/systemd/system/docker.service.d/http-proxy.conf that adds the HTTP_PROXY environment variable: | |
| [Service] | |
| Environment="HTTP_PROXY=http://proxy.example.com:80/" | |
| # And apply changes: | |
| sudo systemctl daemon-reload | |
| sudo systemctl restart docker | |
| # Check everything went fine with: | |
| systemctl show --property=Environment docker | |
| # Now you should be able to run a docker pull ... | |
| # If the connection is too slow (or fast) you can edit the number of parallel downloads at /etc/docker/daemon.json | |
| sudo nano /etc/docker/daemon.json | |
| { | |
| "max-concurrent-downloads": 1 | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment