Linux Tutorials
Building Hadoop Clusters On Linux In EC2
Installing And Using Hadoop
Setting Up SSH Keys Using SSH Agents And Tunnels
Creating OpenSSL Certificates and Certificate Authorities
Installing and configuring Xen
IPTables Primer
Linux Basic Bash Scripting

Setting Up SSH Keys Using SSH Agents And Tunnels

Using ssh-agent

The ssh-agent program is used to keep private keys active. This allows entering the key pass-phrase once upon opening the session and allowing the key to be used without the passphrase for the entire session. Use the ssh-add command to add keys to the ssh-agent.

 $ ssh-agent
 SSH_AUTH_SOCK=/tmp/ssh-ngwIVR3048/agent.3048; export SSH_AUTH_SOCK;
 echo Agent pid 3049;
 $ SSH_AUTH_SOCK=/tmp/ssh-ngwIVR3048/agent.3048; export SSH_AUTH_SOCK;
 $ SSH_AGENT_PID=3049; export SSH_AGENT_PID;
 $ ssh-add
 Identity added: /home/USER/.ssh/id_rsa (/home/USER/.ssh/id_rsa)

First launch the ssh-agent. The agent returns environment variables used by the other SSH programs. Export the returned variables into the environment. Use the ssh-add command to add keys to the resident ssh-agent.

 $ ssh-agent
 $ ssh-add ~/.ssh/rsa_key_test
 $ ssh user@host

Alternatively the RSA key can be loaded into a running ssh-agent. This assumes that the remote host has the public in the authorized_keys file from before. First start the ssh-agent and export the returned environment variables. Then use ssh-add to load the key into the running agent. Now the key will be automatically used to authenticate.

Setting up SSH tunnels

SSH tunnels can be used to open secure communication channels between the local system and a remote host. The tunnel opens a port on the local system that is forwarded over ssh to the specified port on the remote host. SSH tunnels can be handy to encrypt traffic while using insecure public wifi access points. Just setup an SSH tunnel from your laptop to your home server and tunnel your traffic. SSH tunnels can also be used to connect from host A through an SSH tunnel to host B and have the traffic forwarded from there to host C.

The -L option is used to specify how the tunnel should run. The format of the parameters for the -L option are Local_Port:Remote_Host:Remote_Port. Use the -f switch to put ssh into the background mode and -N to not execute a remote command.

 hosta$ ssh -N -f user@hostb -L 25000:hostb:25
 hosta$ ssh -N -f user@hostb -L 11000:hostb:110 -L 14300:hostb:143
 hosta$ ssh -N -f user@hostb -L 2222:hostc:22

The first line creates a tunnel from port 25000 on hosta (localhost) to port 25 on the hostb. The second line creates a tunnel from 11000 on hosta to port 100 on hostb and a second tunnel from port 14300 on hosta to port 143 on hostb. Multiple -L commands can be specified on one ssh command.

To use these tunnels set the mail client to connect to localhost:25000 for SMTP this will route outbound mail to your SMTP server via the SSH tunnel. Similar steps would be performed for POP3 to localhost 110000 and IMAP to 14300. The final tunnel is used to connect to port 22 (SSH port) on hostc routed through a tunnel to hostb. This could be convenient if login to hostc was restricted and connection from hostb was required. Insted of logging into hostb and then logging into hostc, just ssh to the tunnel on port 2222 (use -p to specify destination ssh port).

These tunnels can be used to tunnel just about any kind of traffic (Jabber, AIM, etc).

Other SSH based utilities


SCP is a secure file copy protocol used to copy files between hosts encrypted by SSH.

 $ scp file user@host:/path/to/store/file
 $ scp user@host:/path/to/file /path/to/local/file

The first example sends the file "file" to the remote sysem "host" and writes the file as /path/to/store/file. The second line retrieves the file /path/to/file from the remote system "host" with the login credentials "user" and writes the file locally to /path/to/local/file


The sftp program is used to access filesystems on remote hosts over the ssh protocol. It presents the remote host filesystem with the common ftp interface.

 $ sftp user@host
 Connecting to host...
 sftp> dir
 file1     file2     file3

This example uses sftp to login to the system "host" as the login "user". The ftp command dir is executed. Other common commands are cd to change directory, get to retrieve a file, and put to send a file. Use the help command to view a full list of commands.

SSH Introduction and Creating keyfiles <<  1 2
New Content