Lets say you need to connect to a remote Linux server.
The stand way to connect from terminal: ssh _remote_username@the_remote_server_ip
Here, the_remote_server_ip needs to be the IP address or the hostname or the domain name from which the remote server is accessible.
You should get prompted for a password (passwordless login is possible too, see below), post entering the right credentials you are in.
You could also write the same command with the -l (that’s lowercase L) argument.
ssh -l _remote_username the_remote_server_ip
Password-less login using SSH is also possible and allows for much easier (also secure) connection. When you often have to login/logout of various servers this is a great time saver.
There’s plenty of information out there about how to do this, just search it in on the web.
Next, to make repeated access easy, create a “config” file in your ssh directory under your users home directory.
Put the following content as an example (replace the IP with your remote server IP and replace the Username with yours).
With the above config file in place you should be able to now use the below shortcut command:
That’s it, you should now have a easy way to login to your target server from a Jump Host with a lot less to type. As an added advantage you can now access Ports of target server locally. All you need is an active connection to the target done via ssh.
Now, with some basics covered here’s what we are trying to do: You need to access a production server which is behind a firewall (Can’t ssh directly to the server). But there is a Jump server available.
Jump Server: A machine that you need to connect to first then only from this machine you can SSH into the remote server. Jump servers are used to protect the other servers from direct access. It would typically be in DMZ while the other servers are in a secure zone.
Now this means you have to first ssh into the Jump server then from that machine ssh again to the target server.
To make it easier to login with a single command edit the ~/.ssh/.config file entry like below:
- Here Hostname with 10.10.19.20 is assumed to be the target server IP.
- The User denotes the remote user on the target server, here admin.
- ProxyCommand has the user and IP of the Jump Server, like email@example.com.
Port Forwarding with Jump Server
What if you also wanted to be able to do Port Forwarding.
A technique which will allow you to access the target machines Port from your local machine. Given that its blocked from all but allowed only from the Jump Server.
You simply need to add a LocalForward entry to your config like below:
Once connected any data sent to the local IP:PORT (127.0.0.1 8080) will be directed to the productionbox target server. (Port on Local machine and target can be different).
At times the setup can get complicated and you may need to hop between multiple Jump server to reach the target server. This can be done via ProxyCommand chaining like below:
Things you may find handy
You can execute a command on the remote machine without leaving your machine (shell), the command gets executed remotely and your connection is closed post that.
For being concise I’m using my config file as shortcut for ssh, you could substitue the standard ssh user@remotebox as needed.
The below would connect to the remote machine then execute “df -h” on it and display the available and total space on the remote machine as ouput to your terminal.
A more advance usage, could be where you need to connect to a MySQL Slave server to check the Slave Running status as below:
If you wanted to have some interaction with the remote command before exiting you can do so with “-t” option.
Lets say we want to execute multiple commands on the remote machine. The below would create a file test.txt in the logged in users home directory then do a listing via the ls -l command.