Théis Bazin

Théis Bazin

I’m interested in making interactions with computers for music creation more stimulating.

On using ssh

2 minute read

Verbose mode

Option -v (can be used multiple times for increasing levels of verbosity) turns on verbose mode for debugging.

Setting up public-key based authentication on a distant host

  1. Generate a local priavte/public key pair using ssh-keygen -t rsa -b 4096.
  2. Push local public-key to the server:

    ssh-copy-id -i <path/to/identity-file> user@hostname.example.com

    (this adds the key to the ~/.ssh/authorized_keys file)

Public-key based authentication not working

A possible explanation and solution is given in this blog post: https://www.daveperrett.com/articles/2010/09/14/ssh-authentication-refused/

This can happen if one manually creates the ~/.ssh/authorized_keys file on the host machine.

  • Displayed error (could be found in /var/log/secure on host or printed by the local ssh in verbose mode when attempting a connection):

Authentication refused: bad ownership or modes for directory ~/.ssh.

  • Solution:

SSH doesn’t like it if your home or ~/.ssh directories have group write permissions. Your home directory should be writable only by you, ~/.ssh should be 700, and authorized_keys should be 600:

$ chmod g-w /home/your_user
$ chmod 700 /home/your_user/.ssh
$ chmod 600 /home/your_user/.ssh/authorized_keys

You can also get around this by adding StrictModes off to your ssh_config file, but I’d advise against it - fixing permissions is the way to go.

Proxy-based ssh-ing

See this tutorial: https://doc.fedora-fr.org/wiki/SSH:_Simplifier_une_connexion_passant_par_un_Proxy

  • Scenario:
    • Distant server located at server-hostname only accessible/visible on a private network accessed through a proxy-host at proxy-hostname
  • Edit the local ~/.ssh/config file with the following set-up:
Host MYPROXYNAME  # defines the local name for the host, can be chosen freely
    Hostname proxy-hostname  # valid host location, DNS or IP address
    User username-on-proxy  # username used to connect to the proxy

Host MYSERVERNAME  # again, can be chosen freely
    User username-on-server  # username used to connect to server from proxy
    # tells ssh to first proxy through MYPROXYNAME using netcat
    ProxyCommand ssh MYPROXYNAME nc server-hostname 22
  • ssh MYSERVERNAME then allows to directly connect to the server.
    • Can be used to reference the server in other tools (e.g. rsync) on the local machine.

Setting up an SSH tunnel

  • Can be useful e.g. to set-up a TensorBoard on a distant cluster and access it locally.

  • ssh -N MYHOST -L :local-port:distant-address:distant-port

    • -L is the main option, it specifies the creation of a L ocal connection, i.e. a tunnel.
    • -N allows to not open a command-line on the distant machine and just leave the tunnel open.
    • distant-address is the address/IP/local ‘Host’ name of the distant machine to bind to. This can be (as in most cases) MYHOST’s address but can more generally be any machine accessible from MYHOST.

Example usage with TensorBoard

  • Say you have created a Host called host on your machine with IP <host-ip-address>
    • Note that some users on StackOverflow report disturbances when referring to the host with its DNS or local host name rather than the actual IP.
  • Start a TensorBoard server on the distant host with:
    • [user@host] $ tensorboard --logdir <path/to/logs/> --port 6006
  • Open a tunnel on your local machine:
    • [user@local] $ ssh -N host -L :6006:<host-ip-address>:6006
  • You can now access the TensorBoard locally by opening http://localhost:6006

You May Also Enjoy