ssh black arts, chook-fu

Anthony i.lurve.linux at gmail.com
Mon Jul 11 06:12:50 UTC 2011


A conversation between Octatron and Gorilla on the 11th of July about
the details of ssh farming

Octatron> Has anyone here mastered the black art of ssh tunnelling?

<gorilla> Kind of... But waiting on approval on requisition for more
chickens to sacrifice on the next full moon.

<Octatron> gorilla: Cool well I have chickens wanting to run through
chookhouse 5900 running ssh to another chookhouse at 5900 what gates
(ports) need to be opened? 22 + 5900? and do the farmers have to
exchange just their public keys or that and their private keys both ways?

<gorilla> Basically you are creating a chook run as hutch 5900 at you
local chookhouse. Any chook entering that hutch will be transported via
hutch 22 to the remote chook house and then to 5900 on the desintation
chookhouse

<gorilla> the following should get you close: ssh -L
5900:localhost.localfarm:5900 remote.chookhouse.farm

<gorilla> regarding the exchanging keys to the chookhouses, the same
rules apply as straight ssh.

<Octatron> gorilla: Thank you I'll give that a burn however when I do
that and it asks for a password, is it for the ssh password or root
password and for which chookhouse?

<gorilla> it should be the ssh password for the remote chookhouse. Ahh.
if you are trying to connect as root or root at remote.chookhouse.farm then
you need to ensure that you are allowing root to loginwith password or
exchange the appropriate public keys.

<Octatron> gorilla: Do the public keys on both farms have to be placed
in each chookhouse ~/? or the private keys as well? or is it one way

<gorilla> just the public keys. Get standard ssh from one chookhouse to
the other working first and then move to tunneling 5900.

<Octatron> Gorilla: ok so is it a case of handing the keys over manually
to a certain folder from a certain folder? or do I simply run a
command?  Also, do I need to cut the keys first by running a command to
create them then transfer, or do they already exist and I simply move
them? Thanks for this btw

<gorilla> Octatron: yes, just copy the relevant key over. best to cut
and paste the relevant line from .ssh/id_[rd]sa.pub (I'm going from
memory here)

<Octatron> gorilla: kewl, so for each farm I might have say
.ssh/id_farm1.pub then id_farm2.pub etc and this would need to put into
the machine I wish to pipe too from the one wishing to connect

<gorilla> Octatron: yes, or you can use the same .pub file for all
machines. It simplifies admin but if the same key is compromised that
all the farms becomes accessible.
* gorilla wonders if we should post the transcipt of this irc conversation.

<Octatron> I was just thinking the same thing, I think we should :P

<Octatron> I suppose the only other thing than is to setup putty on all
non-linux (Windoze) pc's and move it's repective windoze_putty.pub key
across to the Linux.farm.box and watch those chooks fly!

<gorilla> Octatron: Windows... off with their heads!

<Octatron> gorilla: no no.. off with their cash!
* gorilla prefers his chooks to be headless. No need for a GUI.

<Octatron> Thank-you I've got it working now.. I didn't put the username
in on username at remote_chookhouse.farm when piping the hutches! so it was
attempting to connect to the root chookhouse silly me!

<Octatron> I tried setting up a VPN but found out too late you need
server 2008 for windoze users to connect more than one user and it was
super touchy and slowed the network down majorly.. businesses need a way
to securely access files remotely from the roadside or elsewhere

<gorilla> Ahh.. Yeah. no rooster connections.

<Octatron> Yeah I don't like to root with cockpit connections unless
it's needed :P

<Octatron> gorilla: all cockfighting aside, is their a command I can run
to check the chookhouse 5900 is really running through hutch 22?

<Octatron> *thinks someone should make drag and drop gui for setting up
ports and pipes with chookhouses down each side*

<gorilla> Octatron: It will show up in netstat on the local machine.

* head_victim lets a bunch of chickens loose in the channel

<Octatron> Seems netstat doesn't show me port 22 being used? do I have
to indeed pipe it to grep ssh?

<Octatron> I mean netstat doesn't show me the hutch 22 being used are
the chooks running though another hutch somewhere or did the fox get them?

<Octatron> hey head_victim welcome to the farmers market :P

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-au/attachments/20110711/e14b0056/attachment.html>


More information about the ubuntu-au mailing list