Timothy Wood - SSH Tips

SSH Tips

SSH has many uses. Here are a few of them.

Editing Files over SSH

Hopefully you know how to edit files directly on a server using SSH and a text editor like vim or emacs. For larger edits, it can be nice to use the text editor on your local machine. One approach is to download the file and re-upload it after making a change, but this way you can easily lose track of what you've uploaded and what you haven't.

One way to make this easier is to use an SFTP program that supports opening files in an external editor, such as Cyberduck. Cyberduck allows you to upload/download files to an FTP or Secure FTP server (i.e., over an SSH connection), as well as directly open a file in your favorite text editor. When you save the file in your own editor, cyberduck detects this and automatically uploads the file to the server. Very handy! Cyberduck is free and works in Windows and OS X.

Another option is to find a text editor that supports accessing SFTP servers itself. One possibility is jEdit with the FTP plugin. This adds a new option in the menus to "Open from SFTP" or "Save to SFTP".

SSH Web Proxy

You may know how to use SSH to log into remote servers, but it has many more powerful uses. SSH creates a secure link from your computer to a server. Here is how to then use that link to encrypt your web traffic at a cafe, access your university's library remotely, or create a tunnel to other secure internal servers.

You can easily use SSH to create a proxy server for your web browser. This will make it so that all of your web requests are sent over the encrypted connection to the SSH server before being forwarded on to the actual web server. This can be useful for two main reasons:

All of the requests you send are encrypted, hiding them from anyone on the same network as you. This can be nice if you are in a cafe or the airport and you are concerned about eavesdroppers on the wifi network. Note however that the encryption only lasts from you to the SSH server–someone could set up an eavesdropper at that point and overhear your transmissions. Thus the only truly secure web browsing is that done over HTTPS.

Your web requests appear to be sent by the SSH Host. This is mainly useful if the SSH Host is able to access some websites which you normally cannot. A prime example of this is University Library sites which have subscriptions to academic journals (e.g., http://portal.acm.org). If you are within the university, you get the benefit of this subscription and can access all articles, but if you are at home you lose your access. By connecting to an SSH proxy host within your school, you can trick the site into thinking you are within the university network even if you are not.

To create an ssh proxy connection, run a command like the following on your own computer:

ssh -D 9999 -N -vvv username@school.edu

The -D 9999 flag tells ssh to create a proxy connection that is exposed on port 9999 of your computer and connects to the remote server (school.edu). The -N and -vvv flags prevent ssh from opening a terminal on the server and enable verbose output respectively.

Now you need to configure your web browser to use the proxy connection you just set up. The exact steps depend on your browser, but typically you must find a Networking preferences menu. Then set the SOCKS5 proxy to the hostname you have connected to. If you are using Firefox, you can use the FoxyProxy plugin to easily change your proxy settings or even have it automatically enable the proxy just for special URLs.

Remember to reset the proxy settings when you close the SSH tunnel!

learn/ssh.txt · Last modified: 2013/03/08 13:40 by twood