Config Fun

I have worked with GNU screen WM for a while now and I have heard a lot of people also like it. Personally, I find the tool to be very handy when you need to run something on a remote terminal without being connected to it all the time. The idea is that I login to the remote machine using SSH, then start screen (screen -a), then start the app I need (for ex top) and then just detach the screen using <Ctrl>-A,D shortcut and disconnect from the remote server, while my top command continues running there. In while, when I need to check how thing are going with my app, I just connect back through SSH and reattach the screen by using screen -r  command.

Though top is a too trivial example of a command one may run, I use screen for real-time parsing of Nagios perf-data which is retrieved by my script (will publish it here one day) from named pipe (to which nagios writes all performance data) and then creates RRDs.

Some time ago I’ve posted a question about FTP clients for Linux.  I’ve been looking for the perfect tool since then.  And to my surprise, I haven’t found one.  Each and every application that I’ve tried had some issues that prevented me from using it on a day-to-day basis.  Most programs that I’ve tried were missing one or more of these:

• SFTP (or FTP over SSH) support.  This is beyond my understanding actually.  While the majority of web hosting companies provide FTP access to web folders, FTP has no encryption, so using it with username and password for the web site management isn’t a very wise idea.  SFTP is a much better option, where Secure Shell (ssh) with encryption of all traffic is used a transport.
• Secure bookmarks or profiles.  I have to access quite a few FTP accounts - different hosts, different usernames, and different passwords.  Without secure profile support, I have to either input all the data manually every time or use another tool for password management.  Not very convenient I must say.
• Stability.  Too many applications that I’ve tried weren’t stable at all.  They were either crashing or getting stack or, which is even worse, misbehaving.  Some of these programs were confused by misconfigured or misbehaved FTP hosts, yet others didn’t need any reason at all.  Since I am looking for a tool which I’ll use a lot on a daily basis, I want something stable.  Something, that I just works.

I’ve spent way too much time on this issue without getting to the results that I expected.  I am choosing KFTPgrabber for now, but the search isn’t over.  Here are a few words about the choice of mine:

• KFTPgrabber is an FTP client for KDE, which is my desktop environment.
• Fast and simple.
• Supports encrypted bookmarks.  Bonus feature: keeps bookmark encryption password in Kwallet.  Although I’d much rather have the bookmarks themselves stored in Kwallet.
• Supports multiple protocols, including FTP and SFTP.
• It can stay in the systray - no need for extra window or taskbar entry.
• Has convenient way to see operation logs, current and queued transfers, bandwidth utilization, etc.
• Supports threads and per-host thread configuration, which is extra nice.
• Doesn’t crash, although I managed to hang it up on a few misbehaving FTP hosts.

As I said, it’s nice and it works.  But it’s far from perfect. If you have any suggestions, please, share them via comments.  I’m all ears.

To add to my post about tunneling VNC over SSH as well as to make more clear the Securing the connection between MySQL and MySQL Administrator using an SSH tunnel post on howtoforge web-site, I would like to explain that one of the greatest features of SSH is a port forwarding. What it can do is to forward connections to a predefined local port to predefined port of the remote host or backward from remote host port to some local port through the established SSH tunnel. This is very useful feature which I utilize mostly in two scenarios:

Use service of the remote host not accessible for public

This is exactly what is described on howtoforge for MySQL administrator and what I use for VNC over SSH forwarding. Basically what happens is that I tell SSH to listen to one port on my local machine and forward all packets over the tunnel to some port of the remote host. This way I do not need to open the ports on firewall of the remote site and create more secure environment.

In addition, it is possible not only to connect to the ports of the remote machine, but to ports of the machines which can be seen by a remote site, but which are not accessible by my local machine. For example, I can use SSH tunneling to connect to a VNC desktop running in the remote LAN through the SSH service (which I have access to) running on another machine in that LAN.

To create such SSH tunnels you need to specify -R or -L switches (depending on which direction you want the forwarding to be) to ssh client as follows:

ssh -L local_port:remote_host_address:remote_port username@remote_ssh_host

for forwarding local_port of my machine to remote_port of machine with remote_host_address as seen by remote_ssh_host. For example if you want to connect to a web server running on host with address 192.168.123.23 on port 8080 and which is only accessable from inside of the 192.168.123.0 LAN and you have access to machine in the same LAN running a public SSH (lets say on address myhost.com), then you can do as follows:

ssh -L 8080:192.168.123.23:8080 myuser@myhost.com

and then you can open up a browser and navigate to page http://127.0.0.1:8080/ to see the page you need.

User support running behind firewalls by using remote port forwards

Sometimes I have situation when I need to help user who is seating at remote site, who has access to internet and to whom I have no access at all due to firewalls or other issues. In this case I create a temporarily account on my machine where I run SSH server and which is accessible from public and ask user to connect to it and user remote port forwarding as follows:

ssh -R 10022:127.0.0.1:22 temp_username@mymachine.com

When user executes this commands, he connects to SSH running on my machine then listens on port 10022 on my site and forwards all traffic to port 22 (ssh) on his machine. So the only thing left for me to access his machine is to connect to port 10022 on my PC and utilize the tunnel created by the remote user to access his PC as follows:

ssh -p 10022 username@127.0.0.1

From the first view it looks a bit tricky, but after understanding how it works, you will see that it is very easy and handy feature.

Please note that I have explained how to use ssh with native Linux ssh client. If you want to reproduce the same with PuTTY on Windows machine, then you need to look into Connection - SSH - Tunnels menu options. The -L switch is represented as Local and -R is represented as Remote options and host/ports options are represented as text inputs there.