ssh trick – ssh to remote host with bastion host

Lot of times, you have to ssh to a server with bastion host. If you dont know what is bastion host then see this:

bastion host

 

Now, in such cases, either you add an entry in “~/.ssh/config” to route the ssh through the bastion host or do ssh to bastion host and then ssh from there to the actual host. But wait, there is always a better way:

 

ssh -t <bastion host> ssh -t <actual host>

You can use the usernames as required for the 2 hosts and then you will have to enter passwords, first for the bastion host and then the actual host.

BTW, you can use tunneling options as well with the above command.

https site available now with cert from cacert.org

More about cacert.org :

 

CAcert.org is a community-driven Certificate Authority that issues certificates to the public at large for free.

CAcert’s goal is to promote awareness and education on computer security through the use of encryption, specifically by providing cryptographic certificates. These certificates can be used to digitally sign and encrypt email, authenticate and authorize users connecting to websites and secure data transmission over the internet. Any application that supports the Secure Socket Layer Protocol (SSL or TLS) can make use of certificates signed by CAcert, as can any application that uses X.509 certificates, e.g. for encryption or code signing and document signatures.

If you want to have free certificates issued to you, join the CAcert Community .

If you want to use certificates issued by CAcert, read the CAcert Root Distribution License .This license applies to using the CAcert root keys .

So, now you can reach out to https version… dont be scared if you get that un-verified certificate, you can import the cacert.org root certificate.

ssh authorized keys – limit ssh session to custom command

If you want a ssh key to be able to run a custom command only and nothing beyond that, then you can use the “command” option in the authorized_keys file of ssh.

 

For example, to limit user to run only top command with a key, you can add the key like this:

 

echo 'command="/usr/bin/top" ssh-rsa ' >>~/.ssh/authorized_keys