Sometimes you get a web-hosting environment that only serves non-ssl (http) content. If you need to do any type of management through tools like phpMyAdmin, then you can see the problem with this. All it would take is someone on your network or on the Internet to sniff the traffic and retrieve your username and password, then they too can do a bit of “management” on your site.
If you also have secure shell (SSH) access, then there is a way to manage your site securely by using SSH’s venerable port forwarding (SOCKS). The trick is to tell your management tools to only listen or respond to connections coming in over SSH instead of normal traffic.
Recently there was a need to visit a US based website to verify some personal information. Apparently there are ‘rules’ about who is geographical allowed to get access to the site which means that a citizen of said country cannot access the site from outside of the US.
I will not get into the absurdity of such security mandates, instead we will go around the problem and get our information that bureaucracy tried to prevent.
The general idea is to use a proxy inside the US that will allow us to hop over the geographical firewall. I do not trust open proxies by default because of their ability to sniff traffic. I do however have access to a secure shell (SSH) in the US that I can use.
Kabouter is Dutch for gnome and also a tool to connect to a range of IP addresses via ssh. It uses gnome-terminal to manage the sessions which, for me, seems more natural than some of the other 3rd party SSH applications available.
Usage is simple:
[email protected]:~$ kabouter ampli 172.19.18.65 172.19.18.96
This creates a gnome-terminal session with 32 tabs connecting to the range of SSH enabled machines. This works very well when using it with SSH Multiplexing which then gives you a way to automate remote commands through SSH without needing secure key authentication and without having to authenticate each time you want to run a command.
How it works:
By changing the way you ssh to a machine, you can reuse your initial ssh connection to save time when connecting.
Edit your ~/.ssh/config file to have this:
ControlPath ~/.ssh/sockets/%[email protected]%h:%p
We avoid problems of reusing the default /tmp but storing our connections in their own directory.
Be sure to create the directory:
mkdir -m 700 -p ~/.ssh/sockets
Okay, say you have a server, you have to ssh to this server … say 20 times a day?
It gets irritating having to login and type your password repeatedly. Not to mention it can be insecure if anyone is sniffing the network.
So on your desktop machine you want to create some keys. This can be done with the following command: Read more