There are several ways to set up an SSH tunnel with different types of port forwarding. There are three types of port forwarding:

•  Local port forwarding – With local port forwarding we can forward a port from our local machine to the server machine. The SSH client will listen for connections on a configured port and when it receives a connection it will create a tunnel to the SSH server.
• Remote port forwarding – Remote port forwarding works opposite from the local port forwarding. It will forward the traffic coming to a port on our server to our local computer machine and it will send back to a destination.
• Dynamic port forwarding – Dynamic port forwarding is a complex method of creating an SSH Tunnel, traversing a firewall or NAT through the use of a firewall. Communication can be established across a range of ports.

In this tutorial, we will create an SSH Tunnel using Putty and Firefox with Local port forwarding.

This setup is also useful if you are browsing the Internet via an unsecured network and you want to make your connection secure.

Pre-Requisites:

To complete this tutorial, we will have to download two pieces of software Putty and Firefox Web Browser on our local machine:

• Putty SSH Client (download)
• Firefox Web Browser (download)
• Linux-based virtual server with full SSH root access or a user with sudo privileges.

Putty Configuration

1. We need first to open Putty, then in the Session section, we need to add the Hostname(or IP address) of our server, and also SSH port is required.

2. On the left side we need to click on SSH, then choose Tunnels, add the source port number between 1025-65536. In this tutorial we have used port (4433) and make sure “Dynamic” and “Auto” are selected and click the ‘Add‘ button.

3. Click on Session, we will add a name under Saved Sessions “Putty-Tunnel” and click on the Save button. Now we need to click on the Open button and make the connection. Once the connection is open we need to enter the sudo username and password to log in.

After a successful login, please note that you should not close the SSH connection.

Firefox Configuration

Now that we have SSH tunnel, we need to configure Firefox Web Browser to use that tunnel. To work the configuration in Firefox with the SOCKS 5 protocol we have to use a local application.

First, we have to open the Firefox Web Browser and access Firefox’s menu:

We need to click on the Options icon. Find the Network Settings and click on the Settings button.

We will be prompted with a new window where we will configure the proxy configuration. We need to select the radio button for Manual proxy configuration. In the SOCKS Host field, we will enter localhost and in the Port field, we will enter the same port from our SSH connection.

We need to click the OK button to save and close the configuration.

Final steps

Now, we have successfully created an SSH Tunnel using Putty and Firefox. We can open a new tab and start with browsing the Internet via secured network. To test if everything is set up correctly we can visit a site like http://icanhazip.com/ or enter in the google search bar “whats my ip” and you should see your remote IP Address.

Of course, you don’t have to configure SSH Tunnel using Putty and Firefox, if you use one of our Server Management Services, in which case you can simply ask our expert Linux admins to configure SSH Tunnel on Linux for you. They are available 24×7 and will take care of your request immediately.

PS. If you liked this post, on how to configure SSH Tunnel using Putty and Firefox on Linux, please share it with your friends on the social networks using the buttons on the left or simply leave a reply below. Thanks.

The post SSH Tunnel using Putty and Firefox appeared first on LinuxHostSupport.

1. Disable DNS lookup on the server

The OpenSSH server has DNS lookups enabled by default, this means that the OpenSSH server will first look up the host name of the connecting host and then will check if the resolved host name’s IP address is the same as the connecting IP address.To disable DNS lookups, add the ‘UseDNS’ directive at the end of the ‘/etc/ssh/sshd_config’ file and set the value to ‘no’:

# nano /etc/ssh/sshd_config

# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes

# Disable DNS lookups
UseDNS no

2. Re-use existing SSH connection

If you open multiple SSH connections to your server frequently, it would be best to configure your SSH client to use the existing connection when creating a new SSH session.This can speed up the sessions opened after the initial connection as it avoids the overhead of establishing a new connection.

Open the ‘~/.ssh/config’ file with nano and add the following lines in it:

# nano ~/.ssh/config

Host *
ControlMaster auto
ControlPath  ~/.ssh/sockets/%r@%h-%p
ControlPersist 600

The ‘Host *’ directive above tells the SSH client to re-use the initial connection for all remote servers.

3. Setting up a password-less SSH login

Setting up a password-less SSH login is pretty easy and saves you time because you don’t have to enter a password when you open a new SSH connection.This can be done in three easy steps.

1.Generate the public/private key pair using this command:

# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): Press Enter.
Enter passphrase (empty for no passphrase): Press Enter.
Enter same passphrase again: Press Enter.
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:/LEFoGKAt/qC9NeEfIfWm988IUqJaAuYBDvuDuu/jk8 root@test
The key's randomart image is:
+---[RSA 2048]----+
| ..     .        |
|o ..   . .       |
|.o .o .   .      |
|o... . .   .     |
|ooo . o S o .    |
|.= . = * * = .   |
|=..Eo * o * . .  |
|+o+. o . +  o.   |
|+=+=o     .. o.  |
+----[SHA256]-----+

2.Copy the public key to the remote server using this command:

# ssh-copy-id -i ~/.ssh/id_rsa.pub remote-server
root@remote-server's password:
Now try logging into the machine, with "ssh 'remote-server'", and check in:

.ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.

3.Log in to the remote server to check if the password-less login is working:

# ssh remote-server

Last login: Thu Dec 28 20:10:38 2017 from 10.20.30.4


root@remote-server$

If everything goes well you should see the output displayed above.

4. Changing the encryption used by the OpenSSH server

Changing the default cipher order for the SSHv2 protocol on the OpenSSH server can further speed up SSH connections as some ciphers can encrypt data faster than others.
For Ubuntu 16.04 the default order according to ‘man ssh_config’ is:

The default is:

	chacha20-poly1305@openssh.com,
	aes128-ctr,aes192-ctr,aes256-ctr,
	aes128-gcm@openssh.com,aes256-gcm@openssh.com,
	aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc

If you do have a server which supports the new AES-NI instructions it would be better to change this order and add it to the end of the ‘/etc/ssh/sshd_config’ file like this:

# nano /etc/ssh/sshd_config

# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes

# Disable DNS lookups
UseDNS no

# Change the order of the ciphers used
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,chacha20-poly1305@openssh.com,3des-cbc

According to several benchmarks available online, aes128-ctr is twice as fast as chacha20-poly1305 on processors that support the AES-NI instructions so if you have a high-bandwidth connection to your server the file transfer speed should increase significantly after making the change.

That’s it, now your SSH connections should be a lot faster.

Of course, you don’t have to Speed Up SSH Connections in Linux, all by yourself, if you use one of our outsourced linux support services, in which case you can simply ask our expert Linux admins to speed up the SSH connections on your Linux server for you. They are available 24×7 and will take care of your request immediately.

PS. If you liked this post on how to speed up SSH connections in Linux, please share it with your friends on the social networks using the buttons on the right or simply leave a reply below. Thanks.

The post Speed Up SSH Connections in Linux appeared first on LinuxHostSupport.

We will split this guide into two sections and explain how to generate an SSH key pair on both Linux and Windows operating system.

1. Generating SSH keys on Linux

In this section, we will go through how to generate an SSH key pair on a Linux or any other Unix-like operating system.

To generate the SSH keys, simply run the following command from your local computer:

ssh-keygen

You can just press Enter to leave the default values of all the questions. Optionally, you can also set a passphrase for your key, or just press Enter again if you don’t want to.

Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:BKK3yDVgXXIs3mdeb/XjJtVtLlbdM8AFnaMPdvqcTNg root@localhost
The key's randomart image is:
+---[RSA 2048]----+
| o.oo+       .o .|
| . oo+..       = |
|  ..+o .    . o .|
| . +.o..o .  *.. |
|  o .  +S. ...O.=|
|        .   oo EO|
|           .  B+=|
|             .oB.|
|             .o. |
+----[SHA256]-----+

This will create a 2048 bit private and public key (id_rsa and id_rsa.pub) in the /root/.ssh/ directory on your local system.

Next, you will need to upload the generated public key to your remote server.

First,  create a new .ssh directory on the remote server with the following command:

ssh root@remote_server mkdir -p .ssh

Next, you need to copy the public key into the authorized_keys file on the remote server, with the following command:

cat /root/.ssh/id_rsa.pub | ssh root@remote_server 'cat >> /root/.ssh/authorized_keys'

Change the permissions of both the .ssh directory and the public key.

ssh root@remote_server chmod 700 .ssh
ssh root@remote_server chmod 600 .ssh/authorized_keys

Now, login to your server and open the SSH configuration file:

nano /etc/ssh/sshd_config

Make sure the following lines exist and are not commented:

RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile %h/.ssh/authorized_keys

Save the changes and restart the SSH service:

service sshd restart

That’s it. From now on, you will be using the SSH keys every time you try to connect to your remote server.

2. Generating SSH keys on Windows

If you are using the Windows operating system on your local machine, then you will need PuTTY for connecting to your server via SSH and PuTTYgen to generate your SSH keys. You can download the latest versions over here.

To generate the SSH keys, go ahead and start PuTTYgen on your computer.

At the bottom, you can choose the number of bits for your generated key. Type in 4096 and then click on “Generate”. Start moving your mouse around over the blank area in the PuTTYgen screen in order to generate a unique key based on your mouse movement input.

When the green progress bar fills in, the public key will be generated. You can copy they key and save it inside a .txt file on your computer.

To save the private key, you will need to click on the “Save private key” button. Additionally you can also set a “Key Passphrase” for your private key that you will need to use everytime you log in to your server using your key.

Now you can open PuTTY and assign the location of your private key. Click on “SSH” under the “Connection” menu and then click on “Auth”. Click on the “Browse” button and enter the location of your saved private key file.

Next, you will need to upload the public key to your server. To do this, click on “Session”, enter your IP address and the SSH port number of your server, select SSH for Connection type and click on “Open”.

You will be asked for your username and password. You can log in as user root, using your root password.

Once logged in to your server as user root, you will first need to create the .ssh directory:

mkdir /root/.ssh

Then create the “authorized_keys” file inside the .ssh directory and add the contents of your public key inside this file:

nano /root/.ssh/authorized_keys

Make sure you save the file. Additionally, run the following commands to update the permissions:

chmod 700 /root/.ssh
chmod 600 /root/.ssh/authorized_keys

You can also open the SSH configuration file on your server with:

nano /etc/ssh/sshd_config

and make sure that the following lines exist and are not commented:

RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile %h/.ssh/authorized_keys

If any changes have been made, you will need to restart the SSH service with:

service sshd restart

With this, the SSH keys have been successfully configured. You can now disconnect from your server and exit PuTTY. The next time you try to connect to your server, PuTTY will use the public key that you have set up in order to establish the connection.

Of course, you don’t have to set up ssh key by yourself  if you use one of our outsourced server support services, in which case you can simply ask our expert Linux admins to help you set up the SSH keys for your server. They are available 24×7 and will take care of your request immediately.

PS. If you liked this post on how to set up SSH keys, please share it with your friends on the social networks using the buttons on the left or simply leave a reply below. Thanks.

The post How To Set Up SSH Keys appeared first on LinuxHostSupport.