Tag Archives: Massachusetts Institute of Technology

Linux & SSH Tunneling: What It Is, How to Do It

 

Chrome's Secure Shell is a winner.. days of st...

Secure Shell (SSH) access is granted for our GridPRO and GridMAX hosting packages. Let’s look at what it is and why it might be useful. It really is a nifty tool – for port forwarding to get around firewall restrictions and send email remotely via your own server.

We will focus specifically on using SSH methods within a Linux hosting environment – however, I’ll briefly note below how to access Windows clients for similar purposes. Be aware that the latest version of SSH is SSH-2, but SSH protocol is typically referred to simply as SSH regardless of version.

For this article, I looked at several pieces around the web for multiple perspectives on the topic: “What is SSH?” from the University of Pennsylvania, “Secure Shell” from Wikipedia, “X11 definition” from The Linux Information Project (LINFO), “Secure Shell (SSH)” from Tech Target, “Quick-Tip: SSH Tunneling Made Easy” from Revolution Systems, “Accessing the Linux Terminals Remotely with SSH” from the University of Illinois, and “5 Basic Linux SSH Client Commands” from The Geek Stuff.

Below we will get a sense of what SSH is, how to use it, why to use it, and a few basic SSH commands. In other words, this article is all about usability and helping you understand the basics of implementing SSH tunneling for your network. Additionally, we will explore how SSH tunneling can be used to dig your way out of federal prison.

How to dig your way out of prison using SSH #1: A prison break isn’t easy these days, but soon we will all be sent there for tax evasion, provided everyone else is as loosey-goosey with federal forms as I am. That’s why SSH has become so critically important for lifer federal inmates if they ever again want to see the light of day. The prison version of SSH or Secure Shell tunneling is not an IT term. Rather, it refers to wall-digging with a smuggled conch shell that you have hidden away securely in your cell.

SSH – What it Be?

SSH (aka Secure Shell or Secure Socket Shell) is a protocol that encrypts information, similarly to an SSL certificate, allowing data to transfer securely. This data could be shell commands, other network administration, file transfer, etc. The connection is typically between two devices, a server and a client, on an unsecured network. The server runs a program specific to SSH server application, and the client runs one applicable to an SSH client.

Typically SSH is used to access shell accounts on UNIX-like OSs. It is also sometimes used for Windows accounts. It is the successor to Telnet, rsh, and rexec – none of which are cryptographic. Whereas similar methods are susceptible to packet analysis, SSH both protects the data and keeps it from unwanted manipulation.

SSH tunneling also sets itself apart from other ways to remotely log in to a network by encrypting your login credentials so that malicious parties can’t see them as they’re typed. Additionally, SSH establishes X11 connections. Because SSH establishes X11 connections, DISPLAY does not have to refer to remote devices. A few words on X11:

What is X11? X11 is the newest version of the X Window System, also known simply as X. X is the most commonly used management system for GUIs on UNIX and similar OSs. The first version of X by the Massachusetts Institute of Technology (MIT) was the original OS that was completely free of any crucial ties to either hardware or vendor specifications.

By version X10, X had become increasingly popular, but its lack of hardware neutrality effectively hindered its growth – hence the development of X11, which required outside assistance from MIT via the tech firm DEC. DEC provided X11 as free open-source software. According to the Linux Information Project (LINFO), “X … represents one of the first large scale open source software projects, and it set a precedent for the development of Linux, which began just a few years later.”

SSH is just one type of program to login remotely and securely transfer files. SCP is an example of an alternate protocol for conducting the same task.

How to dig your way out of prison using SSH #2: All right, it’s 2 a.m. Grab your shell, and let’s get to work. See that weak point in the wall right behind Roscoe’s bunk? That’s the place. You saw Shawshank Redemption, right? Good, because I didn’t. Apparently digging a tunnel can get you out of prison … makes sense I guess. It’s a little uncomfortable, not for the claustrophobic. As far as that goes, if you want to protect your mind, err on the side of wider and taller. Really make that tunnel spacious. With prison-break SSH tunneling, it’s all about process, not end result. Make it beautiful. Put some pictures of your family on the walls. Get inspired.

Basics on SSH Use: 3 Commands

Per The Geek Stuff, here are 3 basic commands for SSH tunneling.

1.)    Identify the client

You may need to identify the version of SSH client you are using. (Note that Linux standardly includes OpenSSH.) Here’s how you can achieve that:

$ ssh –V

OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003

2.)    Login to your remote host

Use the following command to log in to the remote device:

localhost$ ssh -l jsmith remotehost.example.com

When you initially log in, you may get an error message stating that the host key is not found. Click Yes to proceed. You can add the host key within the directory .ssh2/hostkeys.

To get a public key’s fingerprint, use this command:

% ssh-keygen -F publickey.pub

Log in again. Now it will only ask for your password. The host key is recognized.

Note that occasionally the host key will not be recognized, and you will receive another error message. This message could be due to malware or just because the software or remote host credentials have been updated. The wisest thing to do is contact the sysadmin to determine why the host key doesn’t work.

3.)    Transfer files between local and remote devices

This process is conducted with a simple one-line command. To copy a file from the remote host over to the local one, use this script:

localhost$scp nancypants@remotehost.mamasbakery.com:/home/nancypants/remotehostcupcakerecipe.txt remotehostcupcakerecipe.txt

To copy from the local one to the remote one, use this:

localhost$scp localhostcupcakerecipe.txt nancypants@remotehost.mamasbakery.com:/home/nancypants/localhostcupcakerecipe.txt

How to dig your way out of prison using SSH #3: Hey what’s Roscoe doing back there? Roscoe, get out of here. No, Roscoe, make your own tunnel. Two people in one tunnel is too many. Am I trying to escape? Sort of. I also just like digging. I’m a digger by nature. The entire family on my father’s side was badgers. Yeah, my mom’s weird. Yep, badgers dig. You didn’t know that? They love digging. Anyway, so do I. If I do eventually burrow through to open air outside of the prison, it’s going to be a bittersweet moment.

Example: Use of SSH – Port Forwarding When Travelling

The author of the Revolution Systems piece uses SSH tunneling on his Linux/Unix PC to transfer data between his local account and a remote account – specifically for port forwarding to allow email to send through his own server and allow capabilities otherwise not possible in firewalled, excessively tight environments. Let’s look at these two scenarios.

Emailing from Restaurant or Hotel WiFi:

Any e-mails he sends go from his computer to his server, where they are then transmitted to external parties. This route allows not having to change Simple Mail Transfer Protocol (SMTP) servers or use specialized software when operating within firewalled public environments such as WiFi hotspots. Here is how you can use SSH tunneling for that.

1.)    First, you need to use an SSH client such as OpenSSH. Here is the portable version. (Note that for Windows and Mac, you can check out this page for the former and this one for the latter.)

2.)    Within OpenSSH or another similar program, type the following into the command prompt:

ssh -f user@personal-server.com -L 2000:personal-server.com:25 -N

What does all this mean?

  • ssh – Instructs your PC and the server that you’re using secure shell protocol
  • -f – Instructs SSH to retreat to the background
  • user@personal-server.com – Designates your username and server, specifying the appropriate account/location
  • -L 2000:personal-server.com:25 – This designates the local port, host, and remote port, specifying the channel for transmission of data
  • -N – Tells the SSH client not to execute any commands on the server.
  • Bottom Line @ This Point: Your local port 2000 (PC) is now sending everything over to remote port 25 (server). Plus, it is completely encrypted.

3.)    Go into your email settings, and use localhost:2000 as your SMTP server.

4.)    Celebrate. Send a spam email to all your relatives letting them know you’re living in an encrypted wonderland they may never know.

Accessing Restricted Functionalities:

You can also use port forwarding as a workaround when a firewall won’t allow you to communicate in certain ways on the web. The example used on Revolution Systems is inability to use Jabber to interact with Google Talk. The following technique can be used to get around that particular scenario.

1.)    Again, enter OpenSSH or similar.

2.)    Enter the following command:

ssh -f -L 3000:talk.google.com:5222 home –N

What does all this mean?

  • talk.google.com – the Google Talk server.
  • home – SSH alias for his personal server

3.)    Go into Jabber client settings and configure it to use localhost and port 3000. (The traffic doesn’t send from those, though, but forwarded via the server.)

4.)    Call your mistress and tell her you can do the thing on the thing now.

How to dig your way out of prison using SSH #4: Roscoe, are you with the warden? There are three of us in here now? This is nuts! Why have I created a hookah café within the walls of the prison? Well, that’s a reasonable question, warden. Would you like to use the hookah? I’m not hogging it. It just keeps me calm when Roscoe and the warden find me in my SSH tunnel, and similar situations. Have a seat, warden. You’re making me nervous.

Summary & Conclusion

Those are a few basic techniques for SSH tunneling. You should now know how to log in securely and transfer files between two devices on an unsecured network. Additionally, you should be able to get around some of the firewall restrictions you experience while travelling – via an enhanced ability to use your server’s parameters rather than those of a WiFi network.

Finally, you will be able to enjoy a cup of Turkish coffee and berry-flavored hookah inside the walls of a minimum-security prison. Put that conch shell down, Federal Inmate #38475-99873. It’s time to party.

by Kent Roberts and Richard Norwood

IP Backbone, Server Location, Distance Delay, and Romancing Your Hardware

 

This image was selected as a picture of the we...

You’ll note that on the front-page of the Superb.net site, we mention our “coast-to-coast IP backbone.” We mention this prominently because we know how crucial IP location can be to the success of the websites using our services. Let’s look at why.

IP addresses identify a machine accessing the Internet. For an end-user, it is associated with the device with which the person (well, or bot, such as Google’s crawlers) is accessing your site. It can refer to a PC, for instance, or a router for a network, or even a mobile device. In hosting, it refers to the server that is delivering the data, that is answering the request from a user and responding with the page and/or content the person is trying to access.

This article will gather and distill information on IP addresses (or Internet Protocol addresses) so we can better understand how they relate to hosting and the Web generally. Having a strong IP presence can be crucial to delivering the Web quickly and efficiently to anyone visiting your site – and to accessing the network yourself for administration, internal usage, and interaction with your clients.

Specifically, the physical location of a server can cause distance delay, latency related to how long it is taking for the request to be received, processed by the server, and fulfilled to the end-user. Minimizing distance delay, means choosing a host that has servers near your primary clientele. Search engine optimization can also be affected because Google takes into account the location of an IP address in SEO rankings.

For this article, I referenced pieces from the Massachusetts Institute of Technology, Web SEO Analytics, Binary Turf, Service Assurance Daily, and About.com.

How to keep your server happy #1: Never just think of your server as “my server.” Call it by name – by its IP address (or its host name, but that seems unnecessarily complicated). The server has a unique identity, and it wants you to treat it that way. An unhappy server is a server that feels anonymous, like it could be any server. Never forget your server’s IP or, for that matter, your anniversaries with the server. Bring it out to dinner. Treat it right. Put stickers on it that say “#1” and “Champion” and “I Love You.”

IP Addresses & Host Names

There are two basic ways to refer to any server: IP address and host name.

  • What’s an IP? It’s a series of numbers divided into four sections by dots (that’s periods, for those of you who haven’t been exposed to the hip new web lingo). The first section or first two sections of numbers designate(s) the network of the device. For example, one of Google’s IP addresses is 74.125.224.72.
  • What’s a host name? Thanks for asking. Instead of numbers, a host name is the name of the device, followed by your domain name. So perhaps you have a server called worldsbestserver.schoolofhardknocks.edu.

The Domain Name Service (DNS) turns host names into IP addresses and IP addresses into host names. For instance, when you request a certain URL, it switches the URL to the IP so it knows what server to access to fulfill your data request.

You may be able to pull up Google, with the IP mentioned above, directly by going to http://74.125.224.72/ (skipping the DNS server and going straight to the server itself), but that will only work for certain locations, based on the location of your IP address. Entering an IP to access a page can work because the IP and the URL are essentially one and the same: they both refer to a machine on which data is originating and being received from other web-connected devices.

How to keep your server happy #2: Tell your server that you want to grow old with it. Tell it you’ll never perform brain surgery on it to improve its performance. Your server wants you to know that it has feelings, just like people do. If your server looks bored, give it something to do. It doesn’t matter what the task is. Your server just wants to process data all day and all night. It also likes to knit and to hear Kenny Chesney blasted through the speakers of a boom-box you bought at a yard sale.

Specifics on the IP Address

All devices that can connect to the web – cell phones, computers, tablets, servers, whatever – have an IP address. This address is made up of four numbers separated by dots, as stated above. Each of those numbers ranges from 0 to 255.

Let’s look at specifics for MIT as described in that article. One of the servers at MIT is 18.72.0.3. Either the first two parts or the first part of the IP can refer to the network, as discussed above. In the case of MIT, it’s just the first part. The 18, then, signifies the MIT network. The rest of the IP address points to a specific computer or server within the MIT network. It’s similar, in a way, to subdomains of sites (don’t think about that too much – just talking about the main part and sectioning part here, folks).

You might notice that these numbers range from 0 to 255 – which at first seems kind of arbitrary. Actually, though, 256 (the possible number of options including the zero) is 8 cubed. The IP system, then, is compiled of four 8-bit binary numbers (each of them referred to as an octet). The entirety is a 32-bit binary number.

How to keep your server happy #3: Your server does not enjoy it when you surround yourself with other servers. This makes the server extremely jealous. If you must use other servers for your business, sit down with your server beforehand and explain to it the principles of change and growth and how important they are to success. Your server may complain, but it will understand – because above all, it loves and supports you.

Server Location & SEO

People often make the mistake of thinking that the virtual environment of the Internet is cleanly separated from physical reality: sure, servers populate all the information, but as long as the servers are functional and fast, everything else is in the content. This, however, is not the case. Google and Bing both use geographical location of the device answering requests for your site (your server) to determine your rankings.

The location of the server is especially important if your TLD does not designate your country/region and if you do not activate Geographic Targeting within your Google Webmaster account. Example TLDs that do not specify location are .com and .net.

Web SEO Analytics mentions their extraordinarily high SEO presence for Romania-related searches and generally for searches conducted from Romanian IP addresses. This presence is exemplary of the power of where a server is positioned on the globe, because that’s the nation where the WSA servers are located.

How to keep your server happy #3: Never give it a bath. Baths are terrible for servers. They hate water. Plus, if you threaten to give your server a bath, it will cry. Servers hate crying more than anything else, with the notable exception of sneezing.

Location & Faster Page Loads

You are probably aware that latency – defined as delay within a system, in this case the Internet – is a major factor in keeping your audience happy. You may also be aware that latency or page load times affect your SEO as well. Latency will be affected by where your servers are located – so this aspect of performance represents not just speed, but a secondary impact on your SEO rankings.

The importance of an IP backbone that is closely integrated with your clients’ locations is that you can answer requests quickly because you’re nearby. The difference between load times throughout a single home country will be minimal and for the most part unnoticeable. However, if servers are located on the other side of the Earth, you can quickly run into latency issues.

Why does latency matter, again? Well, really it’s because of UX. Google and Bing will thank sites that quickly load pages for visitors because it represents a better user experience, a better effort to quickly dispense information to those requesting it. Plus, UX relates directly to customer satisfaction. If your latency is high, customers will become discouraged and go elsewhere.

How to keep your server happy #4: Take it on a vacation. Many owners and leasers of servers never consider taking the server out to a place it’s never been before. There’s nothing like running your fingers through your server’s hair on a beach in the Virgin Isles. Ah, can’t you smell that salt air now? Your server enjoys wearing tight-fitting sunbathing outfits but does not like to scuba dive or snorkel. Go underwater yourself, and tell it what you saw. Oh, and no sunscreen for your server, except on its nose.

Types of Latency

Latency is a complex topic. There are actually a number of different factors that will slow down the flow of information on the web. Latency on a network is broken up into the following five components:

  • Distance delay
  • Serialization delay
  • Queue delay
  • Forwarding delay
  • Protocol delay

As you can see, there are many aspects of the web that can impede your ability to quickly deliver quality content and information to your visitors. Location of your servers is a simple way to improve the latency and keep your customers’ UX as fast and relaxing as possible. It is probably obvious that distance delay is the form of latency we can address with geographical location.

Distance delay, according to Service Assurance Daily, is the delay caused by the distance between the two machines that are communicating on the web (typically the user device and your server). This type of latency can majorly impact the performance of applications that have to interact numerous times with your server, each time creating hindrances to your network’s ability to interact quickly and smoothly with all users.

How to keep your server happy #5: Give it everything it ever requests. Many servers are needy. You have two possible responses to server neediness: give it everything it asks for, or complain and debate with it to determine if what it’s requesting is really required. Trust me: it’s easier to just give the server everything you own. It’s more efficient that way, and the last thing you want is a vindictive court battle with a machine.

Summary & Conclusion

Server location is simple really, which is why it’s not hard for Superb Internet to know we need an IP backbone: the backbone both makes it easy for you to access us and for your customers to access your site. Remember, your SEO from server location is one thing. Latency, though, in the form of distance delay, will also affect SEO and can greatly enhance all users’ experiences on your site. Plus, you yourself will experience decreased latency if your servers are nearby.

by Kent Roberts and Richard Norwood