SSH

ESXi 4 – Tech Support Mode

Tech Support Mode (TSM) provides a command-line interface that can be used by the administrator to troubleshoot and correct abnormal conditions on VMware ESXi hosts. TSM can be accessed in two ways:
  • Logging in directly on the console of the ESXi server
  • Logging in remotely via SSH
Both of these methods can be disabled, and an optional timeout value can be configured to disallow local and remote TSM access after the specified timeout period.

Enabling and Accessing Tech Support Mode

To enable local or remote TSM from the Direct Console User Interface (DCUI):
  1. At the DCUI of the ESXi host, press F2 and provide credentials when prompted.
  2. Scroll to Troubleshooting Options, and press Enter.
  3. If you want to enable local TSM, select Local Tech Support and press Enter once. This allows users to login on the virtual console of the ESXi host.If you want to enable remote TSM, select Remote Tech Support (SSH) and press Enter once. This allows users to login via SSH on the virtual console of the ESXi host.
  4. Optionally, if you want to configure the timeout for TSM:
    1. Select Modify Tech Support timeout and press Enter.
    2. Enter the desired timeout value in minutes and press Enter.
  5. Press Esc three times to return to the main DCUI screen.
To enable local or remote TSM from the vSphere Client:
  1. Select the host and click the Configuration tab.
  2. Click Security profile > Properties.
  3. Click Local Tech Support or Remote Tech Support (SSH) and click Options.
  4. Choose the desired startup policy and click Start, then click OK.
  5. Verify that the daemon selected in step 3 shows as running in the Services Properties window.
To configure the TSM timeout value using the vSphere Client:
  1. Select the host and click the Configuration tab.
  2. Click Advanced Settings.
  3. Change the UserVars.TSMTimeOut field to the desired value in minutes.
  4. Click OK.
To access the local TSM:
  1. At the main DCUI screen, press ALT+F1 simultaneously. This opens a virtual console window to the host.
  2. Provide credentials when prompted.Note: When typing the password, characters are not displayed on the console.
To access the remote TSM:
  1. Open an SSH client.
  2. Specify the IP address or domain name of the ESX host.Notes:
    • Directions may vary depending on what SSH client you are using. For more information, consult vendor documentation and support.
    • By default, SSH works on TCP port 22.
  3. Provide credentials when prompted.

Tunneling Firefox traffic over SSH

Paranoia, Security or Privacy Issues; All are reasons why I tunnel my web traffic though a SSH Tunnel via a remote machine.  In most cases I do this because I do not trust the network I’m on and don’t want to send unencrypted traffic through it.  In some cases firewalls or local network DNS prevent me from connecting to services I want.

I will be explaining how I make this possible with a few simple steps.

Requirements:  Remote SSH Servers (trusted) and a local SSH Client on the computer being used.

Hints:  Install Open SSH to the local machine or use Putty

For your reference:  Client (is the machine you are using), Server ( is the remote machine)

Establishing the SSH connection.

In most cases the client computer will have many unused ports which can be used as your proxy port.  Normal proxy client configurations use ports such as 8000, 8080.

There is no set requirement to use those ports.

I typically used my tunnels for more than just Firefox so I issue the following commands when connecting to my server:  ssh –D localhost:8080 user@remote-server-address

Tip:

In putty:  Enter the PuTTY Configuration and go down to SSH > Tunnels – define and source port number and then choose the dynamic and click [add].  You will see D<the port number chosen> in the foweard ports field

The –D used above is for dynamic as I am not setting up just a single tunnel, but want to allow more than one connection.  And now you have a tunnel, so what next?

 

Configuring Firefox to use the Tunnel

In a previous post I informed you on how to set Firefox to tunnel its DNS request over a socks proxy.  Keep in mind; this is done so that all DNS looks are done by the remote server doing the tunneling.  So it’s important that the remote server can perform lookups

In Firefox, find your way to the Preferences and Settings to configure how Firefox connects to the internet.  Select manual proxy configuration and enter in the name ‘localhost’ or 127.0.0.1 in the SOCKS host test field, you will also need to use the port configured during the establishment of the tunnel to the remote server.   Click Apply and OK to exit from this area and at this point (if you configured Firefox to also tunnel its DNS) all your traffic will be encrypted and sent over your SSH Server.

Closing tip: You can also do this with many other programs, so give it a try and enjoy your paranoia, privacy and security.

Enable ssh and ssh root access on Vyatta

Requirements

  • Root account enabled

Enable SSH / SSH root access
To access the shell from a remote pc, with for example, the program “putty”.

Commands

vyatta@vyatta# set service ssh
vyatta@vyatta# set service ssh allow-root
vyatta@vyatta# commit
vyatta@vyatta# save

By |How-To, Technical|Comments Off on Enable ssh and ssh root access on Vyatta

Mounting a remote file system using ssh (sshfs)

For some time I have always used tools such as scp sftp to copy files between Linux based systems. Until the growing need to have this process simplified.  I recently fell in love with Linux all over again with the new release of Ubuntu.  I always had known it was possible but never had the direct need to mount ssh file systems remotely.  This is where some Google searching and SSHFS and FUSE came into play on my home systems.

So what are some things I found out?  Well for one; as long as I have SSH access to a remote system I can use SSHGS to mount and use the remote directories as if they were on my local system.  SSHGS require no special software on the remote host so this is good in a hosted situation where you have no control over what gets installed.

This is where I give you the * filler * info on SSHFS.

SSHFS is built upon the FUSE user-space file-system framework project.  FUSE allows user-space software; in my case SSH to present a file-system that is virtually interfaced to the end use.  SSHFS connect to the remote system and does all the necessary operations to provide the look and feel of a regular file-system.

So now what?

First we need to start off by installing sshfs if not already installed.  I am using Ubuntu like I had mentioned above so by typing sudo apt-get install sshfs that installs all I need and supporting requirement.

The fun part.

Create a local directory where you want the files mounted.  This process is similar to mount smb shares from another system.  In my example I will be mounting the directory /home on the remote server to a local path on my system:

sudo mkdir /media/video”

sudo sshfs jermsmit.com:/home /media/video

You can also change the owner of the new directory by typing chown ‘yourusername’ /mnt/remotehome1

Please note that the /media/video directory must exist and be owned by you, so keep in mind when you make (for example) /media/video you should assign permissions to your user so that you may access it.

To unmounts the directory, you can use the command fusermount –u.  Example fusermount –u /media/video.  If you get a message about the path being in use make sure that you have change directory out of this path and try again.

That’s about it.  Very clean and simple, and next time I hope to write about setting this up in such a way its auto mounted on startup (aka persistent), but for now this gets the job done.

By |How-To, Software, Technical|Comments Off on Mounting a remote file system using ssh (sshfs)

Configure Firefox to use SSH tunnel for DNS

If you are using SSH to tunnel your web traffic, to keep your information private, you might be vulnerable to a DNS man-in-the-middle attack.  If your DNS requests are not tunneled, the operator of the hostile (or locked down) network can still see where you are navigating to on the web when your client makes DNS requests to resolve hostnames to IP addresses. For these reasons (and for many others), it’s a good idea to tunnel DNS through your SSH tunnel too.  This can be done very easily in Firefox.

In the Firefox URL address bar, enter “about:config“.
In the Filter text field, enter “network.proxy.socks_remote_dns“.
Double-click “network.proxy.socks_remote_dns” to set the value to true.

By |How-To, Technical|Comments Off on Configure Firefox to use SSH tunnel for DNS