I’ve run into a couple of weird issues this week and I thought I would bounce it off the group here. If you’ve got any suggestions or fixes for these issues I sure would appreciate it.
- I run a proxy over ssh and squid for privacy-sake (and so IT at my office minds their own business!) I use the command “ssh -C -L 8080:localhost:3128 my.remote.squid.proxy”. This works great, and I’m planning a tutorial for a more detailed outline, but the odd thing is when I disconnect and exit the terminal it doesn’t close. The terminal (both gnome-terminal & konsole) just sit there and I have to kill it by clicking the X. If I simply connect via ssh without the port binding everything closes as normal. Is this based on one of my arguments? Anyone else seen this?
- I’ve been trying to remove the fade-out effect (such as when prompted for a password, logging out, etc) but keep the “grab” feature where the box demands focus. I’ve been able to remove the fade, but this also removes the focus grabbing which is a big security problem. Does anyone know a way to remove the fade effect but keep the focus grabbing for the dialog box? Previous suggestions found here on the ubuntuforums.
I know the both of these are a little off the wall but I appreciate any feedback. The first is a little annoyance for me while the second has been a long-time concern for a friend of mine. I hope we’ll be able to solve it for him. Thanks!
I think you are talking about when you exit your SSH session, it doesn’t close, but still sits there. That’s because you have bound your localhost IP to that port, and you probably still have an application, such as your web browser, open that is using the port. Close the application, and it will fully exit your session. If not, just ctrl-c to cancel the process.
Aaron is right. You probably want -f and -N.
-f tells it to drop into the background, and -N tells it to not run a remote command.
Then you just kill the ssh process when you are done… or just leave it open. If you want to keep a permanent connection (so you don’t have to keep setting up) use autossh and public/private keys.
To add to what Aaron wrote: run a netstat to see what TCP connections are still alive over that ssh-bound port. Chances are, you’ve got some kind of keep-alive or refreshed page in your browser. Unfortunately, SSH doesn’t allow for you to specify a “force disconnect of tunneled connections when I try to close the session” param. We use SSH tunnels constantly in my office, and we’ve put together the following config options, in ~/.ssh/config
Ciphers aes128-cbc,blowfish-cbc,3des-cbc,cast128-cbc
Compression yes
ConnectionAttempts 3
ConnectTimeout 10
ControlPath /tmp/.%h.%p.%r
EnableSSHKeySign yes
ForwardAgent yes
ForwardX11Trusted yes
Protocol 2
ServerAliveInterval 120
ServerAliveCountMax 3
TcpKeepAlive yes
Add to that a host entry like this:
host my.remote.squid.proxy
LocalForward 8080 localhost:3128
and then append your public key to the ~/.ssh/authorized_keys file on my.remote.squid.proxy, and you’ll get compressed, password-less tunnels set up at connection time, assuming you use ssh-agent to hold your keys.
As for question 2… I’m pretty sure you can configure that in KDE… 🙂
I just use ‘ssh -D 9000 my.remote.server’, and then configure firefox and gaim to use the socks 4 proxy on localhost:9000.
All traffic is tunneled to my.remote.server over ssh.
Much easier and simpler to fulfill the goal, I think.
Chris is right about the SOCKS proxy option of ssh it is very easy to setup and doesn’t require a separate proxy. If you are extra paranoid you can set firefox to send DNS queries through the SOCKS proxy. In about:config change network.proxy.socks_remote_dns to true. This keeps them from seeing what DNS requests you are making.
As the other posters said you have some connection that ssh still forwards.
Look at the “ESCAPE CHARACTERS” section of the ssh manpage. there a a few nice tricks for cases like that.
~. forces a disconnect (including forward)
and
~+Z backgrounds ssh
and some more nice things. (e.g. ~&)