last modified: 2017-10-11

1. System

  • I use Debian, version 8.7 (why?)

  • Vi is used as a text editor in the following

2. Why SSH?

  • SSH allows 2 computers to connect to each other , even with a firewall on each computer (how?).

  • The data transitting between the 2 servers is not encrypted, but it is tunnelled in a way that protects it from preying eyes (how?)

  • For this reason, SSH tunneling is a nice way to have a couple or even more computers to discuss with each other: to go from a single server to a cluster!

  • My use case: a prod server that does the heavy lifting, a small server which receives the API requests from the public and polls the prod server for answers.

Difficulty: SSH is pretty hard to setup for beginners.

3. Setup

Prod server: A.A.A

API server: B.B.B

I want the db in A.A.A to be tunneled to B.B.B. The API server on B.B.B. can query the db as if it was in localhost.

From B.B.B. :

  • creating a pair of keys:

ssh-keygen -t rsa

This generates a private key id_rsa and a public key, both of them in the folder /home/user/.ssh/

On A.A.A.:

  • copying the made on B.B.B and pasting it as a new line in authorized_keys in A.A.A.

  • restart sshd with: service sshd restart

From B.B.B.:

ssh -Nf -L 9200:localhost:9200 myuser@A.A.A -p 22

(9200 is because I want to tunnel Elasticsearch)

(actually replace 22 by the port you configured in sshd_config in A.A.A)

(the Nf option puts the SSH connection in the background. Indeed, we don’t care about it - we don’t want an interactive session in a console. Just the port 9200 to be tunneled.)

Closing an SSH tunnel:

4. SCP

here: make sure you have access to the file you want to move, both in origin and dest folders!

scp -P 1234 /var/redis/6379/dump.rdb username@destinationhost:/home/username

To copy a full directory:

scp -r -P 1234 /var/folder username@destinationhost:/home/username/folder

The end

round portrait mini 150 Tutorial by Clement Levallois.

Discover other tutorials and courses in data / tech for business:

Or get in touch via Twitter: @seinecle