Beyond the previously described security-related improvements,
SSH also simplifies the use of remote X
applications. If you run ssh with the option
-X
, the DISPLAY variable is automatically set on the
remote machine and all X output is exported to the remote machine over
the existing SSH connection. At the same time, X
applications started remotely and locally viewed with this method cannot be
intercepted by unauthorized individuals.
By adding the option -A
, the
ssh-agent authentication mechanism is
carried over to the next machine. This way, you can work from different
machines without having to enter a password, but only if you have
distributed your public key to the destination hosts and properly saved it
there.
Both mechanisms are deactivated in the default settings, but can be
permanently activated at any time in the systemwide configuration file
/etc/ssh/sshd_config
or the user's
~/.ssh/config
.
ssh can also be used to redirect TCP/IP connections. In the examples below, SSH is told to redirect the SMTP and the POP3 port, respectively:
ssh -L 25:sun:25 earth
With this command, any connection directed to earth port 25 (SMTP) is redirected to the SMTP port on sun via an encrypted channel. This is especially useful for those using SMTP servers without SMTP-AUTH or POP-before-SMTP features. From any arbitrary location connected to a network, e-mail can be transferred to the “home” mail server for delivery. Similarly, all POP3 requests (port 110) on earth can be forwarded to the POP3 port of sun with this command:
ssh -L 110:sun:110 earth
Both commands must be executed as root
, because the connection is made to
privileged local ports. E-mail is sent and retrieved by normal users in an
existing SSH connection. The SMTP and POP3
host must be set to localhost
for this to work.
Additional information can be found in the manual pages for each of the
programs described above and also in the files under
/usr/share/doc/packages/openssh
.