SSH

From Things and Stuff Wiki
Jump to: navigation, search

Things and Stuff Wiki - An organically evolving personal wiki knowledge base with an on-the-fly taxonomy containing topic outlines, descriptions, notes and breadcrumbs, with links to sites, systems, software, manuals, organisations, people, articles, guides, slides, papers, books, comments, videos, screencasts, webcasts, scratchpads and more. Quality varies drastically. Use the Table of Contents to navigate long pages, use the Small-ToC and Tiny-ToC header links on longer pages. Not that mobile friendly atm. #tnswiki on freenode IRC for feedback chat, or see About for login and further information. / et / em

General

ssh user@host

ssh user@host -p 123
 # specify alternate port

"Make sure you use full disk encryption and never stand up from your machine without locking it, and make sure you keep your local machine patched. If I get code execution on your machine, I am going to use whatever keys are loaded in your ssh-agent to pivot, hijack your existing open sessions, or modify your ssh client to dump the keys I need. ... Key length is a protection against the future, and against state level actors. Right now, key length doesn't matter much to me because I'm more focused on just stealing your keys from you regardless of length."

Forwarding

Network

ssh -L 9384:127.0.0.1:8384 remote-server


  • https://github.com/sshuttle/sshuttle - Transparent proxy server that works as a poor man's VPN. Forwards over ssh. Doesn't require admin. Works with Linux and MacOS. Supports DNS tunneling.


X11

See GUI#X Forwarding

Keys

Default file name format;

~/.ssh/id_rsa and ~/.ssh/id_rsa.pub
  RSA key
~/.ssh/identity and ~/.ssh/identity.pub
  DSA key (old)

Creating

ssh-keygen
  create a key. rsa is default.

Distributing

ssh-copy-id [-i [identity_file]] [user@]remote

ssh-copy-id username@remote-server.org
ssh-copy-id 'user@remote-server.org -p 8129'

ssh-copy-id -i ~/.ssh/id_ecdsa.pub '-p 221 username@remote-server.org'

Multiple keys

ssh -i ~/.ssh/id_rsa_example.org

Config

~/.ssh/config

Host example.org
 IdentityFile ~/.ssh/id_rsa_example.org
  • sshit - A quick way to manage .ssh/config

SSH agent


  • Envoy helps you to manage ssh keys in similar fashion to keychain, but done in c, takes advantage of cgroups and systemd.

to sort


randomart

VisualHostKey=yes


Management

storm

  • https://github.com/emre/storm - a command line tool to manage your ssh connections. features; adding, editing, deleting, listing, searching across your SSHConfig. command alias support for your CLI preferences. support for custom SSH directives. scriptable as a python library. user interfaces besides cli. (web ui, wxpython, unity(ubuntu) indicator.) [9]

multissh

  • multissh - A really short but useful shellscript for connecting to all nodes of a cluster using ssh (also thru gateways and trapdoors) and sending commands to all nodes in parallel. It's using DCOP to remote-control a konsole process with the ssh connections in seperate tabs.

Teleport

  • Teleport - Privileged access management for elastic infrastructure.
    • https://github.com/gravitational/teleport
    • Teleport 1.0 Released - "For the uninitiated, Teleport is modern SSH server designed for clusters of servers and the teams working on them. The notion of “cluster” and cluster membership is central to Teleport: users can explore the nodes in a cluster, their user permissions are governed on a cluster level, etc. You can think of Teleport as a set of enhancements to SSH, while still being backward compatible with OpenSSH. You can think of Teleport as a set of enhancements to SSH, while still being backward compatible with OpenSSH."

Server and client

OpenSSH

The OpenSSH suite consists of the following tools:

  • Remote operations are done using ssh, scp, and sftp.
  • Key management with ssh-add, ssh-keysign, ssh-keyscan, and ssh-keygen.
  • The service side consists of sshd, sftp-server, and ssh-agent.

Dropbear

  • Dropbear is a relatively small SSH server and client. It runs on a variety of POSIX-based platforms. Dropbear is open source software, distributed under a MIT-style license. Dropbear is particularly useful for "embedded"-type Linux (or other Unix) systems, such as wireless routers.


Client

PuTTY

  • PuTTY - a free implementation of SSH and Telnet for Windows and Unix platforms, along with an xterm terminal emulator.



  • KiTTY - a fork from version 0.70 of PuTTY, the best telnet / SSH client in the world. KiTTY is only designed for the Microsoft® Windows® platform.

Server

tinyssh

  • tinyssh - a minimalistic SSH server which implements only a subset of SSHv2 features.


Security

fail2ban

sshguard

Honeypot

TOTP port fluxing


SCP

scp -P [port] file.txt user@remotehose:~/file.txt

When scp on remote is initiated, it done so with -t flag, which is undocumented but might be required for precise command persmission configuration.


SSHFS

sshfs user@address:/home/user/dir dirtomountto -p [port]
  mount

fusermount -u dirtomountto
  unmount

if

fuse: failed to open /dev/fuse: Permission denied

do

usermod -G fuse [username]

and relogin

Tools

Alternatives

To sort