SSH
Jump to navigation
Jump to search
General
- O'Reilly's SSH, The Secure Shell: The Definitive Guide: 1.5. History of SSH
- http://blog.hyfather.com/blog/2013/04/18/ssh-uses-four-tcp-segments-for-each-character/
Server/client
Keys
Default file name format;
~/.ssh/id_rsa and ~/.ssh/id_rsa.pub RSA key
~/.ssh/identity and ~/.ssh/identity.pub DSA key (old)
Creating
ssh-keygen create a key. rsa is default.
Distributing
ssh-copy-id [-i [identity_file]] [user@]remote ssh-copy-id username@remote-server.org ssh-copy-id -i ~/.ssh/id_ecdsa.pub '-p 221 username@remote-server.org'
Multiple keys
ssh -i ~/.ssh/id_rsa_example.org
Config
~/.ssh/config
Host example.org IdentityFile ~/.ssh/id_rsa_example.org
- sshit - A quick way to manage .ssh/config
to sort
- SSH Can Do That? Productivity Tips for Working with Remote Servers
- Tips for Remote Unix Work (SSH, screen, and VNC) [2]
- http://blog.hypergeometric.com/2012/02/22/ssh-dos-and-donts/
- http://www.cyberciti.biz/tips/linux-unix-bsd-openssh-server-best-practices.html
- http://opensourcehacker.com/2012/10/24/ssh-key-and-passwordless-login-basics-for-developers/
- http://vimeo.com/54505525
- HOWTO: set up ssh keys
- Using Rsync and SSH - Keys, Validating, and Automation
- http://www.karan.org/blog/index.php/2009/08/25/multiple-ssh-private-keys
SSH agents
- Envoy helps you to manage ssh keys in similar fashion to keychain, but done in c, takes advantage of cgroups and systemd.
randomart
VisualHostKey=yes
SCP
scp -P [port] file.txt user@remotehose:~/file.txt
When scp on remote is initiated, it done so with -t flag, which is undocumented but might be required for precise command persmission configuration.
SSHFS
sshfs user@address:/home/user/dir dirtomountto -p [port] mount fusermount -u dirtomountto unmount
if
fuse: failed to open /dev/fuse: Permission denied
do
usermod -G fuse [username]
and relogin
Security
fail2ban
sshguard
Honeypot
X11 forwarding
See GUI#X_Forwarding
Web forwarding
Tools
To sort
- https://wiki.archlinux.org/index.php/Shfs - older Linux kernel module which allows you to mount remote filesystems using a plain shell (ssh) connection