SSH

Things and Stuff Wiki - An organically evolving personal wiki knowledge base. An on-the-fly taxonomy containing a patchwork trail of topic outlines, descriptions, notes, stubs and breadcrumbs, with links to sites, systems, software, manuals, organisations, people, articles, guides, slides, papers, books, comments, videos, screencasts, webcasts, scratchpads and more. Content is orientated towards mostly free/libre/open, mostly Linux. Quality and age varies drastically. Sometimes old things are first, sometimes last. Use the Table of Contents menu to navigate long pages. Zoom in if text is too small. Dead link? Wayback Machine. I probably need to fix the theme CSS after an update. See also libreav.org. Chat to msg me (not checking tho atm). e

General

http://www.danielmiessler.com/blog/putting-ssh-another-port-good-idea [1]

https://stribika.github.io/2015/01/04/secure-secure-shell.html

https://medium.com/@shazow/ssh-how-does-it-even-9e43586e4ffc#.czq2ci4rw [] [2] [3]

Server

http://www.openssh.org/ - includes client
- http://en.wikipedia.org/wiki/OpenSSH

https://matt.ucc.asn.au/dropbear/dropbear.html
- http://en.wikipedia.org/wiki/Dropbear_(software)

Client

http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html

http://sourceforge.net/projects/rutty/

http://www.9bis.net/kitty/

Management

storm

storm is a command line tool to manage your ssh connections. features; adding, editing, deleting, listing, searching across your SSHConfig. command alias support for your CLI preferences. support for custom SSH directives. scriptable as a python library.

user interfaces besides cli. (web ui, wxpython, unity(ubuntu) indicator.) [4]

Keys

https://wiki.archlinux.org/index.php/SSH_Keys

Default file name format;

~/.ssh/id_rsa and ~/.ssh/id_rsa.pub
  RSA key

~/.ssh/identity and ~/.ssh/identity.pub
  DSA key (old)

Creating

ssh-keygen
  create a key. rsa is default.

Distributing

ssh-copy-id [-i [identity_file]] [user@]remote

ssh-copy-id username@remote-server.org

ssh-copy-id 'user@remote-server.org -p 8129'

ssh-copy-id -i ~/.ssh/id_ecdsa.pub '-p 221 username@remote-server.org'

sshexport [5]

Multiple keys

ssh -i ~/.ssh/id_rsa_example.org

Config

~/.ssh/config

Host example.org
 IdentityFile ~/.ssh/id_rsa_example.org

http://nerderati.com/2011/03/simplify-your-life-with-an-ssh-config-file/

sshit - A quick way to manage .ssh/config

to sort

ietf: Managing SSH Keys for Automated Access - Current Recommended Practice

HOWTO: set up ssh keys
Using Rsync and SSH - Keys, Validating, and Automation
http://www.karan.org/blog/index.php/2009/08/25/multiple-ssh-private-keys

http://www.cmdln.org/2008/02/11/restricting-ssh-commands/
- http://www.hackinglinuxexposed.com/articles/20030115.html
- https://github.com/gabor-udvari/authprogs
  - https://raw.github.com/gabor-udvari/authprogs/master/authprogs

http://linux.die.net/man/1/ssh-keyscan

https://github.com/duncs/clusterssh

https://github.com/apenwarr/sshuttle

http://alicious.com/cheap-vpn-using-sshuttle/

http://www.everythingcli.org/ssh-tunnelling-for-fun-and-profit-autossh/

SSH agents

http://www.funtoo.org/Keychain

https://github.com/authy/authy-ssh

http://www.unixwiz.net/techtips/ssh-agent-forwarding.html

http://unixwiz.net/techtips/ssh-agent-forwarding.html

https://heipei.github.io/2015/02/26/SSH-Agent-Forwarding-considered-harmful/

Envoy helps you to manage ssh keys in similar fashion to keychain, but done in c, takes advantage of cgroups and systemd.

randomart

VisualHostKey=yes

http://superuser.com/questions/22535/what-is-randomart-produced-by-ssh-keygen
- http://www.dirk-loss.de/sshvis/drunken_bishop.pdf

SCP

scp -P [port] file.txt user@remotehose:~/file.txt

When scp on remote is initiated, it done so with -t flag, which is undocumented but might be required for precise command persmission configuration.

https://blogs.oracle.com/janp/entry/how_the_scp_protocol_works

http://www.psc.edu/index.php/hpn-ssh [7]

SSHFS

http://fuse.sourceforge.net/sshfs.html
- http://en.wikipedia.org/wiki/SSHFS

sshfs user@address:/home/user/dir dirtomountto -p [port]
  mount

fusermount -u dirtomountto
  unmount

Notes on SSHFS

if

fuse: failed to open /dev/fuse: Permission denied

do

usermod -G fuse [username]

and relogin

https://github.com/hellekin/autosshfs

Security

http://www.semicomplete.com/articles/ssh-security/

http://blog.sucuri.net/2013/07/ssh-brute-force-the-10-year-old-attack-that-still-persists.html

X11 forwarding

http://blog.samat.org/2006/05/08/best-ssh-options-for-x11-forwarding

See GUI#X_Forwarding

Web forwarding

https://github.com/apenwarr/sshuttle

http://bbrinck.com/post/2318562750/reverse-ssh-tunneling-easier-than-port-forwarding

Tools

http://www.harding.motd.ca/autossh/

http://matt.ucc.asn.au/ssh-xfer/
- http://archive09.linux.com/feature/143892

https://github.com/turicas/sbc

To sort

https://wiki.archlinux.org/index.php/Shfs - older Linux kernel module which allows you to mount remote filesystems using a plain shell (ssh) connection

Multi factor

http://undeadly.org/cgi?action=article&sid=20130616112437

SSH

Contents