SSH

From Things and Stuff Wiki
Jump to navigation Jump to search


General

ssh user@host

ssh user@host -p 123
 # specify alternate port

Server and client

The OpenSSH suite consists of the following tools:

  • Remote operations are done using ssh, scp, and sftp.
  • Key management with ssh-add, ssh-keysign, ssh-keyscan, and ssh-keygen.
  • The service side consists of sshd, sftp-server, and ssh-agent.
  • Dropbear is a relatively small SSH server and client. It runs on a variety of POSIX-based platforms. Dropbear is open source software, distributed under a MIT-style license. Dropbear is particularly useful for "embedded"-type Linux (or other Unix) systems, such as wireless routers.

Client

Management

storm

  • storm is a command line tool to manage your ssh connections. features; adding, editing, deleting, listing, searching across your SSHConfig. command alias support for your CLI preferences. support for custom SSH directives. scriptable as a python library.

user interfaces besides cli. (web ui, wxpython, unity(ubuntu) indicator.) [4]

multissh

  • multissh - A really short but useful shellscript for connecting to all nodes of a cluster using ssh (also thru gateways and trapdoors) and sending commands to all nodes in parallel. It's using DCOP to remote-control a konsole process with the ssh connections in seperate tabs.

Keys

Default file name format;

~/.ssh/id_rsa and ~/.ssh/id_rsa.pub
  RSA key
~/.ssh/identity and ~/.ssh/identity.pub
  DSA key (old)

Creating

ssh-keygen
  create a key. rsa is default.

Distributing

ssh-copy-id [-i [identity_file]] [user@]remote

ssh-copy-id username@remote-server.org
ssh-copy-id 'user@remote-server.org -p 8129'

ssh-copy-id -i ~/.ssh/id_ecdsa.pub '-p 221 username@remote-server.org'

Multiple keys

ssh -i ~/.ssh/id_rsa_example.org

Config

~/.ssh/config

Host example.org
 IdentityFile ~/.ssh/id_rsa_example.org
  • sshit - A quick way to manage .ssh/config

SSH agent


  • Envoy helps you to manage ssh keys in similar fashion to keychain, but done in c, takes advantage of cgroups and systemd.

to sort


randomart

VisualHostKey=yes

SCP

scp -P [port] file.txt user@remotehose:~/file.txt

When scp on remote is initiated, it done so with -t flag, which is undocumented but might be required for precise command persmission configuration.


SSHFS

sshfs user@address:/home/user/dir dirtomountto -p [port]
  mount

fusermount -u dirtomountto
  unmount

if

fuse: failed to open /dev/fuse: Permission denied

do

usermod -G fuse [username]

and relogin

Security

fail2ban

sshguard

Honeypot

X11 forwarding

See GUI#X Forwarding

Web forwarding

Tools

To sort