botbotbot 's blog

All about Secure Shell

06 Apr 2015 Tags: ssh ·

SSH

SSH Alias Config

# .ssh/config
# use $ssh <hostname> to connect
# Host * //setting for every host
  Host <hostname>
  HostName <ip>
  User	 <username>
  Port  <port>

Using SSH ProxyCommand to Tunnel Connections

# .ssh/config
#ProxyCommand ssh someserver -W %h:%p
#  With the newer versions of openssh-client you can also use the -W option to forward the connection.
#LocalCommand
#  Specifies a command to execute on the local machine after successfully connecting to the server
#DynamicForward
#  Specifies that a TCP port on the local machine be forwarded over the secure channel, and the application protocol is then used to determine where to connect to from the remote machine.
#IdentityFile
#  Specifies a file from which the user's DSA, ECDSA, Ed25519 or RSA authentication identity is read

  Host <proxy>
  HostName <ip>
  User <user>
  ProxyCommand ssh <destination> -W %h:%p 2> /dev/null
  IdentityFile <ssh_key>

SSH login with key-based authentication

# Client: generate key
$ ssh-keygen -t rsa -b 4096

# Server: put client key
# copy ~/.ssh/id_rsa.pub into ~/.ssh/authorized_keys in server
# (option: server denies passed auth)
$ sudo vim /etc/ssh/sshd_config

SSH Login with Password

# /etc/ssh/sshd_config
PasswordAuthentication no

Match address 192.0.2.0/24
    PasswordAuthentication yes

SSH Proxy with SOCKS5

$ ssh -N -D 8080 user@server -p 443
# should using port 443 to avoid blocking port 22
# setting proxy  on your browser
# sock host 127.0.0.1 port 8080

# .ssh/config
# use $ssh -N <proxy> -p 443
Host <proxy>
  HostName <ip>
  User <user>
  DynamicForward 8080

SSH Skip known_host

$ ssh -o "StrictHostKeyChecking no" user@host

Resources

  1. Setup and Setting SSH
  2. SSH Crash Course – Fun With Remote Shells, From The Ground Up
  3. SSH: Best practices

Latest Posts