ssh.md (1791B)
1 # ssh 2 3 ## tunnel 4 [tunnel][] through jump server 5 ``` 6 ssh -t L7070:localhost:7071 user@jumphost ssh -t -D7071 user@furtherhost 7 ``` 8 9 ``` 10 ssh -A -t -l user jump-host \ 11 -L 8080:localhost:8080 \ 12 ssh -A -t -l user webserver.dmz \ 13 -L 8080:localhost:8080 14 ``` 15 16 open [socks proxy][] on port 443 (hide as https) - requires sudo 17 ``` 18 sudo ssh -o ServerAliveInterval=60 -D443 -l pyratebeard -i ~/lib/key/ssh_tunnel -N -C -q -t -4 -f ftp.pyratebeard.net 19 ``` 20 - `-o ServerAliveInterval=60` - 21 - `-D443` - 22 - `-l pyratebeard` - 23 - `-i ~/lib/key/ssh_tunnel` - 24 - `-N` - do not execute remote command 25 - `-C` - compress data 26 - `-q` - quiet 27 - `-t` - force pseudo-terminal 28 - `-4` - use ipv4 only 29 - `-f` - go to background 30 31 ## X11 forwarding 32 ``` 33 ssh -X user@host 34 ``` 35 - on server side `X11Forwarding` must be set to `yes` in '/etc/ssh/sshd_config' 36 37 ## ssh host fingerprint 38 to find the fingerprint of a host 39 ``` 40 sudo ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key 41 sudo ssh-keygen -l -f /etc/ssh/ssh_host_ecdsa_key 42 ``` 43 44 ## remote host id has changed 45 if the fingerprint for the remote host has changed (and you are sure it's not 46 a mitm attack) run the following to remove from 'known_hosts' 47 ``` 48 ssh-keygen -f $HOME/.ssh/known_hosts -R <hostname> 49 ``` 50 51 ## sshd_config 52 * allow one user and all users in group 53 * if only use `AllowGroup` it overrides the `AllowUsers` 54 ``` 55 AllowUsers <username> 56 Match group users 57 AllowUsers * 58 ``` 59 60 ## ref 61 [ssh][] guide 62 63 [tunnel]: http://digitalcrunch.com/linux/how-to-use-an-ssh-tunnel-through-a-jump-host/ 64 [socks proxy]: https://ma.ttias.be/socks-proxy-linux-ssh-bypass-content-filters/ 65 [ssh]: http://lackof.org/taggart/hacking/ssh/ 66 67 * must have dns resolv on greyskull (and nublar for lxc) 68 * must have short name in ssh/config on nublar for lxc 69 * must have cert-auth known host on nublar for lxc