grimoire

personal wiki
git clone git://git.pyratebeard.net/grimoire.git
Log | Files | Refs

ssh.md (1791B)


      1 # ssh
      2 
      3 ## tunnel
      4 [tunnel][] through jump server
      5 ```
      6 ssh -t L7070:localhost:7071 user@jumphost ssh -t -D7071 user@furtherhost
      7 ```
      8 
      9 ```
     10 ssh -A -t -l user jump-host \
     11 -L 8080:localhost:8080 \
     12 ssh -A -t -l user webserver.dmz \
     13 -L 8080:localhost:8080
     14 ```
     15 
     16 open [socks proxy][] on port 443 (hide as https) - requires sudo
     17 ```
     18 sudo ssh -o ServerAliveInterval=60 -D443 -l pyratebeard -i ~/lib/key/ssh_tunnel -N -C -q -t -4 -f ftp.pyratebeard.net
     19 ```
     20 - `-o ServerAliveInterval=60` - 
     21 - `-D443` -
     22 - `-l pyratebeard` -
     23 - `-i ~/lib/key/ssh_tunnel` -
     24 - `-N` - do not execute remote command
     25 - `-C` - compress data
     26 - `-q` - quiet
     27 - `-t` - force pseudo-terminal
     28 - `-4` - use ipv4 only
     29 - `-f` - go to background
     30 
     31 ## X11 forwarding
     32 ```
     33 ssh -X user@host
     34 ```
     35 - on server side `X11Forwarding` must be set to `yes` in '/etc/ssh/sshd_config'
     36 
     37 ## ssh host fingerprint
     38 to find the fingerprint of a host
     39 ```
     40 sudo ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key
     41 sudo ssh-keygen -l -f /etc/ssh/ssh_host_ecdsa_key
     42 ```
     43 
     44 ## remote host id has changed
     45 if the fingerprint for the remote host has changed (and you are sure it's not 
     46 a mitm attack) run the following to remove from 'known_hosts'
     47 ```
     48 ssh-keygen -f $HOME/.ssh/known_hosts -R <hostname>
     49 ```
     50 
     51 ## sshd_config
     52 * allow one user and all users in group
     53 * if only use `AllowGroup` it overrides the `AllowUsers`
     54 ```
     55 AllowUsers <username>
     56 Match group users
     57 	AllowUsers *
     58 ```
     59 
     60 ## ref
     61 [ssh][] guide
     62 
     63 [tunnel]: http://digitalcrunch.com/linux/how-to-use-an-ssh-tunnel-through-a-jump-host/
     64 [socks proxy]: https://ma.ttias.be/socks-proxy-linux-ssh-bypass-content-filters/
     65 [ssh]: http://lackof.org/taggart/hacking/ssh/
     66 
     67 * must have dns resolv on greyskull (and nublar for lxc)
     68 * must have short name in ssh/config on nublar for lxc
     69 * must have cert-auth known host on nublar for lxc