Ssh: Difference between revisions

From DWIKI
mNo edit summary
mNo edit summary
Line 3: Line 3:




=FAQ=


==remember key passphrase==
= FAQ =
 
== remember key passphrase ==
 
  ssh-agent bash
  ssh-agent bash
  ssh-add ~/.ssh/id_rsa
  ssh-add ~/.ssh/id_rsa


==root access from single host==
== root access from single host ==
 
  Match Address 192.168.1.100
  Match Address 192.168.1.100
         PermitRootLogin yes
         PermitRootLogin yes


==multihop tunnel==
== multihop tunnel ==
 
  ssh -A -t -l user jump-host \
  ssh -A -t -l user jump-host \
  -L 8080:localhost:8080 \
  -L 8080:localhost:8080 \
Line 19: Line 23:
  -L 8080:localhost:8080
  -L 8080:localhost:8080


 


==SSH tunnel with putty==
== SSH tunnel with putty ==
https://www.skyverge.com/blog/how-to-set-up-an-ssh-tunnel-with-putty/


==Failed publickey==
[https://www.skyverge.com/blog/how-to-set-up-an-ssh-tunnel-with-putty/ https://www.skyverge.com/blog/how-to-set-up-an-ssh-tunnel-with-putty/]
*acccess rights?
 
== Failed publickey ==
 
*acccess rights?  
 
== 14: No supported authentication methods available [preauth] ==


==14: No supported authentication methods available [preauth]==
Putty not configured to look at correct private key?
Putty not configured to look at correct private key?


 


==chrooted sftp==
== chrooted sftp ==
 
Homedir as defined in /etc/passwd /home/someuser


Homedir as defined in /etc/passwd
/home/someuser
  chmod 755 /home/someuser
  chmod 755 /home/someuser
  chown root.root /home/someuser
  chown root.root /home/someuser


And then create writable dir for user:
And then create writable dir for user:
  mkdir /home/someuser/downloads
  mkdir /home/someuser/downloads
  chown someuser.someuser /home/someuser/downloads
  chown someuser.someuser /home/someuser/downloads


 


 
Subsystem sftp internal-sftp
Subsystem       sftp   internal-sftp


'''Per group:'''
'''Per group:'''


/etc/ssh/sshd_config
/etc/ssh/sshd_config
   Match Group sftponly
   Match Group sftponly
     ChrootDirectory %h
     ChrootDirectory %h
Line 69: Line 80:
   Match all
   Match all


The ChrootDirectory must be owned by root.root with permissons 755.
The ChrootDirectory must be owned by root.root with permissons 755. If you want group based access rights, you can do that in subdirectories.
If you want group based access rights, you can do that in subdirectories.


 


== ssh tunnel ==
== ssh tunnel ==
Line 85: Line 96:
Maybe try ssh -4
Maybe try ssh -4


==Unable to negotiate with 192.168.100.4 port 22: no matching cipher found.==
== Unable to negotiate with 192.168.100.4 port 22: no matching cipher found. ==
 
passing old cipher, like -o arcfour??
passing old cipher, like -o arcfour??


==rsync only as root==
== rsync only as root ==
 
==scp: no matching key exchange method found.==
scp seems to ignore .ssh/config, so use
scp -o Ciphers=xxx

Revision as of 13:15, 24 December 2020

Links


FAQ

remember key passphrase

ssh-agent bash
ssh-add ~/.ssh/id_rsa

root access from single host

Match Address 192.168.1.100
       PermitRootLogin yes

multihop tunnel

ssh -A -t -l user jump-host \
-L 8080:localhost:8080 \
ssh -A -t -l user webserver.dmz \
-L 8080:localhost:8080

 

SSH tunnel with putty

https://www.skyverge.com/blog/how-to-set-up-an-ssh-tunnel-with-putty/

Failed publickey

  • acccess rights?

14: No supported authentication methods available [preauth]

Putty not configured to look at correct private key?

 

chrooted sftp

Homedir as defined in /etc/passwd /home/someuser

chmod 755 /home/someuser
chown root.root /home/someuser

And then create writable dir for user:

mkdir /home/someuser/downloads
chown someuser.someuser /home/someuser/downloads

 

Subsystem sftp internal-sftp

Per group:

/etc/ssh/sshd_config

 Match Group sftponly
   ChrootDirectory %h
   ForceCommand internal-sftp
   AllowTcpForwarding no
   PermitTunnel no
   X11Forwarding no
 #Remember this one to close Match block!
 Match all

Per user:

 Match User username
   ChrootDirectory %h
   ForceCommand internal-sftp
   AllowTcpForwarding no
   PermitTunnel no
   X11Forwarding no
 #Remember this one to close Match block!
 Match all

The ChrootDirectory must be owned by root.root with permissons 755. If you want group based access rights, you can do that in subdirectories.

 

ssh tunnel

ssh -L 1234:192.168.100.2:80 remotehost

And then connect to localhost:1234

 

bind Cannot assign requested address

Maybe try ssh -4

Unable to negotiate with 192.168.100.4 port 22: no matching cipher found.

passing old cipher, like -o arcfour??

rsync only as root

scp: no matching key exchange method found.

scp seems to ignore .ssh/config, so use

scp -o Ciphers=xxx