Ssh: Difference between revisions

From DWIKI
mNo edit summary
Line 27: Line 27:


==chrooted sftp==
==chrooted sftp==
Subsystem      sftp    internal-sftp


'''Per group:'''
'''Per group:'''
Line 43: Line 45:
'''Per user:'''
'''Per user:'''


==remove host key==
ssh-keygen -R hostname
   Match User username
   Match User username
     ChrootDirectory %h
     ChrootDirectory %h

Revision as of 10:55, 5 December 2017

FAQ

remember key passphrase

ssh-agent bash
ssh-add ~/.ssh/id_rsa

root access from single host

Match Address 192.168.1.100
       PermitRootLogin yes

multihop tunnel

ssh -A -t -l user jump-host \
-L 8080:localhost:8080 \
ssh -A -t -l user webserver.dmz \
-L 8080:localhost:8080


SSH tunnel with putty

ttps://www.skyverge.com/blog/how-to-set-up-an-ssh-tunnel-with-putty/

Failed publickey

  • acccess rights?

14: No supported authentication methods available [preauth]

Putty not configured to look at correct private key?


chrooted sftp

Subsystem sftp internal-sftp

Per group:

/etc/ssh/sshd_config 

 Match Group sftponly
   ChrootDirectory %h
   ForceCommand internal-sftp
   AllowTcpForwarding no
   PermitTunnel no
   X11Forwarding no

 #Remember this one to close Match block!
 Match all

Per user: 

 Match User username
   ChrootDirectory %h
   ForceCommand internal-sftp
   AllowTcpForwarding no
   PermitTunnel no
   X11Forwarding no
 #Remember this one to close Match block!
 Match all

The ChrootDirectory must be owned by root.root with permissons 755. If you want group based access rights, you can do that in subdirectories.

ssh tunnel

ssh -L 1234:192.168.100.2:80 remotehost

And then connect to localhost:1234

rsync only as root

Retrieved from "https://wiki.dhits.nl/index.php?title=Ssh&oldid=5501"