Ssh
Links
FAQ
ssh multiplexing
https://www.cyberciti.biz/faq/linux-unix-reuse-openssh-connection
remember key passphrase
ssh-agent bash ssh-add ~/.ssh/id_rsa
root access from single host
Match Address 192.168.1.100 PermitRootLogin yes
multihop tunnel
ssh -A -t -l user jump-host \ -L 8080:localhost:8080 \ ssh -A -t -l user webserver.dmz \ -L 8080:localhost:8080
OR in .ssh/config define
Host targethost ProxyCommand ssh jumphost -W %h:%p
and then just
ssh -L 1234:<LAN address>:<port> targethost
SSH tunnel with putty
https://www.skyverge.com/blog/how-to-set-up-an-ssh-tunnel-with-putty/
Failed publickey
- acccess rights?
14: No supported authentication methods available [preauth]
Putty not configured to look at correct private key?
chrooted sftp
Homedir as defined in /etc/passwd /home/someuser
chmod 755 /home/someuser chown root.root /home/someuser
And then create writable dir for user:
mkdir /home/someuser/downloads chown someuser.someuser /home/someuser/downloads
Subsystem sftp internal-sftp
Per group:
/etc/ssh/sshd_config
Match Group sftponly ChrootDirectory %h ForceCommand internal-sftp AllowTcpForwarding no PermitTunnel no X11Forwarding no
#Remember this one to close Match block! Match all
Per user:
Match User username ChrootDirectory %h ForceCommand internal-sftp AllowTcpForwarding no PermitTunnel no X11Forwarding no #Remember this one to close Match block! Match all
The ChrootDirectory must be owned by root.root with permissons 755. If you want group based access rights, you can do that in subdirectories.
ssh tunnel
ssh -L 1234:192.168.100.2:80 remotehost
And then connect to localhost:1234
bind Cannot assign requested address
Maybe try ssh -4
Unable to negotiate with 192.168.100.4 port 22: no matching cipher found.
passing old cipher, like -o arcfour??
no matching host key type found
if that comes after 'rsa' try
PubkeyAcceptedKeyTypes=+ssh-rsa
in .ssh/config
rsync only as root
scp: no matching key exchange method found.
scp seems to ignore .ssh/config, so use
scp -o Ciphers=xxx
kex_exchange_identification: read: Connection reset by peer
only way to find out about that is look on server
Reverse tunnel with autossh
autossh -M 0 -o "ServerAliveInterval 30" -o "ServerAliveCountMax 3" -fgNR :10023:localhost:22 the.server
And in the.server:/etc/ssh/sshd_config
GatewayPorts clientspecified
to allow connecting to 10023 from outside
As systemd service: In /etc/systemd/system/sshtunnel.service
[Unit] Description=SSH Tunnel After=network.target
[Service] Restart=always RestartSec=20 User=root ExecStart=/bin/ssh -o ServerAliveInterval=30 -o ServerAliveCountMax=6 -gNR :10023:localhost:22 user@ssh.example.com
[Install] WantedBy=multi-user.target
ssh require both key and user password
In sshd_config AuthenticationMethods "publickey,password" # do not just set to no! #PasswordAuthentication yes
add your key to remote authorized_keys
ssh-copy-id remotehost
or, if not installed:
cat ~/.ssh/rsa_pub.id | ssh remotehost "cat >> ~/.ssh/authorized_keys"