ssh multiplexing

remember key passphrase

ssh-agent bash
ssh-add ~/.ssh/id_rsa

root access from single host

Match Address
       PermitRootLogin yes

multihop tunnel

ssh -A -t -l user jump-host \
-L 8080:localhost:8080 \
ssh -A -t -l user webserver.dmz \
-L 8080:localhost:8080


SSH tunnel with putty

Failed publickey

  • acccess rights?

14: No supported authentication methods available [preauth]

Putty not configured to look at correct private key?


chrooted sftp

Homedir as defined in /etc/passwd /home/someuser

chmod 755 /home/someuser
chown root.root /home/someuser

And then create writable dir for user:

mkdir /home/someuser/downloads
chown someuser.someuser /home/someuser/downloads


Subsystem sftp internal-sftp

Per group:


 Match Group sftponly
   ChrootDirectory %h
   ForceCommand internal-sftp
   AllowTcpForwarding no
   PermitTunnel no
   X11Forwarding no
 #Remember this one to close Match block!
 Match all

Per user:

 Match User username
   ChrootDirectory %h
   ForceCommand internal-sftp
   AllowTcpForwarding no
   PermitTunnel no
   X11Forwarding no
 #Remember this one to close Match block!
 Match all

The ChrootDirectory must be owned by root.root with permissons 755. If you want group based access rights, you can do that in subdirectories.


ssh tunnel

ssh -L 1234: remotehost

And then connect to localhost:1234


bind Cannot assign requested address

Maybe try ssh -4

Unable to negotiate with port 22: no matching cipher found.

passing old cipher, like -o arcfour??

rsync only as root

scp: no matching key exchange method found.

scp seems to ignore .ssh/config, so use

scp -o Ciphers=xxx


kex_exchange_identification: read: Connection reset by peer

only way to find out about that is look on server

Reverse tunnel with autossh

autossh -M 0 -o "ServerAliveInterval 30" -o "ServerAliveCountMax 3" -fgNR :10023:localhost:22 the.server

And in the.server:/etc/ssh/sshd_config

GatewayPorts clientspecified

to allow connecting to 10023 from outside