remember key passphrase
ssh-agent bash ssh-add ~/.ssh/id_rsa
root access from single host
Match Address 192.168.1.100 PermitRootLogin yes
ssh -A -t -l user jump-host \ -L 8080:localhost:8080 \ ssh -A -t -l user webserver.dmz \ -L 8080:localhost:8080
OR in .ssh/config define
Host targethost ProxyCommand ssh jumphost -W %h:%p
and then just
ssh -L 1234:<LAN address>:<port> targethost
SSH tunnel with putty
- acccess rights?
14: No supported authentication methods available [preauth]
Putty not configured to look at correct private key?
Homedir as defined in /etc/passwd /home/someuser
chmod 755 /home/someuser chown root.root /home/someuser
And then create writable dir for user:
mkdir /home/someuser/downloads chown someuser.someuser /home/someuser/downloads
Subsystem sftp internal-sftp
Match Group sftponly ChrootDirectory %h ForceCommand internal-sftp AllowTcpForwarding no PermitTunnel no X11Forwarding no
#Remember this one to close Match block! Match all
Match User username ChrootDirectory %h ForceCommand internal-sftp AllowTcpForwarding no PermitTunnel no X11Forwarding no #Remember this one to close Match block! Match all
The ChrootDirectory must be owned by root.root with permissons 755. If you want group based access rights, you can do that in subdirectories.
ssh -L 1234:192.168.100.2:80 remotehost
And then connect to localhost:1234
bind Cannot assign requested address
Maybe try ssh -4
Unable to negotiate with 192.168.100.4 port 22: no matching cipher found.
passing old cipher, like -o arcfour??
rsync only as root
scp: no matching key exchange method found.
scp seems to ignore .ssh/config, so use
scp -o Ciphers=xxx
kex_exchange_identification: read: Connection reset by peer
only way to find out about that is look on server
Reverse tunnel with autossh
autossh -M 0 -o "ServerAliveInterval 30" -o "ServerAliveCountMax 3" -fgNR :10023:localhost:22 the.server
And in the.server:/etc/ssh/sshd_config
to allow connecting to 10023 from outside
== ssh require both key and user password == In sshd_config AuthenticationMethods "publickey,password" # do not just set to no! #PasswordAuthentication yes