SSH
Remove all keys host from known_hosts
ssh-keygen -R <host_name>
Executing a command on a remote host
ssh user_name@remote_server "comamnd"
Copy directory
tar -cvj /datafolder | ssh user_name@remote_server "tar -xj -C /datafolder"
Wireshark
ssh user_name@remote_server 'tcpdump -c 1000 -nn -w - not port 22' | wireshark -k –i
Do not execute a remote command
ssh -N
Allows remote hosts to connect to local forwarded ports
ssh -g
Requests ssh to go to background just before command execution
ssh -f
Editing a file via scp
vim scp://user_name@remote_server //path_to_file
Mount local directory to remote host
sshfs user_name@remote_serve:/remote_directory /local_directory
Show control sequences
<Enter>~?
Generate RSA
ssh-keygen -f ~/name_key_file_rsa -t rsa -b 2048
Generate for paramiko
ssh-keygen -m pem -t rsa -C "test"
Convert for FileZilla
puttygen keyname -o keyname.ppk
Add fingerprint
ssh-keyscan -t <fingerprint type> -H <host_name> >> ~/.ssh/known_hosts
Generate key pair for host Certificate Authority (CA)
ssh-keygen -t rsa -b 4096 -f <host CA key file name>_rsa_key -C "<comment>"
Generate ssh key pair for target host
ssh-keygen -t rsa -b 4096 -f <host key file name>_rsa_key
Signing the host key
ssh-keygen -s <host CA key file name>_rsa_key -I "<key ID>" -h -n "<host principals>" -V <validity interval> <host ca key file name>_rsa_key.pub
ssh-keygen -Lf <host certificate file name>_rsa_key-cert.pub
Copy certificate and keys to target host
scp <host ca key file name>_rsa_key.pub <user_name>@<remote_server>:/etc/ssh
scp <host ca key file name>_rsa_key-cert.pub <user_name>@<remote_server>:/etc/ssh
scp <host ca key file name>_rsa_key <user_name>@<remote_server>:/etc/ssh
Add host certificate in sshd config /etc/ssh/sshd_config
HostCertificate /etc/ssh/<host ca key file name>_rsa_key-cert.pub
Add host CA certificate to known_hosts on user computer
@cert-authority <wildcard domain> <content of pub key of Certificate Authority>
Generate key pair for user Certificate Authority (CA)
ssh-keygen -t rsa -b 4096 -f <user CA key file name>_rsa_key -C "<comment>"
Generate ssh key pair for target user
ssh-keygen -t rsa -b 4096 -f <user key file name>_rsa_key
Signing the user key
ssh-keygen -s <user CA key file name>_rsa_key -I "<key ID>" -h -n "<user principals>" -V <validity interval> <user ca key file name>_rsa_key.pub
ssh-keygen -Lf <user certificate file name>_rsa_key-cert.pub
Copy user user Certificate Authority (CA) to target host
scp <user ca key file name>_rsa_key.pub <user_name>@<remote_server>:/etc/ssh
Add user Certificate Authority (CA) in sshd config /etc/ssh/sshd_config
TrustedUserCAKeys /etc/ssh/<user ca key file name>_rsa_key.pub
local host > ssh host > Network
ssh -D 0.0.0.0:port_number user_name@remote_server
local host > ssh host
ssh -L 0.0.0.0:port_number:127.0.0.1:port_number user_name@remote_server
local host > ssh host > remote host
ssh -L 0.0.0.0:port_number:X.X.X.X:port_number user_name@remote_server
ssh host > local host -> (local host > ssh host)
ssh -R 0.0.0.0:port_number:127.0.0.1:port_number user_name@remote_server
remote host < ssh host > local host -> (local host > ssh host > remote host)
ssh -R 0.0.0.0:port_number:X.X.X.X:port_number user_name@remote_server
Network < ssh host > local host -> (local host > ssh host > Network)
ssh -v -R 0.0.0.0:port_number user_name@remote_server
local host > host1 > ssh host
ssh -J host1,host2,host3 user_name@remote_server
local host > ssh host remote host > ssh_host
local_host > ssh_host > remote_host
ssh -L port_number:127.0.0.1:port_number user_name@remote_server
ssh -R port_number:127.0.0.1:port_number user_name@remote_server
Create file
vim /etc/mybanner
Enable banner in /etc/ssh/sshd_config
Banner /etc/mybanner
Install
yum install xauth
Run remote GUI-application
ssh -XYC remote_server program_name
Host *
ForwardAgent no
ForwardX11 no
ForwardX11Trusted yes
Protocol 2
ServerAliveInterval 60
ServerAliveCountMax 30
Host <alias>
HostName <host_name>
User <user_name>
port 22
IdentityFile <path_to_key>
Host *
User <user_name>
port 22
IdentityFile <path_to_key>