Ssh

From campisano.org
Jump to navigation Jump to search

Create a key

~$ ssh-keygen -t dsa # only if you don't have .ssh/id_dsa.pub
~$ ssh-agent bash # run the authentication agent
~$ ssh-add # adds private key identities to the authentication agent

SSH keep alive

from

nano .ssh/config

# note: this config must be the last one
# the first match wins!
Host *
    ServerAliveInterval 30
    ServerAliveCountMax 10

SSH tunneling

To open remote port 80 as local port 8080:

ssh -v -C -N -L 8080:localhost:80 <REMOTEUSER>@<REMOTESERVER>

-v : verbose

-C : compression (useful only for slow networks)

-N : don't open a remote shell

Tunneling a proxy

ssh -v -C -N -g -D 3128 <REMOTEUSER>@<REMOTESERVER>

SSH port forwarding for X remote session

open remote app to local X server (ex Oracle graphic installation on remote server without X)

On local host

X :2
ssh -C -c blowfish-cbc,arcfour -R 6000:localhost:6002 <REMOTEUSER>@<REMOTESERVER>

On remote host

export DISPLAY=:0
xterm

Config example

####                                                                                                                                                          
# Commons (must be the last ones: the first match wins)                                                                                                       
####                                                                                                                                                          

Host *
    ServerAliveInterval 10
    ServerAliveCountMax 30

    IdentityFile ~/.ssh/id_rsa
    IdentitiesOnly yes

    Compression yes
    CompressionLevel 9

    ForwardAgent no
    ForwardX11 no
    ForwardX11Trusted no

    PubkeyAuthentication yes
    PasswordAuthentication yes

    ChallengeResponseAuthentication no
    RSAAuthentication no
    GSSAPIAuthentication no
    GSSAPIDelegateCredentials no
    GSSAPIKeyExchange no

Install SSH Server on a different port

apt-get install openssh-server
systemctl stop sshd
cd /etc
sed -i 's|#Port 22|Port 10022|g; s|#PasswordAuthentication yes|PasswordAuthentication no|g' ssh/sshd_config
systemctl start sshd

Links