Difference between revisions of "OpenSSH"
(→Basic) Tags: Mobile web edit, Mobile edit |
Tags: Mobile web edit, Mobile edit |
||
Line 34: | Line 34: | ||
* [[Configure OpenSSH to allow Public-key authentication]] (<code>authorized_keys</code>)<ref>https://www.digitalocean.com/community/tutorials/how-to-configure-ssh-key-based-authentication-on-a-linux-server</ref> | * [[Configure OpenSSH to allow Public-key authentication]] (<code>authorized_keys</code>)<ref>https://www.digitalocean.com/community/tutorials/how-to-configure-ssh-key-based-authentication-on-a-linux-server</ref> | ||
* [[/Activate SSH on macos/]]: <code>sudo [[systemsetup]] -setremotelogin on</code> | * [[/Activate SSH on macos/]]: <code>sudo [[systemsetup]] -setremotelogin on</code> | ||
− | * Activate [[OpenSSH]] on [[Windows]]:<ref>https://docs.microsoft.com/en-us/windows-server/administration/openssh/openssh_install_firstuse</ref> | + | * Activate [[OpenSSH]] on [[Windows]] ([[Windows Server 2019]] or [[Windows 1o]]):<ref>https://docs.microsoft.com/en-us/windows-server/administration/openssh/openssh_install_firstuse</ref> |
** Install OpenSSH optional capability from Windows interface. | ** Install OpenSSH optional capability from Windows interface. | ||
::: <code>[[Add-WindowsCapability]] -Online -Name OpenSSH.Server*</code> | ::: <code>[[Add-WindowsCapability]] -Online -Name OpenSSH.Server*</code> |
Revision as of 15:10, 16 March 2020
OpenSSH is a popular suite of software utilities implementing Secure Shell (SSH) protocol. OpenSSH includes the ability to set up a TCP secured channel and it is widely use as a replacement for not secured telnet and secure replacement of file transfers such as rcp and ftp. OpenSSH offers a great number of features including ssh session multiplexing. [1][2]
The OpenSSH suite includes the following command-line utilities and daemons:
ssh
, ssh client and TCP secure replacement for <templatestyles src="Mono/styles.css" />rlogin, <templatestyles src="Mono/styles.css" />rsh and <templatestyles src="Mono/styles.css" />telnet to allow shell access to a remote machine.scp
, a replacement forrcp
sftp
, a replacement forftp
to copy files between computerssshd
, the SSH server daemon which allows shell access and file transfers to a remote machine.ssh-keygen
, a tool to inspect and generate the RSA, DSA and Elliptic Curve keys that are used for user and host authenticationssh-agent
andssh-add
, utilities to ease authentication by holding keys ready and avoid the need to enter passphrases every time they are usedssh-keyscan
, which scans a list of hosts and collects their public keysssh-copy-id
, copy local keys to remote machine.
Readings
ssh clients
OpenSSH includes an ssh client:ssh
. Others clients are available such us putty
, mosh
, paramiko
and autossh
[3].
autossh
[4] main feature not include in OpenSSH ssh client is the capability to monitor an ssh connection and restart it if necessary.
- Loop waiting to connect to server:
AUTOSSH_POLL=5 AUTOSSH_GATETIME=0 autossh -M 0 -o ServerAliveInterval=5 -o ServerAliveCountMax=1 YOUR_SERVER_NAME_OR_IP
Ssh clients in Linux are frequently executed inside a terminal or using any kind of terminal multiplexer such as tmux
or screen
.
Activities
Basic
- Convert a putty ssh key format to Openssh format, you can follow the following instructions http://www.codeblocq.com/2016/05/Convert-a-putty-ppk-key-to-a-pem-file-on-OSX/, https://stackoverflow.com/questions/3475069/use-ppk-file-in-mac-terminal-to-connect-to-remote-connection-over-ssh
- Open a reverse ssh tunnel, follow the following instructions https://www.howtoforge.com/reverse-ssh-tunneling
- Configure OpenSSH to reuse ssh connections (
ControlMaster
) - Generate a public Key from a private Key: [5]
ssh-keygen -f ~/.ssh/id_rsa -y > ~/.ssh/id_rsa.pub
(example for RSA keys but can be applied to other key types) - Configure OpenSSH to allow Public-key authentication (
authorized_keys
)[6] - /Activate SSH on macos/:
sudo systemsetup -setremotelogin on
- Activate OpenSSH on Windows (Windows Server 2019 or Windows 1o):[7]
- Install OpenSSH optional capability from Windows interface.
Add-WindowsCapability -Online -Name OpenSSH.Server*
Start-Service sshd
Set-Service -Name sshd -StartupType 'Automatic'
Intermediate
- Learn about different client connection options, such us:
-oBatchMode=yes
or-o ConnectTimeout=2
[8] - Connect to remote server temporarily turning off host key checking, (security implications):
ssh -oStrictHostKeyChecking=no SERVER_NAME
Advanced
- Read ssh documentation about multiplexing https://en.wikibooks.org/wiki/OpenSSH/Cookbook/Multiplexing and its implementation details: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/PROTOCOL.mux?annotate=HEAD
- Configure ssh session multiplexing
- Use
ProxyJump
directive to connect using a "Jump Server"[9] - Run a shell script on a remote machine using ssh:
ssh root@MachineB 'bash -s' < local_script.sh
[10]. See also: parallel - Read https://github.com/openssh/openssh-portable source code
- Read OpenSSH changelog
See also
- Telnet (deprecated use), netcat
- OpenSSH (changelog):
/etc/ssh/sshd_config
|/etc/ssh/ssh_config
|~/.ssh/
|openSSL | sshd logs
|sftp
|scp
|authorized_keys
|ssh-keygen
|ssh-keyscan
|ssh-add
|ssh-agent
|ssh
|Ssh -O stop
|ssh-copy-id
|CheckHostIP
|UseKeychain
, OpenSSF sslh
[11] Applicative Protocol Multiplexer (e.g. share SSH and HTTPS on the same port)sshpass
(brew install http://git.io/sshpass.rb
)conch
client written in python- openssl
- Port knocking,
fail2ban
[12]fwknop
, DenyHosts - Security: Security portfolio, Security standards, Hardening, CVE, CWE, Wireless Network Hacking, vulnerability scanner, Security risk assessment, SCA, Application Security Testing, OWASP, Data leak, NIST, SANS, MITRE, Security policy, Access Control attacks, password policy, password cracking, Password manager, MFA, OTP, UTF, Firewall, DoS, Software bugs, MITM, Certified Ethical Hacker (CEH) Contents, Security+ Malware, FIPS, DLP, Network Access Control (NAC), VAPT, SIEM, EDR, SOC, pentest, PTaaS, Clickjacking, MobSF, Janus vulnerability, Back Orifice, Backdoor, CSO, CSPM, PoLP, forensic, encryption, Keylogger, Pwn2Own, CISO, Prototype pollution
Text is available under the Creative Commons Attribution-ShareAlike License; additional terms may apply. By using this site, you agree to the Terms of Use and Privacy Policy.
Original source: https://en.wikiversity.org/wiki/OpenSSH
- ↑ https://en.wikibooks.org/wiki/OpenSSH/Cookbook/Multiplexing
- ↑ https://stackoverflow.com/questions/20410252/how-to-reuse-an-ssh-connection
- ↑ https://linux.die.net/man/1/autossh
- ↑ https://linux.die.net/man/1/autossh
- ↑ https://serverfault.com/questions/52285/create-a-public-ssh-key-from-the-private-key
- ↑ https://www.digitalocean.com/community/tutorials/how-to-configure-ssh-key-based-authentication-on-a-linux-server
- ↑ https://docs.microsoft.com/en-us/windows-server/administration/openssh/openssh_install_firstuse
- ↑ https://linux.die.net/man/1/ssh
- ↑ https://en.wikibooks.org/wiki/OpenSSH/Cookbook/Proxies_and_Jump_Hosts#Passing_Through_One_or_More_Gateways_Using_ProxyJump
- ↑ https://stackoverflow.com/a/2732991
- ↑ https://github.com/yrutschle/sslh
- ↑ https://serverfault.com/a/608976
Advertising: