Editing OpenSSH
Jump to navigation
Jump to search
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.
The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then save the changes below to finish undoing the edit.
| Latest revision | Your text | ||
| Line 1: | Line 1: | ||
| − | '''[[wikipedia:OpenSSH|OpenSSH]]''' is a popular suite of software utilities implementing [[Secure Shell]] (SSH) protocol. OpenSSH includes the ability to set up a | + | '''[[wikipedia:OpenSSH|OpenSSH]]''' is a popular suite of software utilities implementing [[Secure Shell]] (SSH) protocol. OpenSSH includes the ability to set up a TCP secured channel and it is widely use as a replacement for not secured [[telnet]] and secure replacement of file transfers such as rcp and ftp. OpenSSH offers a great number of features including ssh session multiplexing. |
<ref>https://en.wikibooks.org/wiki/OpenSSH/Cookbook/Multiplexing</ref><ref>https://stackoverflow.com/questions/20410252/how-to-reuse-an-ssh-connection</ref> | <ref>https://en.wikibooks.org/wiki/OpenSSH/Cookbook/Multiplexing</ref><ref>https://stackoverflow.com/questions/20410252/how-to-reuse-an-ssh-connection</ref> | ||
The OpenSSH suite includes the following command-line utilities and daemons: | The OpenSSH suite includes the following command-line utilities and daemons: | ||
| − | * <code>[[ssh (OpenSSH client)|ssh]]</code>, | + | * <code>[[ssh (OpenSSH client)|ssh]]</code>, ssh client and TCP secure replacement for {{Mono|rlogin}}, {{Mono|rsh}} and {{Mono|[[telnet]]}} to allow shell access to a remote machine. |
| − | * <code>[[scp]]</code>, a replacement for | + | * <code>[[scp]]</code>, a replacement for {{Mono|rcp (Unix)}} |
| − | * <code>sftp</code>, a replacement for | + | * <code>sftp</code>, a replacement for {{Mono|ftp}} to copy files between computers |
* <code>[[sshd]]</code>, the SSH server daemon which allows shell access and file transfers to a remote machine. | * <code>[[sshd]]</code>, the SSH server daemon which allows shell access and file transfers to a remote machine. | ||
* <code>[[ssh-keygen]]</code>, a tool to inspect and generate the RSA, DSA and Elliptic Curve keys that are used for user and host authentication | * <code>[[ssh-keygen]]</code>, a tool to inspect and generate the RSA, DSA and Elliptic Curve keys that are used for user and host authentication | ||
| + | * <code>[[ssh-agent]]</code> and <code>[[ssh-add]]</code>, utilities to ease authentication by holding keys ready and avoid the need to enter passphrases every time they are used | ||
* <code>[[ssh-keyscan]]</code>, which scans a list of hosts and collects their public keys | * <code>[[ssh-keyscan]]</code>, which scans a list of hosts and collects their public keys | ||
| − | |||
* <code>[[ssh-copy-id]]</code>, copy local keys to remote machine. | * <code>[[ssh-copy-id]]</code>, copy local keys to remote machine. | ||
| Line 16: | Line 16: | ||
* [[Wikibooks: OpenSSH]] | * [[Wikibooks: OpenSSH]] | ||
* [[OpenSSH changelog]] | * [[OpenSSH changelog]] | ||
| − | |||
| − | |||
| − | |||
| − | |||
== ssh clients == | == ssh clients == | ||
| − | OpenSSH includes an ssh client:<code> | + | OpenSSH includes an [[ssh]] client:<code>ssh</code>. Others clients are available such us putty, mosh, paramiko and <code>autossh</code><ref>https://linux.die.net/man/1/autossh</ref>. |
<code>autossh</code><ref>https://linux.die.net/man/1/autossh</ref> main feature not include in OpenSSH ssh client is the capability to monitor an ssh connection and restart it if necessary. | <code>autossh</code><ref>https://linux.die.net/man/1/autossh</ref> main feature not include in OpenSSH ssh client is the capability to monitor an ssh connection and restart it if necessary. | ||
| − | * Loop waiting to connect to server: <code>AUTOSSH_POLL=5 AUTOSSH_GATETIME=0 | + | * Loop waiting to connect to server: <code>AUTOSSH_POLL=5 AUTOSSH_GATETIME=0 autossh -M 0 -o ServerAliveInterval=5 -o ServerAliveCountMax=1 YOUR_SERVER_NAME_OR_IP</code> |
| − | Ssh clients in Linux are frequently executed inside a terminal or using any kind of terminal multiplexer such as | + | Ssh clients in Linux are frequently executed inside a terminal or using any kind of terminal multiplexer such as tmux or screen. |
== Activities == | == Activities == | ||
=== Basic === | === Basic === | ||
| − | + | * ''Convert a putty ssh key format to Openssh format'', you can follow the following instructions http://www.codeblocq.com/2016/05/Convert-a-putty-ppk-key-to-a-pem-file-on-OSX/, https://stackoverflow.com/questions/3475069/use-ppk-file-in-mac-terminal-to-connect-to-remote-connection-over-ssh | |
| − | * ''Convert a | ||
* Open a reverse ssh tunnel, follow the following instructions https://www.howtoforge.com/reverse-ssh-tunneling | * Open a reverse ssh tunnel, follow the following instructions https://www.howtoforge.com/reverse-ssh-tunneling | ||
* [[Configure OpenSSH to reuse ssh connections]] (<code>ControlMaster</code>) | * [[Configure OpenSSH to reuse ssh connections]] (<code>ControlMaster</code>) | ||
| − | * Generate a public Key from a private Key: <ref>https://serverfault.com/questions/52285/create-a-public-ssh-key-from-the-private-key</ref><code>[[ssh-keygen]] -f ~/.ssh/id_rsa -y > ~/.ssh/id_rsa.pub</code> (example for | + | * Generate a public Key from a private Key: <ref>https://serverfault.com/questions/52285/create-a-public-ssh-key-from-the-private-key</ref><code>[[ssh-keygen]] -f ~/.ssh/id_rsa -y > ~/.ssh/id_rsa.pub</code> (example for RSA keys but can be applied to other key types) |
* [[Configure OpenSSH to allow Public-key authentication]] (<code>authorized_keys</code>)<ref>https://www.digitalocean.com/community/tutorials/how-to-configure-ssh-key-based-authentication-on-a-linux-server</ref> | * [[Configure OpenSSH to allow Public-key authentication]] (<code>authorized_keys</code>)<ref>https://www.digitalocean.com/community/tutorials/how-to-configure-ssh-key-based-authentication-on-a-linux-server</ref> | ||
| − | * [[Activate SSH on | + | * [[/Activate SSH on macos/]]: <code>sudo [[systemsetup]] -setremotelogin on</code> |
| − | |||
=== Intermediate === | === Intermediate === | ||
| Line 47: | Line 41: | ||
=== Advanced === | === Advanced === | ||
# Read ssh documentation about multiplexing https://en.wikibooks.org/wiki/OpenSSH/Cookbook/Multiplexing and its implementation details: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/PROTOCOL.mux?annotate=HEAD | # Read ssh documentation about multiplexing https://en.wikibooks.org/wiki/OpenSSH/Cookbook/Multiplexing and its implementation details: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/PROTOCOL.mux?annotate=HEAD | ||
| − | # Configure ssh session | + | # Configure ssh session multiplexing |
| − | # Use <code> | + | # Use <code>ProxyJump</code> directive to connect using a "Jump Server"<ref>https://en.wikibooks.org/wiki/OpenSSH/Cookbook/Proxies_and_Jump_Hosts#Passing_Through_One_or_More_Gateways_Using_ProxyJump</ref> |
# Run a shell script on a remote machine using ssh: <code>ssh root@MachineB 'bash -s' < local_script.sh</code><ref>https://stackoverflow.com/a/2732991</ref>. See also: [[parallel]] | # Run a shell script on a remote machine using ssh: <code>ssh root@MachineB 'bash -s' < local_script.sh</code><ref>https://stackoverflow.com/a/2732991</ref>. See also: [[parallel]] | ||
# Read https://github.com/openssh/openssh-portable source code | # Read https://github.com/openssh/openssh-portable source code | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
== See also == | == See also == | ||
| Line 67: | Line 54: | ||
* [[openssl]] | * [[openssl]] | ||
* {{fail2ban}} | * {{fail2ban}} | ||
| − | |||
{{CC license}} | {{CC license}} | ||
Advertising:
