SSH

create SSH key

ssh-keygen -q -b 4096 -f ~/.ssh/id_rsa -N '' -C "${USER}@$(hostname -f)"
ssh-keygen -q -t ed25519 -N '' -C "${USER}@$(hostname -f)"
ssh-keygen -m PEM -b 4096  -C "rundeck@rundeck.dev.example.com"

Load SSH key

eval $(ssh-agent) && ssh-add
 
ssh-add ~/.ssh/foo-key2

Copy public key to server (/home/foo/.ssh/authorized_keys)

ssh-copy-id foo@example.com
ssh-import-id-gh foo
 
# copy between remote hosts
ssh www.dev.example.com cat /root/.ssh/id_rsa.pub | ssh www.prod.example.com 'cat >> /root/.ssh/authorized_keys -'

show log

journalctl -u ssh
tail -f /var/log/auth.log
journalctl _COMM=sshd -f
 
# configuration
~/.ssh/config: user configuration
/etc/ssh/ssh_config: system-wide client configuration
/etc/ssh/sshd_config: system-wide server configurtion

http://www.panticz.de/SSH-server-enable-disable-password-authentication
http://www.panticz.de/ssh_pre-shared-key_authentication

Parameter

ssh \
-o UserKnownHostsFile=/dev/null \
-o StrictHostKeyChecking=no \
root@192.168.1.2

Configuraton ~/.ssh/config

Include config.d/*
 
Host 10.*
User root
StrictHostKeyChecking no
UserKnownHostsFile /dev/null
 
# exclude hosts
Host * !example.com !192.168.0.? !*.local
...
 
Host 192.168.0.*  tunnel.example.com
User foo
BatchMode yes
EscapeChar none
Compression yes
HostKeyAlias github-server-pool.github.com
CheckHostIp no
UserKnownHostsFile /dev/null
StrictHostKeyChecking no
AddKeysToAgent yes
LogLevel error
HostKeyAlgorithms=+ssh-dss
 
Host 10.20.30.40
    KexAlgorithms +diffie-hellman-group1-sha1
 
# jump host
Host 192.168.254.46
  ProxyCommand ssh root@192.168.1.42 -W %h:%p
  ForwardAgent yes
# batch mode (disable password authentification
-o PasswordAuthentication=no -o KbdInteractiveAuthentication=no -o ChallengeResponseAuthentication=no
-o BatchMode=yes
 
-o HostKeyAlgorithms=ssh-rsa -o FingerprintHash=md5
 
scp -i ~/ssh_bkp/id_rsa.pub ~/.ssh/id_rsa.pub root@www.example.com:/tmp/id_rsa.pub
cat ~/ssh_bkp/id_rsa.pub | ssh -i ~/ssh_bkp/id_rsa root@www.example.com 'cat >> .ssh/authorized_keys'
ssh -i ~/ssh_bkp/id_rsa root@www.example.com
cat ssh-keygen --if /tmp/id_rsa.pub >> ~/.ssh/authorized_keys
 
# port forward
sudo ssh -L 80:192.168.254.44:80 user@www.example.com -p 222 -N -i /home/${USER}/.ssh/id_rsa
ssh -L 127.0.0.2:8080:localhost:80 user@host

Parameter

-N do not execute a remote command
-f run in background
-C compression
-o ConnectTimeout=3
-o UserKnownHostsFile=/dev/null
-o StrictHostKeyChecking=no
-o ControlMaster=yes # permament connection
 
# prevent SSH timeout
-o ServerAliveInterval=30

Options

# force password authentication
ssh -o PreferredAuthentications=password -o PubkeyAuthentication=no foo@<ip-address>

http://linux.die.net/man/5/ssh_config

# test
Host mysql.tunnel
  HostName some-ssh-server.com
  User ssh_username
  LocalForward 3307 127.0.0.1:3306
 
Host tunnel.production.site.com
 User ec2-user
 UserKnownHostsFile /dev/null
 StrictHostKeyChecking=no
 
Host X01 X02 ...
     User my_username
     Compression yes
     Ciphers arcfour,blowfish-cbc
     Protocol 2
     ControlMaster auto
     ControlPath ~/.ssh/%r@%h:%p
 
  LocalForward 3307 127.0.0.1:3306
 
#  SendEnv LANG LC_*
  #HostKeyAlgorithms ssh-rsa
 
# reverse tunnel
# http://www.thegeekstuff.com/2013/11/reverse-ssh-tunnel/
ssh -fN -R 2222:localhost:22 user@www.example.com
# connect back from www.example.com
user@www.example.com:~$ ssh me@localhost -p 2222
 
# SSH config options
ForwardAgent yes
IdentitiesOnly yes
 IdentityFile /home/foo/.ssh/id_rsa
 
Host *
ForwardAgent yes
SendEnv LANG LC_*
StrictHostKeyChecking no
 
# add defatult domain
Host *.example.com
 HostName %h
 USER user
 
Host *
 HostName %h.example.com
 USER user
    BatchMode yes
 
# ssh forwarding to sudo
sudo -E -s
 
echo "Defaults env_keep+=SSH_AUTH_SOCK" >> /etc/sudoers.d/ssh
service sudo restart
 
# test if SSH agent is running
env | grep SSH_AGENT_PID
 
# starts SSH agent
eval $(ssh-agent)  
ssh-add
 
# remote X window with bash login
ssh -X USER@REMOTE_HOST -C /bin/bash -l -c "COMMAND"
 
# socket forward
ssh -N -D 8080 root@192.168.0.1
chromium-browser --proxy-server="socks5://localhost:8080"
 
?? --proxy-server="https=proxyip:8443;http=proxyip:8080"

Enamble DNS forward in Firefox:
network.proxy.socks_remote_dns: true

# port forward
ssh -N -L 8080:192.168.0.12:80 root@192.168.0.1
http://localhost:8080
 
# ssh forward to mailserver
# cat /etc/hosts
127.0.0.1 imap.example.com
127.0.0.1 smtp.example.com
sudo  ssh  -L 143:imap.example.com:143 -L 25:smtp.example.com:25 foo@vpn.example.com -i /home/foo/.ssh/id_rsa -N

deny SSH user

# /etc/ssh/sshd_config
DenyUsers foo
Match User test
PasswordAuthentication no
 
Host *
  ServerAliveInterval 30
LogLevel ERROR

Removes host keys from ~/.ssh/known_hosts by hostname or IP

ssh-keygen -R www.example.com

Update SSH know hosts

ssh-keyscan -t rsa  web{1..5}.example.com >> ~/.ssh/known_hosts

Forward webserver over SSH

# on client
#echo "GatewayPorts yes" >> /etc/ssh/sshd_config
echo "GatewayPorts clientspecified" >> /etc/ssh/sshd_config
service ssh restart
 
# on server
ssh -o StrictHostKeyChecking=no -N -R 80:192.168.0.1:80 -R 443:192.168.0.1:443 root@www.example.com

Get hostkey

ssh-keyscan SERVER
 
SendEnv no

Forwarding

DynamicForward 127.0.0.1:1080
RemoteForward 80 127.0.0.1:8000
LocalForward 1521 10.0.0.99:1521
GatewayPorts no
 
# forward proxy
# ~/.ssh/config.d/vm
Host 10.0.1.*
User ubuntu
RemoteForward 3128 proxy.example.com:8080
 
https_proxy=http://localhost:3128 wget https://www.google.de -O-
 
# double forward
ssh -A -R 10080:forward_from.tld:80 user@forward_to.tld "ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -g -N -L 80:localhost:10080 localhost"
 
# Forward DB port by SSH tunnel and make public accessible
ssh -A -R 10080:localhost:3306 root@db.example.com "ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -g -N -L 3306:localhost:10080 localhost"
 
# Forward port 80 from 10.0.21.3 to www.example.com:8080
ssh -A -R 12345:10.0.21.3:80 root@www.example.com "ssh -o UserKnoHostsFile=/dev/null -o StrictHostKeyChecking=no -g -N -L 8080:localhost:12345 localhost"
 
# copy block device over network with SSH
dd if=/dev/sdc | ssh -C user@host dd of=/dev/sdc
cat file | ssh -e none remote-host 'cat > file'
 
# show SSH status
systemctl status ssh

SSH VPN
https://help.ubuntu.com/community/SSH_VPN
https://wiki.archlinux.org/index.php/VPN_over_SSH

# on SSH VPN server
sudo sed -i 's/#GatewayPorts .*/GatewayPorts yes/g' /etc/ssh/sshd_config
sudo service ssh restart
 
# on SSH VPN client
sudo ssh \
  -i /home/foo/.ssh/id_rsa \
  -o PermitLocalCommand=yes \
  -o LocalCommand="sudo ifconfig tun0 192.168.99.2 pointopoint 192.168.99.1 netmask 255.255.255.0; sudo route add -net 192.168.100.0 gw 192.168.99.1 netmask 255.255.255.0" \
  -o ServerAliveInterval=60 \
  -w 0:0 root@gw.example.com -p 22022 \
  'sudo ifconfig tun0 192.168.99.1 pointopoint 192.168.99.2 netmask 255.255.255.0; echo tun0 ready'
 
 
# v2
# client
sudo ip tuntap add dev tun0 mode tun
sudo ip link set tun0 up
sudo ip addr add 192.168.10.100/32 peer 10.0.0.200 dev tun0
 
# sever
ssh ubuntu@hypervisor.lab.i.ewcs.ch
sudo ip tuntap add dev tun0 mode tun
sudo ip link set tun0 up
sudo ip addr add 192.168.10.200/32 peer 10.0.0.100 dev tun0
 
sudo ip tuntap del dev tun0 mode tun
sudo ip tuntap del dev tap0 mode tap

Workarround / Fix

# slow ssh login
systemctl restart systemd-logind
 
# fix "mesg: ttyname failed: Inappropriate ioctl for device" by force pseudo-tty allocation
ssh -t db.example.com "bash -l /path/to/cmd"
ssh -tt db.example.com 'bash -l -c "sqlplus system/oracle @/tmp/query1.sql"'
 
# sshfs
sshfs -o ServerAliveInterval=15 root@www.example.com:/var/www/ /mnt 
 
# /etc/ssh/sshd_config
Match User oli
   GatewayPorts yes
 
# resolve dns on localhost
ProxyCommand ssh db.example.com -W $(dig +short %h):%p

Jumphost
https://en.wikibooks.org/wiki/OpenSSH/Cookbook/Proxies_and_Jump_Hosts
https://tech.utzer.de/2019/04/14/ssh-config-ssh-via-jumphost-and-autossh-ssh-to-tor-hidden-service/
https://wiki.gentoo.org/wiki/SSH_jump_host

ssh -J jump.example.com foo@www.example.com
 
# multiple jumphost
ssh -J user1@host1:port1,user2@host2:port2 user3@host3

scp

# scp with sshpass
sshpass -p <PASSWORD> scp <USER>@<HOST>:~/htdocs/*.gz /mnt/backup/

Create new key on client

#ssh-keygen -t rsa 
#(confirm with 3x with enter to leave passphrase empty)
ssh-keygen -q -f ~/.ssh/id_rsa -N ''
 
# Copy public key to server
ssh-copy-id ${USER}@192.168.0.1
 
# Test login
ssh -v ${USER}@192.168.0.1
 
# Login with private key
ssh -i ./backup_ssh_key/id_rsa USER@YOUR_SERVER
 
# Import own ssh key by using previous / master ssh key
cat ~/.ssh/id_rsa.pub | ssh -i ./backup_ssh_key/id_rsa USER@YOUR_SERVER 'cat >> .ssh/authorized_keys'

OPTIONAL: Disable password login on server
http://www.panticz.de/SSH-server-enable-disable-password-authentication

Execute commands remotely using SSH
https://zaiste.net/a_few_ways_to_execute_commands_remotely_using_ssh/

ssh ${HOST} < ~/bin/script.sh

Access internal Git server over temporary SSH tunnel from public VM

# @www1 VM
cat /home/local/.ssh/config 
Host git.i.example.com
Hostname 127.0.0.1
Port 2222
 
#@workstation or deployment VM
ssh -R 2222:git.i.example.com:22 service@www1.example.com "git -C /var/www/html pull"

SSH Server with Two-Factor Authentication
https://www.globo.tech/learning-center/setup-ssh-server-with-two-factor-authentication-ubuntu-debian/

Multi line command

ssh foo@example << EOF
 date
 hostname
 cat /etc/resolv.conf
EOF
 
ssh foo@example << '
 date
 hostname
 cat /etc/resolv.conf
'

Fix slow SSH login

systemctl restart systemd-logind

Fix Unable to negotiate with 192.168.1.111 port 22: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group1-sha1

ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 192.168.1.111
 
ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 -oPubkeyAcceptedKeyTypes=+ssh-rsa -oHostKeyAlgorithms=+ssh-rsa -c aes128-cbc root@192.168.178.53
 
# virtual serial port
VSP
 
# text console
TEXTCONS

Certificate

ssh-keygen -L -f .ssh/id_rsa-cert.pub

cipher

# list avaiable cipher
ssh -Q cipher

Block access

sudo ufw deny from ${IP_FROM} port 22
sudo iptables -I INPUT -s ${IP_FROM} -p tcp --dport ssh -j DROP

Force password authentification

ssh -o PreferredAuthentications=password -o PubkeyAuthentication=no ${SERVER_IP}

The RSA SHA-1 hash algorithm is being quickly deprecated. There is a workaround for re-enabling RSA at

ssh -o PubkeyAcceptedKeyTypes=+ssh-rsa user@server
 
# or on SSH server
cat <<EOF>> /etc/ssh/sshd_config
HostKeyAlgorithms +ssh-rsa
PubkeyAcceptedKeyTypes +ssh-rsa
EOF
 
# or
echo "PubkeyAcceptedAlgorithms=+ssh-rsa" >  /etc/ssh/sshd_config.d/allow_ssh-rsa
sudo systemctl restart sshd

Enable ssh-dss

ssh -o HostKeyAlgorithms=+ssh-dss root@192.168.8.109
 
Host nas
  HostName 192.168.8.109
  HostKeyAlgorithms=+ssh-dss
  PubkeyAcceptedKeyTypes=+ssh-rsa
  # KexAlgorithms +diffie-hellman-group14-sha1

Old dropbear server

Host openwrt.example.com 192.168.1.111
PubkeyAcceptedKeyTypes +ssh-rsa
HostKeyAlgorithms=+ssh-dss
KexAlgorithms +diffie-hellman-group1-sha1

Show SSH key type

ssh-keygen -lf ~/.ssh/id_rsa

Import public SSH key from GitHub

# https://github.com/panticz.keys
ssh-import-id gh:cmars lp:panticz
 
# Ansible: Using github URL as key source
- authorized_key:
    user: charlie
    key: https://github.com/panticz.keys
 
# user_ssh_keys: "{{ lookup('url', 'https://github.com/foo.keys', split_lines=True) }}"
 
# cloud config
cloud-init.user-data: |
  #cloud-config
    users:
      - name: foot
        ssh_import_id:
          - gh:foo

Forward http(s) traffic through socks5

ssh -D 8080 foo@my_server.com
export http_proxy=socks5://127.0.0.1:8080 https_proxy=socks5://127.0.0.1:8080
curl example.com

Links
http://linuxproblem.org/art_9.html
http://www.pro-linux.de/work/rootserver/teil2.html
http://www.schlittermann.de/doc/ssh
http://ubuntuforums.org/showthread.php?t=625926
http://www.la-samhna.de/library/brutessh.html
http://linux.justinhartman.com/Secure_SSH_server_with_Public/Private_key_authentication
http://mikiwiki.org/wiki/ssh_%28Shell-Befehl%29
http://pentestmonkey.net/cheat-sheet/ssh-cheat-sheet
http://en.wikibooks.org/wiki/OpenSSH/Cookbook/Proxies_and_Jump_Hosts
http://matt.might.net/articles/ssh-hacks/