Last active
February 17, 2018 17:51
-
-
Save BobCHub/a5086c7867d5907f90f46fffd87580a9 to your computer and use it in GitHub Desktop.
SSH
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| SSH | |
| ifconfig --------------------------------------------------------------------- Find Address | |
| sudo apt-get install openssh-server -------------------------------------------- Install the openssh-server package | |
| sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.factory-defaults ------------- Make a copy of the default SSH configura=on | |
| and rename it as factory default | |
| mkdir /home/username/.ssh ------------------------------------------------------ Created a for generated key will live | |
| mkdir ~/.ssh ------------------------------------------------------------------- Create a directory for generated key will live | |
| sudo chmod a-w /etc/ssh/sshd_config.factory-defaults --------------------------- modify its permissions chmod 700 | |
| chmod 700 ~/.ssh --------------------------------------------------------------- change folder permissions Method 2 | |
| 700 ~/.ssh && cat >> ~/.ssh/authorized_keys" ------------------------------------ change folder permissions Method 3 | |
| Configure | |
| sudo Vim /etc/ssh/sshd_config -------------------------------------------------- Edit configura=on file | |
| PasswordAuthentication no ------------------------------------------------------- Disable password authentication | |
| PermitRootLogin no ------------------------------------------------------------- A common attack is to attempt to use root to log into a server with SSH | |
| PermitRootLogin prohibit-password | |
| RSAAuthentication yes | |
| IgnoreRhosts yes --------------------------------------------------------------- To disable rhosts: | |
| HostbasedAuthentication no ------------------------------------------------------ SSH's host-based authentication is more secure than rhosts authentication | |
| RhostsAuthentication no | |
| port 22 | |
| ~/.ssh/authorized_keys key loca=on | |
| sudo service ssh restart -------------------------------------------------------- Restart ssh in order to take up changes | |
| ## Set UP ## | |
| Step 1: Create public and private keys on server | |
| ssh-keygen -t rsa -------------------------------------------------------------- Generate key | |
| cat /Users/me/.ssh/id_rsa.pub -------------------------------------------------- See and or copy id_rsa.pub | |
| id_rsa -------------------------------------------------------------------------- The private key. DO NOT SHARE THIS FILE! | |
| id_rsa.pub ---------------------------------------------------------------------- The associated public key. This can be shared freely without consequence. | |
| Step 2: Copy the public key to remote-host using ssh-copy-id | |
| ssh-copy-id -i ~/.ssh/mykey <user>@<host IP> ----------------------------------- Install it as an authorized key on the server | |
| Step 3: Login to remote-host without entering the password | |
| ssh <user>@<IP> | |
| Step 4: Restart | |
| sudo restart ssh --------------------------------------------------------------restart the SSH service. | |
| sudo service ssh restart ------------------------------------------------------restart the SSH service if above fails. | |
| sudo systemctl restart ssh ----------------------------------------------------restart the SSH service. | |
| Understanding ~/.ssh/config entries | |
| Host : Defines for which host or hosts the configuration section applies. The section ends with a new Host section or the end of the file. | |
| A single * as a pattern can be used to provide global defaults for all hosts. | |
| HostName : Specifies the real host name to log into. Numeric IP addresses are also permitted. | |
| User : Defines the username for the SSH connection. | |
| IdentityFile : Specifies a file from which the user’s DSA, ECDSA or DSA authentication identity is read. The default is ~/.ssh/identity for | |
| protocol version 1, and ~/.ssh/id_dsa, ~/.ssh/id_ecdsa and ~/.ssh/id_rsa for protocol version 2. | |
| ProxyCommand : Specifies the command to use to connect to the server. The command string extends to the end of the line, and is executed with | |
| the user’s shell. In the command string, any occurrence of %h will be substituted by the host name to connect, %p by the port, | |
| and %r by the remote user name. The command can be basically anything, and should read from its standard input and write to its | |
| standard output. This directive is useful in conjunction with nc(1) and its proxy support. For example, the following directive | |
| would connect via an HTTP proxy at 192.1.0.253: | |
| ProxyCommand /usr/bin/nc -X connect -x 192.1.0.253:3128 %h %p | |
| LocalForward : Specifies that a TCP port on the local machine be forwarded over the secure channel to the specified host and port from the remote | |
| machine. The first argument must be [bind_address:]port and the second argument must be host:hostport. | |
| Port : Specifies the port number to connect on the remote host. | |
| Protocol : Specifies the protocol versions ssh(1) should support in order of preference. The possible values are 1 and 2. | |
| ServerAliveInterval : Sets a timeout interval in seconds after which if no data has been received from the server, ssh(1) will send a message through | |
| the encrypted channel to request a response from the server. See blogpost “Open SSH Server connection drops out after few or N | |
| minutes of inactivity” for more information. | |
| ServerAliveCountMax : Sets the number of server alive messages which may be sent without ssh(1) receiving any messages back from the server. If this | |
| threshold is reached while server alive messages are being sent, ssh will disconnect from the server, terminating the session. | |
| sudo apt-get install openssh-server ------------------------------------------ install the SSH server on your server | |
| sudo apt-get install openssh-client ------------------------------------------ install the SSH client on your desktop | |
| cd ~/.ssh --------------------------------------------------------------------- client machine | |
| ssh-keygen -t rsa ------------------------------------------------------------ generate SSH keys on your client machine | |
| mkdir -p ~/.ssh/ ------------------------------------------------------------- On the server, create the folder for SSH | |
| scp -P "ssh-port" ~/.ssh/id_dsa.pub username@serverip-address:~/.ssh ---------- client machine, copy the public key file to your server | |
| cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys ------------------------------ Change the filename and permissions: | |
| chmod 700 .ssh | |
| chmod 600 .ssh/authorized_keys | |
| rm .ssh/id_rsa.pub | |
| ssh -P "ssh-port" username@serverip-address ------------------------------------ Log on | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment