Secure Shell (SSH) is a cryptographic network protocol for operating network services securely over an unsecured network. Typical applications include remote command-line, login, and remote command execution, but any network service can be secured with SSH. — Wikipedia
Keys
Create new key:
ssh-keygen -f ~/.ssh/key_id
Copy public key to server:
ssh-copy-id -i ~/.ssh/key_id user@host
In /etc/ssh/sshd_config
:
Host github.com
User github-user
IdentityFile ~/.ssh/github_id
Tunneling
Local
ssh -L 8080:www.ubuntuforums.org:80 <host>
Dynamtic
ssh -D 8888 thomas@1.2.3.4 [-p 443]
-C
enabled compression
Reverse
In /etc/ssh/sshd_config
:
GatewayPorts yes # bind all tunnels to 0.0.0.0
GatewayPorts clientspecified # let the client decide how to bind
Start tunnel:
ssh -R 0.0.0.0:8080:localhost:1313 -N bastion
Host reverse-tunnel
Hostname login.example.com
RemoteForward 0.0.0.0:8080 localhost:1313
Jump client
New format; after 7.3
Host login
Hostname login.example.com
Port 2313
Host web01
Hostname vm-web01.lan.example.com
ProxyJump login
Old format; before 7.3
Host login
Hostname login.example.com
Port 2313
Host web01
Hostname vm-web01.lan.example.com
ProxyCommand ssh -q -W %h:%p login
SSHFP record
ssh-keygen -r login.example.com (-f .ssh/id_rsa)
SSH agent
eval `ssh-agent`
SFTP
Client
sftp -P 1234 thomas@login.example.com
Mount
sshfs web01:/backup/ /mnt/web01/
Without shell access
/etc/ssh/sshd_config
Match User leecher
# Match Group leechers
ForceCommand internal-sftp
PasswordAuthentication yes
ChrootDirectory /mnt/sftp
PermitTunnel no
AllowAgentForwarding no
AllowTcpForwarding no
X11Forwarding no
Server
Disable password login
PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM no
autossh
https://www.harding.motd.ca/autossh/
autossh -M 20000 -f -N your_public_server -R 1234:localhost:22 -C
-M port[:echo_port]
specifies the base monitoring port to use