Understanding the SSH Encryption and Connection Process | DigitalOcean
SSH Essentials: Working with SSH Servers, Clients, and Keys | DigitalOcean
How to SSH Properly | SSH Security Best Practices | Teleport
SSH Handshake Explained | What is SSH Handshake? | Teleport
ssh-agent - OpenSSH authentication agent - man page
ssh-add command man page - openssh-clients | ManKier
ssh-keygen - man page
Generating SSH keys - User Documentation
Working with SSH key passphrases - User Documentation
How to manage SSH keys? | Teleport
Comparing SSH Keys - RSA, DSA, ECDSA, or EdDSA? | Teleport
Hardening SSH with 2fa
SSH Honey Keys
DIY Single Sign-On for SSH
How to use multiplexing to speed up the SSH - TechRepublic
networking - How can I specify a local port when establishing SSH connections? - Unix & Linux Stack Exchange
Mosh: the mobile shell
What Is the Mosh Shell and How Do You Use It?
TimeToogo/tunshell: Remote shell into ephemeral environments π π¦
X11 Forwarding
What You Need to Know About X11 Forwarding
How To Configure X11 Forwarding Using SSH In Linux - OSTechNix
ssh_config
Using the SSH Config File | Linuxize
Simplify Your Life With an SSH Config File | Nerderati
OpenSSH Config File Examples β nixCraft
ssh_config(5): OpenSSH SSH client config files - Linux man page
moul/advanced-ssh-config: make your ssh client smarter
force password login
ssh -o PreferredAuthentications=password -o PubkeyAuthentication=no user@serverpassword-less login
The Computer Kid: Password-less SSH
SSH - Using Keys Instead of Passwords
You can specify host alias, user and id in ~/.ssh/config:
Host 64.28
HostName 10.6.64.28
User kylee
IdentityFile ~/.ssh/kylee.id_rsaI now use this setting instead of multiple global IdentityFile entries.
Ssh-copy-id for copying SSH keys to servers | SSH.COM
Also see ssh-copy-id command instead of using scp as below.
It handles pushing public key to server and properly setting the permissions of the key.
With CA signed cert and not personal SSH cert
SSH Recipes in GoβββAn interlude β Tarka Labs Blog β Medium
Signed SSH Certificates - SSH - Secrets Engines - Vault by HashiCorp
Improving security by drawing identicons for SSH keys - DEV Community π©βπ»π¨βπ»
How to Lock Down Your SSH Server
on client
ssh-keygen -t rsa -b 4096 -f jwtRS256.key
# Don't add passphrase
openssl rsa -in jwtRS256.key -pubout -outform PEM -out jwtRS256.key.pub# generate ssh key pair (if you don't have one)
ssh-keygen -t rsa
ssh-keygen -t ed25519 -C <email>
# generate key with no passphrase
ssh-keygen -t rsa -b 4096 -f privateKey.pem -N ""
openssl rsa -in privateKey.pem -pubout -outform PEM -out publicKey.pem
ssh-keygen -f privateKey.pem -e -m pem > publicKey.pem
# scp requires next step on server
scp ~/.ssh/id_rsa.pub user@server:~/.ssh/
# or ssh-copy-id, no need to chmod on server
ssh-copy-id user@server
ssh-copy-id -i ID_FILE user@serveron server
# add public key to authorized_keys
cat ~/id_rsa.pub >> ~/.ssh/authorized_keys
# enforce permission settings
chmod 700 ~/.ssh
chmod 640 ~/.ssh/authorized_keys
\rm ~/id_rsa.pubcopying lots of small files
tar czf - <files> | ssh user@host "cd /wherever && tar xvzf -"
# if the files are not compressible
tar cf - <files> | ssh user@host "cd /wherever && tar xvf -"
git archive --format=tar origin/master | gzip -9c | ssh user@yourserver.com "tar --directory=/var/www -xvzf -"
docker save image | ssh user@yourserver.com "docker import -"X over ssh
use -x to allow remote X content to render locally
ssh -x SERVER "xclock"sudo over ssh
use -t to allocate pesudo-terminal to enter password
ssh -t SERVER "sudo COMMAND"sshd_config
SSH Tunneling
How an SSH tunnel can bypass firewalls, add encryption to application protocols, and help access services remotely.
Quick-Tip: SSH Tunneling Made Easy
SSH port forwarding/tunneling use cases and concrete examples. Client command, server configuration. Firewall considerations.
SSH Tunneling Explained | Source Open
The power of SSH tunneling. How it can make your developer life easier
Howto use SSH local and remote port forwarding | Debian Admin
SSH Tunneling - Local & Remote Port Forwarding (by Example) - YouTube
networking - How does reverse SSH tunneling work? - Unix & Linux Stack Exchange diagrams
-f puts ssh in background, implies -n
-n prevents reading stdin
-N disable execution of remote command
-T disable pseudo-terminal allocation
Hacking Out of a Network - Computerphile - YouTube
Note: domain resolution is done AFTER SSH (on the SSH server).
Local port forwarding
allows you to forward a local port number to a remote server
# `localhost:3306` (at `server.com`) is accessible at `localhost:8000`
$ ssh -fNT -L 8000:localhost:3306 user@server.com
$ ssh -fNT -L 8000:127.0.0.1:3306 coolio@database.server.com
# Access `restricted-domain.com:80` via `remote-server.com`, exposed at `localhost:8000`
$ ssh -L 8000:restricted-domain.com:80 user@remote-server.com# or with config
$ ssh -f -N tunnel
Host tunnel
HostName database.example.com
IdentityFile ~/.ssh/coolio.example.key
LocalForward 9906 127.0.0.1:3306
User coolioRemote port forwarding
forward all requests to a remote servers' port to your machine.
Can also expose SSH server.
# `localhost:3000` will be accessible at `remote-server.com:8000`
ssh -fNT -R 8000:localhost:3000 user@remote-server.com
# expose SSH server to `proxyserver`
# on target machine (`target`)
ssh -fNT -R 10002:localhost:22 proxyuser@proxyserver
# on client, with GatewayPorts
ssh targetuser@proxyserver -p 10002
# on client, without GatewayPorts
ssh proxyuser@proxyserver
ssh targetuser@localhost:10002
vi /etc/ssh/sshd_config
# set GatewayPorts to yesBypass Firewall and NAT with Reverse SSH Tunnel - MarkSanborn.net
Power of SSH Tunneling. Quoting SSH man page to remind us all⦠| by Dhruva Sagar | Tarka Labs Blog
Access web pages through your home network via SSH
SSH Tunneling - Poor Techie's VPN | Linux Journal
Set Up SSH Tunneling on a Linux - Unix - BSD Server To Bypass NAT
ssh tunnelling Archives - Everything CLI
Running a Bokeh server β Bokeh Documentation via ssh tunnel
sshuttle/sshuttle: Transparent proxy server that works as a poor man's VPN. Forwards over ssh. Doesn't require admin. Works with Linux and MacOS. Supports DNS tunneling.
sshuttle: where transparent proxy meets VPN meets ssh β sshuttle documentation
How to use SSH as a VPN with sshuttle - TechRepublic
VPN Technologies: A primer
Linux Fu: VPN For Free With SSH | Hackaday
ssh -R (reverse tunnel) man page hell β zwischenzugs
# forwarding `git://` (at port 9418)
$ ssh -L 9418:gitorious.org:9418 your.remote.host
$ git clone git://localhost/path/to/repository.gitKeep alive
shell - How to keep SSH tunnel alive - Server Fault
ssh tunnel - Prevent closing of SSH Local Port Forwarding - Server Fault
autossh
autossh man page - General Commands | ManKier
autossh(1): monitor/restart ssh sessions - Linux man page
autossh β Automatically restart SSH sessions and tunnels | Debian Admin
ctroncoso/alpine-autossh: Persistent SSH tunneling image for Docker
For example, if you are using a recent version of OpenSSH, you
may wish to explore using the ServerAliveInterval and
ServerAliveCountMax options to have the SSH client exit if it
finds itself no longer connected to the server. In many ways
this may be a better solution than the monitoring port.
You should look into the ClientAliveInterval keyword for sshd_config and the ServerAliveInterval interval for ssh_config or ~/.ssh/config.
Host *
ServerAliveInterval 60ssh -o TCPKeepAlive=yes -o ServerAliveInterval=300
SSH Agent Forwarding/Jump Host
Forward your local machine's credential to remote machine.
SSH Agent Forwarding: How to use SSH properly and what is SSH Agent Forwarding - DEV
Using SSH Agent Forwarding | GitHub Developer Guide
How to Access a Remote Server Using a Jump Host
How to use SSH to proxy through a Linux jump host - TechRepublic
OpenSSH/Cookbook/Proxies and Jump Hosts - Wikibooks, open books for an open world
Tutorial for setting up an SSH Jump Server | Teleport
Self healing reverse SSH setup with systemd
SSH ProxyCommand example: Going through one host to reach another server - nixCraft
SSH Agent forwarding using different usernames and different keys - Super User
What is SSH Agent Forwarding and How Do You Use It?