SSH

From Network Security Wiki


Secure Shell (SSH) Tips & Tricks:

Passwordless SSH Aunthentication

ssh-keygen  [Press enter key 3 times]                          # Generate SSH key pair (public + private key)
ssh-copy-id -i ~/.ssh/id_rsa.pub -p 2222 [email protected]      # Copy Public key to remote server
  [email protected]'s password:xxxxxxxxxxx
ssh -p 2222 [email protected]                                   # Test connectivity
Alternative

Add the following to .bashrc file:

alias easyssh='sshpass -p passwd ssh [email protected] -p 2222'

But this may be a security issue as password can be found from logs & this file.

MySQL connection over SSH tunnel

ssh -f [email protected] -L 3307:mysql1.server.com:3306 -N

Then at localhost:

mysql -h 127.0.0.1 -P 3307 -u dbuser -p db

Use Key-less SSH login to skip password entry.


Copy files via SSH

scp -rp FILE_NAME USERNAME@HOST:DEST_PATH
sshpass -p nsroot scp -rp [email protected]:/nsconfig/ns.conf conf.txt


Disable SSH timeout

Completely disable SSH timeout

sudo nano /etc/ssh/sshd_config
  TCPKeepAlive yes
  ClientAliveInterval 30
  ClientAliveCountMax 99999
sudo service sshd restart

Password from LAN, Key from Internet

Source: ubuntuforums.org

sudo nano /etc/ssh/sshd_config
# require a key for everybody
PasswordAuthentication no

# any member of the group 'downstairs' can log in without a key
# while connecting from the subnet 
Match Address 192.168.0.0/16 Group downstairs
    PasswordAuthentication yes


{{#widget:DISQUS |id=networkm |uniqid=SSH |url=https://aman.awiki.org/wiki/SSH }}