===== ToDo =====

  * http://demos.anyterm.org/bastet/anyterm.html / ajaxterm # ssh web client SsH
  * https://superuser.com/questions/599253/i-am-trying-to-ssh-into-a-server-and-it-hangs-at-login
  * http://thinkhole.org/wp/2006/10/30/five-steps-to-a-more-secure-ssh/# [[Security]] 
  * http://talk.maemo.org/showthread.php?t=82727# HarmattaN
  * http://www.meegoexperts.com/2011/12/wi-fi-power-management-sshsftp-sessions/


   rm ~/.ssh/known_hosts ; sudo rm  /etc/ssh/*key* ;  sudo dpkg-reconfigure openssh-server


==== SSH ====

  sudo apt-get install keychain ssh-askpass

  killall ssh-agent
  ssh-agent $SHELL
  ssh-add $HOME/.ssh/id_rsa && ssh-add -L && ssh-copy-id localhost && ssh localhost

  * https://tracker.debian.org/pkg/ssh-askpass
  * https://answers.launchpad.net/ubuntu/+source/openssh/+question/254248


==== SSH NET ====

  * http://zwitterion.org/software/ssh-https-tunnel/ssh-https-tunnel
  * http://www.boran.com/security/sp/ssh-part1.html
  * http://www.hsc.fr/ressources/outils/ssltunnel/index.html.en


redirect HTTPS port to standard port 22 :

  iptables -t nat -A PREROUTING  -p tcp --dport 143 -j REDIRECT --to-ports 22

  ssh -p 22 localhost # ok
  ssh -p 143 localhost # ko

[[Software]] : http://gstm.sourceforge.net/?page_id=5

key auth:

  l=localhost
  u=$USER
  for h in $l ; do cat ~/.ssh/*.pub | ssh $u@$h "cat >> ~/.ssh/authorized_keys"; done

Tunnel

  ssh -R 1234:here:8022  thereuser@therehost # @ Here
  ssh -p 1234 hereuser@localhost # There

  sudo httptunnel -A USER:PASS -P ${PROXY}:3128 -F 222 remote:22 # here behind
  ssh -R 1234:localhost:22 -P 222 user@localhost # @ remote


  ssh -L localport:remotehost:distport ?
  ssh -R distport:localhost:localport ?

  export HERE_HOST=localhost
  export HERE_PORT=8800

  ssh -L 8800:localhost:3128  # @here
  ssh -R ? :localhost: ?  # @here


  ssh localhost:1234  # @here , will connect to @there


==== TIPS AND TRICKS =====

  ssh-add -L || ssh-add  || eval $(ssh-agent)
  ssh-agent  | tee ~/.ssh/tmp.sh && . ~/.ssh/tmp.sh && ssh-add
  ssh-copy-id localhost && ssh localhost


  ssh-keygen -p -f ~/.ssh/id_rsa # update passphrase

  cat *.tar.bz2 | ssh -C root@tel 'mkdir -p /home/ && cd /home && tar xfvj -'
  

@TaG: ShelL AgenT


==== [[Proxy]] ====

  echo $SOCKS_SERVER

  man ssh ssh2
       SSH_SOCKS_SERVER
              If  SOCKS is used, it is configured with this vari­
              able.  The format of the variable is  socks://user­
              name@socks_server:port/network/netmask,network/net­
              mask ...  f


==== scp Err ====

  scp user@host:port:/path/ ./
  FATAL: failed to begin relaying via HTTP.
  ssh_exchange_identification: Connection closed by remote host

[[Port]] seems ignored , workaround :

  grep Port  /etc/ssh/ssh_config
  Port 443


=== "ssh_dispatch_run_fatal: Connection to " "incorrect signature" ===

  OpenSSH_7.3p1, OpenSSL 1.0.2l  25 May 2017

  * https://serverfault.com/questions/774170/ssh-incorrect-signature-while-connecting-to-server# SsH AmLogic

==== Modes====

  Permissions 0644 for '/cygdrive/h/.ssh/id_rsa' are too open.
  It is recommended that your private key files are NOT accessible by others.
  This private key will be ignored.
  bad permissions: ignore key: /cygdrive/h/.ssh/id_rsa

  # [[Cygwin]]
  chmod -v 700 ~/.ssh
  chmod -v 400 ~/.ssh/id_dsa
  chmod -v 644 ~/.ssh/id_dsa*.pub
  chmod -v 644 ~/.ssh/ssh_config
  chmod -v 644 ~/.ssh/known_host
  chmod -v 644 ~/.ssh/authorized_key

==== mail over ssh ====

http://www.nocrew.org/software/httptunnel.html

Server: 

  sshd hts -forward-port localhost:22 80

Client:

  htc -forward-port 1022 ${sshd_host}:80
  ssh -L 1110:${mail_host}:110 ${USER_SSH}@localhost -p 1022

Check mail at localhost:1110 (will fwd to mailhost:110)


===== MESSAGE =====

  debug1: read_passphrase: can't open /dev/tty: Permission denied
  Host key verification failed.

  ssh_exchange_identification: Connection closed by remote host

  * http://edoceo.com/notabene/ssh-exchange-identification

  * http://unix.stackexchange.com/questions/128894/ssh-exchange-identification-connection-closed-by-remote-host-not-using-hosts-d

==== X11 forwarding request failed on channel 0 ====



===== ssh: connect to host $hostname port $port: Connection timed out =====

check using nmap ?

<code>
nmap -p $port $host

Starting Nmap 7.40 ( https://nmap.org ) at 2019-01-28 01:14 CET
Nmap scan report for $host ($ip)
Host is up (0.078s latency).
rDNS record for $ip: $host
PORT      STATE    SERVICE
$port/tcp filtered unknown
</code>
===== debug1: Exit status 171 =====

On CygwiN

  * https://cygwin.com/cgi-bin2/package-cat.cgi?file=x86_64%2Fopenssh%2Fopenssh-7.8p1-1-src&grep=ssh
===== ssh_dispatch_run_fatal: Connection ====

AmLogic

===== ssh_exchange_identification: read: Connection reset by peer =====

  ssh -vvv root@rpi
  ssh_exchange_identification: read: Connection reset by peer

Solution: 

  check /etc/hosts.deny 
  chown /var/lib/empty 

  [[SystemD]]


==== "we sent a publickey packet, wait for reply" =====

Q:

  ssh -vvv $host

  [root@archlinux rzr]# journalctl -f  | grep ssh 
  Feb 19 09:03:09 archlinux sshd[8332]: Authentication refused: bad ownership or modes for file /home/rzr/.ssh/authorized_keys
  Feb 19 09:03:09 archlinux sshd[8332]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]


A:

  file ${HOME}/.ssh # should be a dir and not a fuse mounted dir
  chmod g-w ${HOME}
  chmod 700 ${HOME}/.ssh
  chmod 600 ${HOME}/.ssh/authorized_keys


=== ssh -X ===

  "X11 forwarding request failed on channel "

  /etc/ssh/sshd_config
  +X11UseLocalhost no

===== sshfs =====

<code>
sshfs  $host:$dir $dir   -o nonempty -o uid=1001 -o gid=1001 -p 443 -o sshfs_debug -o debug -o LogLevel=DEBUG3

debug1: Sending subsystem: sftp
debug2: channel 0: request subsystem confirm 1
debug2: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32668
debug2: channel_input_status_confirm: type 100 id 0
subsystem request failed on channel 0
read: Connection reset by peer
</code>

   sudo aptitude reinstall --purge openssh-sftp-server

  * http://unix.stackexchange.com/questions/214475/sftp-on-raspberry-pi-troubleshooting
  * http://forums.debian.net/viewtopic.php?f=5&t=42818

==== Windows ====

  * https://serverfault.com/questions/1000283/windows-10-ssh-hangs-after-password-authentication-at-debug2-channel-0-open-c
===== LINKS =====

  * http://www.xk72.com/midpssh/download.html# [[SSH]] [[MIDlet]]
  * http://s2putty.sourceforge.net/#
  * http://sshwindows.sourceforge.net/# [[WindowsSoftware]]
  * http://www.linuxtoday.com/news_story.php3?ltsn=2006-06-07-015-26-OS-HL-NT# # OpenSSH 4.0
  * http://deadman.org/sshscreen.html# : [[Screen]]
  * http://kitty.9bis.com/#
  * https://github.com/iiordanov/BSSH#
  * http://serveo.net/# ReDirection
  * https://github.com/bearstech/pussh#
  * https://trofi.github.io/posts/295-ssh-over-https.html
    * https://news.ycombinator.com/item?id=38731402# HttpD
  * https://vincent.bernat.ch/en/blog/2023-sshpass-without-sshpass# PassWord
  * https://pico.sh/# WebService




===== MORE =====


@TaG: TerM ServeR ProxY ScreeN UbuntU [[Networks]] [[Security]] [[Privacy]] [[Protocol]] [[Proxy]] [[FireWall]] [[Control]] [[PGP]] [[Crypto]] SheeL


{{http://www.bataclou.org.nyud.net:8090/cphil/panneau_chilien.jpg?nocache}}