ToDo

SSH

sudo apt-get install keychain ssh-askpass
killall ssh-agent
ssh-agent $SHELL
ssh-add $HOME/.ssh/id_rsa && ssh-add -L && ssh-copy-id localhost && ssh localhost

SSH NET

redirect HTTPS port to standard port 22 :

iptables -t nat -A PREROUTING  -p tcp --dport 143 -j REDIRECT --to-ports 22
ssh -p 22 localhost # ok
ssh -p 143 localhost # ko

Software : http://gstm.sourceforge.net/?page_id=5

key auth:

l=localhost
u=$USER
for h in $l ; do cat ~/.ssh/*.pub | ssh $u@$h "cat >> ~/.ssh/authorized_keys"; done

Tunnel

ssh -R 1234:here:8022  thereuser@therehost # @ Here
ssh -p 1234 hereuser@localhost # There
sudo httptunnel -A USER:PASS -P ${PROXY}:3128 -F 222 remote:22 # here behind
ssh -R 1234:localhost:22 -P 222 user@localhost # @ remote
ssh -L localport:remotehost:distport ?
ssh -R distport:localhost:localport ?
export HERE_HOST=localhost
export HERE_PORT=8800
ssh -L 8800:localhost:3128  # @here
ssh -R ? :localhost: ?  # @here
ssh localhost:1234  # @here , will connect to @there

TIPS AND TRICKS

ssh-add -L || ssh-add  || eval $(ssh-agent)
ssh-agent  | tee ~/.ssh/tmp.sh && . ~/.ssh/tmp.sh && ssh-add
ssh-copy-id localhost && ssh localhost
ssh-keygen -p -f ~/.ssh/id_rsa # update passphrase
cat *.tar.bz2 | ssh -C root@tel 'mkdir -p /home/ && cd /home && tar xfvj -'

@TaG: ShelL AgenT

[[Proxy]]

echo $SOCKS_SERVER
man ssh ssh2
     SSH_SOCKS_SERVER
            If  SOCKS is used, it is configured with this vari­
            able.  The format of the variable is  socks://user­
            name@socks_server:port/network/netmask,network/net­
            mask ...  f

scp Err

scp user@host:port:/path/ ./
FATAL: failed to begin relaying via HTTP.
ssh_exchange_identification: Connection closed by remote host

Port seems ignored , workaround :

grep Port  /etc/ssh/ssh_config
Port 443

"ssh_dispatch_run_fatal: Connection to " "incorrect signature"

Modes

Permissions 0644 for '/cygdrive/h/.ssh/id_rsa' are too open.
It is recommended that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key: /cygdrive/h/.ssh/id_rsa
# [[Cygwin]]
chmod -v 700 ~/.ssh
chmod -v 400 ~/.ssh/id_dsa
chmod -v 644 ~/.ssh/id_dsa*.pub
chmod -v 644 ~/.ssh/ssh_config
chmod -v 644 ~/.ssh/known_host
chmod -v 644 ~/.ssh/authorized_key

mail over ssh

http://www.nocrew.org/software/httptunnel.html

Server:

sshd hts -forward-port localhost:22 80

Client:

htc -forward-port 1022 ${sshd_host}:80
ssh -L 1110:${mail_host}:110 ${USER_SSH}@localhost -p 1022

Check mail at localhost:1110 (will fwd to mailhost:110)

MESSAGE

debug1: read_passphrase: can't open /dev/tty: Permission denied
Host key verification failed.
ssh_exchange_identification: Connection closed by remote host

debug1: Exit status 171

ssh_dispatch_run_fatal: Connection

ssh_exchange_identification: read: Connection reset by peer

ssh -vvv root@rpi
ssh_exchange_identification: read: Connection reset by peer

Solution:

check /etc/hosts.deny 
chown /var/lib/empty 
[[SystemD]]

"we sent a publickey packet, wait for reply"

Q:

ssh -vvv $host
[root@archlinux rzr]# journalctl -f  | grep ssh 
Feb 19 09:03:09 archlinux sshd[8332]: Authentication refused: bad ownership or modes for file /home/rzr/.ssh/authorized_keys
Feb 19 09:03:09 archlinux sshd[8332]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]

A:

file ${HOME}/.ssh # should be a dir and not a fuse mounted dir
chmod g-w ${HOME}
chmod 700 ${HOME}/.ssh
chmod 600 ${HOME}/.ssh/authorized_keys

sshfs

sshfs  $host:$dir $dir   -o nonempty -o uid=1001 -o gid=1001 -p 443 -o sshfs_debug -o debug -o LogLevel=DEBUG3

debug1: Sending subsystem: sftp
debug2: channel 0: request subsystem confirm 1
debug2: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32668
debug2: channel_input_status_confirm: type 100 id 0
subsystem request failed on channel 0
read: Connection reset by peer
 sudo aptitude reinstall --purge openssh-sftp-server

MISC

MORE

ssh.txt · Last modified: 2018/10/19 15:39 by rzr
 
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 3.0 Unported
Recent changes RSS feed Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki