OpenSSH
OpenSSH is a popular suite of software utilities implementing Secure Shell (SSH) protocol. OpenSSH includes the ability to set up a TCP secured channel and it is widely use as a replacement for not secured telnet and secure replacement of file transfers such as rcp and ftp. OpenSSH offers a great number of features including ssh session multiplexing. [1][2]
The OpenSSH suite includes the following command-line utilities and daemons:
- ssh, ssh client and TCP secure replacement for rlogin, rsh and telnet to allow shell access to a remote machine.
- scp, a replacement for rcp (Unix)
- sftp, a replacement for ftp to copy files between computers
- sshd, the SSH server daemon which allows shell access and file transfers to a remote machine.
- ssh-keygen, a tool to inspect and generate the RSA, DSA and Elliptic Curve keys that are used for user and host authentication
- ssh-agent and ssh-add, utilities to ease authentication by holding keys ready and avoid the need to enter passphrases every time they are used
- ssh-keyscan, which scans a list of hosts and collects their public keys
- ssh-copy-id, copy local keys to remote machine.
Readings
[edit | edit source]- Wikibooks: OpenSSH
- OpenSSH versions Release Notes/ Changelog
ssh clients
[edit | edit source]OpenSSH includes an ssh client:ssh
. Others clients are available such us putty, mosh, paramiko and autossh
[3].
autossh
[4] main feature not include in OpenSSH ssh client is the capability to monitor an ssh connection and restart it if necessary.
- Loop waiting to connect to server:
AUTOSSH_POLL=5 AUTOSSH_GATETIME=0 autossh -M 0 -o ServerAliveInterval=5 -o ServerAliveCountMax=1 YOUR_SERVER_NAME_OR_IP
Ssh clients in Linux are frequently executed inside a terminal or using any kind of terminal multiplexer such as tmux or screen.
Activities
[edit | edit source]Basic
[edit | edit source]- Convert a putty ssh key format to Openssh format, you can follow the following instructions http://www.codeblocq.com/2016/05/Convert-a-putty-ppk-key-to-a-pem-file-on-OSX/, https://stackoverflow.com/questions/3475069/use-ppk-file-in-mac-terminal-to-connect-to-remote-connection-over-ssh
- Open a reverse ssh tunnel, follow the following instructions https://www.howtoforge.com/reverse-ssh-tunneling
- Configure OpenSSH to reuse ssh connections
ControlMaster
, follow the following instructions https://stackoverflow.com/questions/20410252/how-to-reuse-an-ssh-connection and how to use them in https://en.wikibooks.org/wiki/OpenSSH/Cookbook/Multiplexing - Generate a public Key from a private Key: [5]
ssh-keygen -f ~/.ssh/id_rsa -y > ~/.ssh/id_rsa.pub
(example for RSA keys but can be applied to other key types) - Configure OpenSSH to allow Public-key authentication[6]
- Activate SSH on macos:
sudo systemsetup -setremotelogin on
Intermediate
[edit | edit source]- Learn about different client connection options, such us:
-oBatchMode=yes
or-o ConnectTimeout=2
[7] - Connect to remote server temporarily turning off host key checking, (security implications):
ssh -oStrictHostKeyChecking=no SERVER_NAME
Advanced
[edit | edit source]- Read ssh documentation about multiplexing https://en.wikibooks.org/wiki/OpenSSH/Cookbook/Multiplexing and its implementation details: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/PROTOCOL.mux?annotate=HEAD
- Configure ssh session multiplexing
- Use
ProxyJump
directive to connect using a "Jump Server"[8] - Run a shell script on a remote machine using ssh:
ssh root@MachineB 'bash -s' < local_script.sh
[9]. See also: parallel - Read https://github.com/openssh/openssh-portable source code
See also
[edit | edit source]- Wikipedia: Secure Shell
- Telnet (deprecated use), netcat
sslh
[10] Applicative Protocol Multiplexer (e.g. share SSH and HTTPS on the same port)sshpass
(brew install http://git.io/sshpass.rb
)conch
client written in python
References
[edit | edit source]- ↑ https://en.wikibooks.org/wiki/OpenSSH/Cookbook/Multiplexing
- ↑ https://stackoverflow.com/questions/20410252/how-to-reuse-an-ssh-connection
- ↑ https://linux.die.net/man/1/autossh
- ↑ https://linux.die.net/man/1/autossh
- ↑ https://serverfault.com/questions/52285/create-a-public-ssh-key-from-the-private-key
- ↑ https://www.digitalocean.com/community/tutorials/how-to-configure-ssh-key-based-authentication-on-a-linux-server
- ↑ https://linux.die.net/man/1/ssh
- ↑ https://en.wikibooks.org/wiki/OpenSSH/Cookbook/Proxies_and_Jump_Hosts#Passing_Through_One_or_More_Gateways_Using_ProxyJump
- ↑ https://stackoverflow.com/a/2732991
- ↑ https://github.com/yrutschle/sslh