SSH

From Indie IT Wiki

HOWTO:

Copy files that need root access with SCP

From server to local machine:

ssh user@server "sudo cat /etc/dir/file" > /home/user/file

From local machine to server:

cat /home/user/file | ssh user@server "sudo tee -a /etc/dir/file"

https://askubuntu.com/questions/208378/how-do-i-copy-files-that-need-root-access-with-scp

How to Run a Local Shell Script on a Remote SSH Server

ssh user@remotehost 'bash -s' < script.sh

https://www.cloudsavvyit.com/14216/how-to-run-a-local-shell-script-on-a-remote-ssh-server/amp/

Copy A Key To A Server While Using A Different Key To Log In

ssh-copy-id -i ~/.ssh/<your-new-id-to-install> -o 'IdentityFile ~/.ssh/<your-already-existing-id>' <servername>

Server Tweaks

Disable IPv6

sudo nano /etc/ssh/sshd_config
AddressFamily inet
sudo systemctl restart sshd.service

Disable Loads

  • DNS
  • Avahi
  • PAM
  • Authentication
  • etc

https://jrs-s.net/2017/07/01/slow-ssh-logins/

Show Free Priviledged Ports

Show Free Priviledged Ports

Retrieving the Public Key for Your Key Pair on Linux

ssh-keygen -y -f /path_to_key_pair/my-key-pair.pem

Reverse SSH

To connect to a remote laptop...

Get the laptop client to SSH in to a server and build a reverse port forward...

ssh user@123.456.789.0 -p 222 -R 6000:localhost:22

Then, the admin can SSH in to the same server, then SSH to the remote laptop via the reverse connection...

ssh admin@localhost -p 6000

SFTP

Using SSH Keys

#!/bin/sh
cd /path/to/file/
sftp -i /home/user/.ssh/private_keyname -o StrictHostKeyChecking=no -P 2222 user@server <<EOF
cd upload/
put file.csv
bye
EOF
exit;

Using Password

#!/bin/sh
cd /path/to/file/
sshpass -p 'mYgrEatPassW0rd' sftp -oport=2222 user@server <<EOF
lcd download/
get -r .
bye
EOF
exit;

https://hub.docker.com/r/atmoz/sftp

https://linuxize.com/post/how-to-use-linux-sftp-command-to-transfer-files/

https://blog.runcloud.io/2018/02/10/filezilla-sftp.html

https://linuxconfig.org/how-to-setup-sftp-server-on-ubuntu-18-04-bionic-beaver-with-vsftpd

https://community.spiceworks.com/scripts/show/4476-setup-sftp-access-to-lightsail-in-aws

https://askubuntu.com/questions/644020/how-to-generate-openssl-pem-file-and-where-we-have-to-place-it

https://www.thegeekdiary.com/how-to-configure-separate-port-for-ssh-and-sftp-on-centos-rhel/

Delete Remote Host Known Key

Because of server upgrade or whatever...

ssh-keygen -f "/home/user/.ssh/known_hosts" -R [server.domain.com]:2212

Rsync Over SSH

Copy from remote (on a non-standard port) to local, just 1 file...

/usr/bin/rsync -v -h -a --include=filename.ext --exclude=* -e "ssh -p 2222" user@123.456.789.0:~/remotedir/ ~/localdir/

Copy from local to remote

/usr/bin/rsync -a -e ssh ~/my/local/folder/ username@192.168.0.x:~/path/to/folder/

Copy from local to remote, with extra options (e.g. disable host checking) wrapped with ' single quotes

/usr/bin/rsync -a -e 'ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' ~/my/local/folder/ username@192.168.0.x:~/path/to/folder/

Copy from remote to local

/usr/bin/rsync -a -e ssh username@192.168.0.x:~/path/to/folder/ ~/my/local/folder/

See Limit Bandwidth below...

Spaces In File Or Folder Name

If you want to rsync a file or folder with spaces in the file name, you have to escape and put double-quotes around both the local and remote shell parts of the command.

e.g.

/usr/bin/rsync -a -e ssh "username@192.168.0.x:\"~/path/to/folder/with spaces\"" ~/my/local/folder/

e.g.

rsync -v -a --exclude='*FLAC*' -e ssh "username@server:\"Music/Dream Theater\"" /home/username/Music/

Limit Bandwidth

Option 1 - use the rsync option to limit I/O bandwidth, in KB per second...

/usr/bin/rsync --bwlimit=2000 -a -e ssh ~/my/local/folder/ user@remote:~/path/to/folder/

https://www.dalemacartney.com/2012/09/08/bandwidth-throttling-with-rsync/

Option 2 - use the lightweight userspace bandwidth shaper trickle, also in KB per second...

/usr/bin/rsync -a -e trickle -d 2000 ssh ~/my/local/folder/ user@remote:~/path/to/folder/

Option 3 - use both rsync and trickle maybe, just remember that trickle has up and down limits...

/usr/bin/rsync --bwlimit=2000 -a -e trickle -d 2000 ssh ~/my/local/folder/ user@remote:~/path/to/folder/

Generate SSH Private Key

cd .ssh # There is no actual need to change directory, this is more to show where the key is stored.

ssh-keygen # Pressing enter will display the two lines shown below, if the file location is correct press enter again.

Generating public/private rsa key pair.
Enter file in which to save the key (/home/fdibnah/.ssh/id_rsa):

Follow prompts.

Copy Key To Server

ssh-copy-id -i ~/.ssh/id_rsa.pub username@ipaddress [-p 3313] # optional port number, omit brackets

or

cat ~/.ssh/my_id_rsa.pub | ssh -i ~/.ssh/lightsail.pem bitnami@1.2.3.4 "cat >> ~/.ssh/authorized_keys"

Remove The SSH Last Login Information

Edit the following in the SSH config file:

sudo nano /etc/ssh/sshd_config

PrintLastLog no 

Save and exit.

Thanks Superuser.com.

Change The SSH Port Used By The Server

sudo nano /etc/ssh/sshd_config

Find and edit the following section:

# What ports, IPs and protocols we listen for
Port 22 # Change port to meet your requirements.

Save change and exit the file, then restart the SSH service:

sudo service ssh restart

Create 'config' File #1

touch ~/.ssh.config
chmod 0600 ~/.ssh/config
nano ~/.ssh/config
Host *
       AddressFamily inet
       ControlMaster auto
       ControlPath /tmp/ssh-%r@%h:%p
       StrictHostKeyChecking no
Host myserver
       User ubuntu
       Port 22
       HostName 123.456.789.0
       IdentityFile ~/.ssh/myserver.pem
Host client2server
       User joe
       Port 2212
       HostName myserver.com
       LocalForward 8207 192.168.0.207:8006
ssh myserver

Create 'config' File #2

The following will generate a new file allowing you to assign shortcut SSH logins instead of having to type "username@server1.mydomain.com".

nano ~/.ssh/config

Host *
   AddressFamily inet

Host <shortcut name> # For example: No1 - for server1.mydomain.com
        User <username> # Your username, i.e. jbloggs
        Port 22 # Unless otherwise configured
        HostName name.of.machine # For example: server1.mydomain.com

CTRL+o to save, then CTRL+x to exit.

AutoSSH Keep SSH Session Alive

Normal

autossh -M 0 -o "ServerAliveInterval 45" -o "ServerAliveCountMax 2" username@example.com

SSHFS

Example of sshfs combined with autossh to keep a persitant tunnel alive. This is great for those that experience dodgy internet connectivity :-)

sshfs -o IdentityFile=/home/localuser/.ssh/server,port=16482,idmap=user,reconnect,compression=yes,transform_symlinks,ServerAliveInterval=45,ServerAliveCountMax=2,ssh_command='autossh -M 0' user@server.com:/home/user/subfolder/ /home/localuser/mountpoint/

Thanks - https://wiki.archlinux.org/index.php/Secure_Shell#Autossh_-_automatically_restarts_SSH_sessions_and_tunnels

SSH File System

As it sounds, this will allow you to access a remote server's file system as if it were your own.

1. Install the software...

sudo apt-get install sshfs

2. Create the directory to mount your remote server's file system...

mkdir ~/myremoteserver

3. Generate a new SSH key (and give it a useful name like 'myremoteserver')...

ssh-keygen

Generating public/private rsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_rsa): /home/user/.ssh/myremoteserver
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/user/.ssh/myremoteserver.
Your public key has been saved in /home/user/.ssh/myremoteserver.pub.

4. Copy that key to the remote server...

ssh-copy-id -i ~/.ssh/myremoteserver.pub user@123.456.789.0 -p 12345

5. Test that you can log in without a prompt...

ssh -i ~/.ssh/myremoteserver user@123.456.789.0 -p 12345

6. Add an entry to your SSH config file for ease of use...

nano ~/.ssh/config

Host myremoteserver
       User username
       Port 12345
       HostName 123.456.789.0
       IdentityFile ~/.ssh/myremoteserver

7. Test that you can log in even easier...

ssh myremoteserver

8. Mount the remote file system to your own directory...

sshfs myremoteserver:~/path/to/data/ ~/myremoteserver/

9. Check you can read and write to it...

echo "test" >~/myremoteserver/test.txt
ls -lah ~/myremoteserver/

Job, done.

Unmounting Disconnecting SSHFS

fusermount -u /path/to/mountpoint/

Port Forwarding

ssh -p remotesshport user@remoteexternalip -L myport:remotelocalip:remotelocalport

e.g.

ssh -p 22 user@01.23.456.789 -L 9999:192.168.1.229:8006

Then, point your web browser at http://127.0.0.1:9999 to see the magic. If the remote local web page is on https then you will need to change your web browser to that as well, e.g. https://127.0.0.1:8081

Personal VPN

Use a VM in another country and then SSH in to forward your browser's traffic using SOCK5 proxy.

ssh -D 9999 me@myserver.com

Then just point your browser’s SOCKS proxy settings to localhost:9999. Done!

Firefox > Preferences > Advanced > Network > Connection > Settings > Manual Proxy Configuration > SOCKS Host: 127.0.0.1 > Port: 9999 > Remote DNS

Now go to http://whatismyipaddress.com or https://www.dnsleaktest.com to test your 'IP' address :-)

INFO:

Password Generators

Seahorse

Seahorse provides a GUI front-end to the gnome-keyring-daemon.

Troubleshooting

no matching cipher found. Their offer: aes256-cbc

ssh -c aes256-cbc user@server

Error agent admitted failure to sign

https://help.github.com/articles/error-agent-admitted-failure-to-sign/

SSH Agent

Windows Install

https://www.digitalocean.com/community/tutorials/how-to-use-sshfs-to-mount-remote-file-systems-over-ssh

Microsoft Visual C++

Dokan

Win-SSHFS

Win-SSHFS fork of the above and more up-to-date.

Troubleshooting

ERROR: [WARNING]: sftp transfer mechanism failed on

[WARNING]: sftp transfer mechanism failed on [130.130.0.232]. Use ANSIBLE_DEBUG=1 to see detailed information

https://fantashit.com/warning-sftp-transfer-mechanism-failed/