Ssh: Unterschied zwischen den Versionen

Links

sshfs(1) - Linux man page
wiki.ubuntuusers.de FUSE/SSHFS
wiki.ubuntuusers.de FUSE  

Miklos Szeredi | github
Evolution of FUSE and OverlayFS | Miklos Szeredi

explainshell
Screen
nohup
linuxcommand ssh1
open ip

SSH, FUSE, SSHFS

SSH STATUS

$ systemctl status ssh 

$ whoami
$ who
$ w

$ ps
$ ps aux
$ ps aux | grep ssh 
$ ps aux | grep sshd 

$ lsof -i -n | egrep 'ssh' 
$ lsof -i -n | egrep 'sshd' 

$ ss 
$ ss -l
$ ss | grep tcp
$ ss | grep -i ssh
$ ss -u -a

$ last -a | grep -i still

apk*error
$ service ssh status 
$ netstat -tanup | grep ssh 
$ netstat -tnpa | grep 'ESTABLISHED.*sshd
$ netstat -an | grep 8090/port
$ firewall-cmd --list-all-zones 

SSH tools

ssh-keygen
$ ssh-keyscan ip > known_hosts
$ ssh-keyscan -f txtwithhosts

ssh-keyscan

ssh-copy-id

ssh-add
$ ssh-add -l 
$ ssh-add KEY 

ssh-agent
$ pgrep ssh-agent 
$ ps aux | grep ssh-agent

SSH|SSHFS|FUSE CONFIG FILES

$ cat /etc/ssh/sshd_config
$ cat /etc/ssh/ssh_config
$ /etc/fuse.conf
$ /etc/modules

Create SSH Key

$ ssh-keygen -t ed25519 -b 4096

Copy SSH Key

$ ssh-copy-id  -i KEY user@IP
$ ssh-copy-id  -i ~/.ssh/KEY user@IP

Login with SSH Key

$ ssh -i ~/.ssh/KEY user@IP -p 5001

ssh config files & folders

/etc/ssh/ssh_config
/etc/ssh/sshd_config
/home/user/.ssh

ssh known_hosts file

$ nano ~/.ssh/known_hosts 

ssh authorized_keys file

$ nano ~/.ssh/authorized_keys 

SSHFS FUSE

$ sshfs user@host:/dir /dir -o IdentityFile=~/.ssh/KEY

$ sshfs user@host:/dir /dir -o IdentityFile=~/.ssh/KEY -o idmap=user -o uid=$(id -u) -o gid=$(id -g)

$ sshfs user@host:/dir /dir -C -p 5001

$ sshfs user@host:/dir /dir -o IdentityFile=~/.ssh/KEY -o idmap=user -o uid=$(id -u) -o gid=$(id -g) -o nonempty -p 5001 

$ fusermount -u /dir 

SSHFS TIMEOUT

1) In der Datei .ssh/config folgende Zeile hinzufügen (liegt im Homeverzeichnis des Anwenders, bzw. wenn man Automount beim Systemstart macht, ist die Datei /root/.ssh/config zu ändern):

 $ sshfs -o ServerAliveInterval=15
 $ sshfs-o reconnect,ServerAliveInterval=15,ServerAliveCountMax=3  
 SSHFS mount that survives disconnect| keep connection alive

SSHFS SHOW MOUNTS

$ cat /proc/mounts
$ cat /etc/mtab
$ cat /etc/mtab | grep fuse
$ cat /etc/mtab | grep ssh

SSH Port-Tunneling

Local Forwarding

$ ssh -i ~/.ssh/KEY -L 80:IP:80 user@IP -p 2000 

Remote Forwarding

Port Forwarding

Reverse SSH Tunnel

Check for:
1. ServerAliveInterval(sshd_config)
2. autossh

ssh -R 5001:localhost:22 -fN IP

AutoSSH SSH Tunnel

$ autossh -NT -o "ExitOnForwardFailure=yes" -R 5001:localhost:6001 -l USER IP -p 7001 -i /home/USER/.ssh/KEY

$ autossh -N -f -i /home/<user>/.ssh/id_rsa -R 22222:localhost:22 <user>@<remote_host>
-N: tell ssh to not execute any command, since we only use it for tunneling.
-f: tell autossh to fall into background on start.
-i: tell ssh to use the proper identity.
-R 22222:localhost:22: 
reverse tunnel remote host's 22222 port to localhost's 22 port. 
So that we can use ssh -p 22222 localhost on remote host to ssh into local machine.

nano /etc/systemd/system/sshtunnel.service 

sshtunnel.service

[Unit]
Description=AutoSSH tunnel service
#After=network.target
After=network-online.target ssh.service
[Service]
User=USER
Environment="AUTOSSH_GATETIME=0"
RestartSec=30
Restart=always
ExecStart=/usr/bin/autossh -NT -o "ExitOnForwardFailure=yes" -R 5001:localhost:6000 -l USER IP -p 6001 -i /home/USER/.ssh/KEY
ExecStop=pkill -s KILL autossh
TimeoutStopSec=10
[Install]
WantedBy=multi-user.target

systemctl status sshtunnel.service
systemctl daemon-reload
systemctl restart sshtunnel.service

When using ssh multiplexing, killing the ssh process is often undesirable 
(it kills all open connections with that host), 
and you cannot easily access the escape because "escape not available to multiplexed sessions". 
The right way is then to run the analogue of the forwarding command that you want to cancel, 
but adding -O cancel. For instance:

ssh -O cancel -L 5002:192.168.0.10:5002 192.168.178.100

This will disable this port forwarding without terminating the session. Again, this will only   
work if ssh multiplexing is in use for the connection to 192.168.178.100

$ ssh -luser 192.xx.xxx.xx

ssh commands

$ ssh user@192.168.188.2 '[command]'
$ ssh user@192.168.188.2 'ls -la /home/user'
$ put

ssh execute command

$ ssh user@ip 'ls -la'

ssh execute script

$ ssh user@ip < script.sh
$ ssh user@ip "bash -s" < script.sh

secure file transfer

SCP file

$ pscp

# scp [source][destination]
# destination ip:/path/

$ scp /test user@192.168.188.2:/home/user/test
$ scp *.txt user@192.168.188.2:/home/user/txt

$ scp user@192.168.188.2:/home/user/txt.txt .

SCP folder

$ scp -r /dir user@192.168.188.2:/home/user/dir 
$ scp -r /dir/* user@192.168.188.2:/home/user/dir 
$ scp -r user@192.168.188.2:/home/user/dir /home/dir
$ scp -r user@192.168.188.2:/home/user/dir .

sftp

psftp

ssh Jumphost

1. ssh jumphost

PC->Junphost->IntServer
PC->Firewall->IntServer
ssh -J user@ip user@ip

ssh Multi-hop Tunnel

ssh -L8080:localhost:8080 user@host1
SSH Tunnel with -t and -v (verbose)

ssh X11 Forwarding

$ ssh -X user@ip
firefox & 

ssh config file

1. ssh config file in .ssh/config

Host *

       User user

Host linuxhost

       HostName 192.168.188.2
       User user
       Port 2000
       IdentityFile ~/.ssh/mykey

ssh config file in /etc/ssh/ssh_config

debug modus
$ ssh debianvm -v

socks proxy with google-authenticator!?

# in SSHD FILE
$ AuthenticationMethods publickey,keyboard-interactive
$ nano /etc/pam.d/sshd 	

# google auth
$auth required pam_google_authenticator.so 
$auth required pam_google_authenticator.so nullok