tunnel
tunnel through jump server
ssh -t L7070:localhost:7071 user@jumphost ssh -t -D7071 user@furtherhost
ssh -A -t -l user jump-host \
-L 8080:localhost:8080 \
ssh -A -t -l user webserver.dmz \
-L 8080:localhost:8080
open socks proxy on port 443 (hide as https) - requires sudo
sudo ssh -o ServerAliveInterval=60 -D443 -l pyratebeard -i ~/lib/key/ssh_tunnel -N -C -q -t -4 -f ftp.pyratebeard.net
-
-o ServerAliveInterval=60
- -
-D443
- -
-l pyratebeard
- -
-i ~/lib/key/ssh_tunnel
- -
-N
- do not execute remote command -
-C
- compress data -
-q
- quiet -
-t
- force pseudo-terminal -
-4
- use ipv4 only -
-f
- go to background
X11 forwarding
ssh -X user@host
- on server side
X11Forwarding
must be set toyes
in '/etc/ssh/sshd_config'
ssh host fingerprint
to find the fingerprint of a host
sudo ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key
sudo ssh-keygen -l -f /etc/ssh/ssh_host_ecdsa_key
remote host id has changed
if the fingerprint for the remote host has changed (and you are sure it's not a mitm attack) run the following to remove from 'known_hosts'
ssh-keygen -f $HOME/.ssh/known_hosts -R <hostname>
sshd_config
- allow one user and all users in group
- if only use
AllowGroup
it overrides theAllowUsers
AllowUsers <username> Match group users AllowUsers *
ref
ssh guide
- must have dns resolv on greyskull (and nublar for lxc)
- must have short name in ssh/config on nublar for lxc
- must have cert-auth known host on nublar for lxc