ssh

Keychain

Need a small and smart utility to manage you ssh keys under linux ? got some scripts and cronjobs which requires an local ssh key ? have a look at keychain ! Install Software $ sudo apt-get install keychain edit startup Scripts $HOME/.bashrc / $HOME/.bash_profile / /etc/profile cat << 'EOF' >> $HOME/.bashrc # Keychain Startup eval `keychain --eval id_ed25519` EOF check service $ keychain $ ssh-add -L add to .profile cat << 'EOF' >> .

SSH Server behind Firewall

got a Server behing NAT / Firewall ? Need Shell access to … ? Server behind NAT/FW user@server$ ssh -R 1234:localhost:22 my.public.jumpbox Access Server ssh my.public.jumpbox user@jumpbox$ ssh -p 1234 localhost user@server$ and you’re in :) sha256: a2d421e9b998a6ecc2d1764036662585199c760809bef98dd88174c8d1609fcf

Bug in OpenSSH / Config Checker

stumpled upon a bug in openssh … did a small config change in sshd_config, deployed it with ansible … and lost connectifity to all these boxes immediately … and of course, i did a config check before reloading the sshd daemon, and the config check was fine. i can’t belife that nobody else found this before, as it’s really simple to reproduce. and it’s working with openbsd, debian, centos and mostly on all system which have opensshd implemented (and that’s a lot of …)

Forwarding Variable with SSH

Did you know that you can easily forward a variable (or secret) via SSH … ? This Variable is just available if you’re logged in and never stored in any configfile or backup. This can be a real advantage … Sending Host /etc/ssh/ssh_conf Host trustedhost.world SendEnv _secret Receiving Host /etc/ssh/sshd_conf AcceptEnv _secret restart sshd Connect user@myhost ~# export _secret=topsecret99 user@myhost ~# ssh trustedhost.world user@trustedhost ~# set |grep _secret _secret=topsecret99 here we are …

SSH Audit

ssh-audit is a tool for ssh server auditing. Features SSH1 and SSH2 protocol server support; grab banner, recognize device or software and operating system, detect compression; gather key-exchange, host-key, encryption and message authentication code algorithms; output algorithm information (available since, removed/disabled, unsafe/weak/legacy, etc); output algorithm recommendations (append or remove based on recognized software version); output security information (related issues, assigned CVE list, etc); analyze SSH version compatibility based on algorithm information;

Ed25519

like ssh and secure keys ? Generate Secure Key ssh-keygen -o -a 100 -t ed25519 -C "MyFamousComment" ssh-keygen -o -a 100 -t ed25519 -C "`whoami`@`hostname`@`date \"+%Y-%m-%d@%H:%M\"`" What’s ed25519 ? Wikipedia about Curve25519 Distribute Key ssh-copy-id user@remote-server-ip-or-dns-name Connect to Remote Connect to Remove without Agent Forwarding (use this unless you know what you’re dooing …) ssh -a ip-or-hostname Connect with Agent Forwarding or if you need Agent Forwarding ssh -A ip-or-hostname Confirm Agent Forwarding to confirm if agent forwarding is working, you can check your environment: