Need a small and smart utility to manage you ssh keys under linux ? got some scripts and cronjobs which requires an local ssh key ? have a look at keychain ! Install Software $ sudo apt-get install keychain edit startup Scripts $HOME/.bashrc / $HOME/.bash_profile / /etc/profile cat << 'EOF' >> $HOME/.bashrc # Keychain Startup eval `keychain --eval id_ed25519` EOF check service $ keychain $ ssh-add -L sha256: 3e33fcf6e85d374fe4e3b365c96c4a0d0270d99768af09f7ec8612209008ad04

SSH Server behind Firewall

got a Server behing NAT / Firewall ? Need Shell access to … ? Server behind NAT/FW user@server$ ssh -R 1234:localhost:22 my.public.jumpbox Access Server ssh my.public.jumpbox user@jumpbox$ ssh -p 1234 localhost user@server$ and you’re in :) sha256: a2d421e9b998a6ecc2d1764036662585199c760809bef98dd88174c8d1609fcf

Bug in OpenSSH / Config Checker

stumpled upon a bug in openssh … did a small config change in sshd_config, deployed it with ansible … and lost connectifity to all these boxes immediately … and of course, i did a config check before reloading the sshd daemon, and the config check was fine. i can’t belife that nobody else found this before, as it’s really simple to reproduce. and it’s working with openbsd, debian, centos and mostly on all system which have opensshd implemented (and that’s a lot of …)

Forwarding Variable with SSH

Did you know that you can easily forward a variable (or secret) via SSH … ? This Variable is just available if you’re logged in and never stored in any configfile or backup. This can be a real advantage … Sending Host /etc/ssh/ssh_conf Host SendEnv _secret Receiving Host /etc/ssh/sshd_conf AcceptEnv _secret restart sshd Connect user@myhost ~# export _secret=topsecret99 user@myhost ~# ssh user@trustedhost ~# set |grep _secret _secret=topsecret99 here we are …

SSH Audit

ssh-audit is a tool for ssh server auditing. Features SSH1 and SSH2 protocol server support; grab banner, recognize device or software and operating system, detect compression; gather key-exchange, host-key, encryption and message authentication code algorithms; output algorithm information (available since, removed/disabled, unsafe/weak/legacy, etc); output algorithm recommendations (append or remove based on recognized software version); output security information (related issues, assigned CVE list, etc); analyze SSH version compatibility based on algorithm information;


like ssh and secure keys ? Generate Secure Key ssh-keygen -o -a 100 -t ed25519 -C "MyFamousComment" ssh-keygen -o -a 100 -t ed25519 -C "`whoami`@`hostname`@`date \"+%Y-%m-%d@%H:%M\"`" What is ed25519 Distribute Key ssh-copy-id user@remote-server-ip-or-dns-name Connect to Remote Connect to Remove without Agent Forwarding (use this unless you know what you’re dooing …) ssh -a ip-or-hostname Connect with Agent Forwarding or if you need Agent Forwarding ssh -A ip-or-hostname Confirm Agent Forwarding to confirm if agent forwarding is working, you can check your environment: