Code Monkey home page Code Monkey logo

cheatsheet-ssh-a4's Introduction

1 SSH CheatSheet

linkedin
github
slack


PRs Welcome

File me Issues or star this repo.

1.1 SSH general

NameSummary
ssh without input passwordsshpass -p '<your-passwd>' ssh <username>@<ssh_host>, brew install sshpass
Install sshd serverapt-get install openssh, apt-get install openssh-server
Restart sshd serverservice sshd restart, systemctl reload sshd.service
Run ssh commandssh -o StrictHostKeyChecking=no -p 2702 [email protected] date
SSH with verbose ouptutssh -vvv -p 2702 [email protected] date 2>&1
Setup ssh tunnel for your web browsingsshuttle -r [email protected] 30.0.0.0/16 192.168.150.0/24 -e ...
SSH passwordless loginssh-copy-id <username>@<ssh_host>, Or manually update ~/.ssh/authorized_keys
Remove an entry from known_hosts filessh-keygen -f ~/.ssh/known_hosts -R github.com
Diff local file with remote onediff local_file.txt <(ssh <username>@<ssh_host> 'cat remote_file.txt')
Diff two remote ssh filesdiff <(ssh user@remote_host 'cat file1.txt') <(ssh user2@remote_host2 'cat file2.txt')
Upload with timestamps/permissions keptscp -rp /tmp/abc/ ec2-user@<ssh-host>:/root/
SSH agent load keyexec ssh-agent bash && ssh-add /tmp/id_rsa, ssh-add
SSH list all loaded keyssh-add -l
SSH agent create and load keyexec ssh-agent bash && ssh-keygen, ssh-add
Emacs read remote file with trampemacs /ssh:<username>@<ssh_host>:/path/to/file
Generate a new key pairssh-keygen, ssh-keygen -C "[email protected]" -t rsa
Generate key pair without interactionssh-keygen -t rsa -f /tmp/sshkey -N "" -q

1.2 SSH Advanced

NameSummary
Add passphrase protection to ssh keyfilessh-keygen -p -f id_rsa
configure SSH to avoid trying all identity filesssh -o IdentitiesOnly=yes -i id1.key [email protected]
Convert OpenSSL format to SSH-RSA formatssh-keygen -f my_ssh.pub -i
Critical ssh files/folders~/.ssh/authorized_keys, ~/.ssh/config, ~/.ssh/known_hosts
SSH config file/etc/ssh/ssh_config, /etc/ssh/sshd_config
SSH key file permissionchmod 600 ~/.ssh/id_rsa
SSH folder permissionchmod 700 ~/.ssh, chown -R $USER:$USER ~/.ssh
Authorized_keys file permissionchmod 644 ~/.ssh/authorized_keys
Mute Warning: Permanently addedssh -o LogLevel=error

1.3 SSH tunnel & ssh proxy

NameSummary
SSH port forward to a local portssh -N -i <ssh-keyfile> -f [email protected] -L *:18085:localhost:8085 -n /bin/bash
Reverse port forward to remote serverssh -R *:40099:localhost:22 [email protected], ssh -p 40099 [email protected]
Setup ssh tunnel for your web browsingsshuttle -r [email protected] 30.0.0.0/16 192.168.111.0/24 192.168.150.0/24 192.167.0.0/24

1.4 SSH security

NameSummary
Disable ssh by passwordsed -i 's/PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config
Disable root loginsed -i 's/^PermitRootLogin yes/#PermitRootLogin yes/' /etc/ssh/sshd_config
Enable/Disable SSH Host Key CheckingStrictHostKeyChecking yes change ~/.ssh/config
Protect SSH server from brute force attacksfail2ban command line tool

1.5 SCP

NameSummary
Download a remote folderscp -r ec2-user@<ssh-host>:/home/letsencrypt-20180825 ./
Upload a filescp -i <ssh-keyfile> /tmp/hosts ec2-user@<ssh-host>:/root/
Upload a folderscp -r /tmp/abc/ ec2-user@<ssh-host>:/root/
Upload with timestamps/permissions keptscp -rp /tmp/abc/ ec2-user@<ssh-host>:/root/
Mount remote directory as local foldersshfs name@server:/path/remote_folder /path/local_folder

1.6 Parse ssh log file

NameCommand
Events of ssh downgrep -R "ssh.*Received signal 15" /var/log/auth.log
Events of ssh upgrep -R "sshd.*Server listening" /var/log/auth.log
Events of ssh failed logingrep -R "sshd.*Failed password for invalid user" /var/log/auth.log
Events of ssh break-in attempgrep -R "sshd.*POSSIBLE BREAK-IN ATTEMPT!" /var/log/auth.log
Events of ssh port scapgrep -R "sshd.*Bad protocol version identification" /var/log/auth.log
Events of ssh login by public keygrep -R "sshd.*Accepted publickey for" /var/log/auth.log
Events of ssh login by passwordgrep -R "sshd.*Accepted password for" /var/log/auth.log
Events of ssh logout eventgrep -R "sshd.*pam_unix(sshd:session): session closed for" /var/log/auth.log

1.7 SSH tools

NameSummary
Export local env to Internetngrok.com
Reverse ssh proxysshuttle
SSH by auto input passwordsshpass sshpass -p “$PASSWORD” ssh -o StrictHostKeyChecking=no $username@$ssh_ip=

1.8 Scripts

  • Inject local key to remote ssh server server
cat ~/.ssh/id_rsa.pub | ssh $username@$ssh_hostk "cat - >> ~/.ssh/authorized_keys"

ssh $username@$ssh_hostk "cat ~/.ssh/authorized_keys"
  • SSH Config file
Host sandbox
     HostName 192.168.50.10
     StrictHostKeyChecking no
     User root

Host 192.168.1.*
   StrictHostKeyChecking no
   Port 32882
   UserKnownHostsFile=/dev/null
   IdentityFile ~/.ssh/id_rsa
  • Use expect to run ssh command with credential auto input
#!/usr/bin/expect
set timeout 20
set command "cat /etc/hosts"
set user "vagrant"
set password "vagrant"
set ip "192.168.50.10"
spawn ssh -o stricthostkeychecking=no $user@$ip "$command"
expect "*password:*"
send "$password\r"
expect eof;
  • ssh reverse tunnel
# https://www.howtoforge.com/reverse-ssh-tunneling

autossh -M 40000 -p 2702 -i /home/denny/al -fN \
    -o "PubkeyAuthentication=yes" \
    -o "StrictHostKeyChecking=false" -o "PasswordAuthentication=no" \
    -o "ServerAliveInterval 60" -o "ServerAliveCountMax 3" \
    -R 123.57.240.189:29995:localhost:22 [email protected]

1.9 More Resources

License: Code is licensed under MIT License.

https://neverendingsecurity.wordpress.com/2015/04/07/ssh-cheatsheet/

http://patrickward.com/cheatsheets/2015/02/16/ssh-cheatsheet/

https://bitrot.sh/cheatsheet/13-12-2017-ssh-cheatsheet/

https://gist.github.com/CodyKochmann/166833b3b31cdb936d69

http://pentestmonkey.net/cheat-sheet/ssh-cheat-sheet

https://www.thegeekstuff.com/2008/11/3-steps-to-perform-ssh-login-without-password-using-ssh-keygen-ssh-copy-id

linkedin github slack

cheatsheet-ssh-a4's People

Contributors

dennyzhang avatar

Stargazers

Roman avatar

Watchers

James Cloos avatar

Forkers

chasmanv

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.