SSH - Tobi´s Garden

⬅️ **[[$-Tools|Tools]]** *** # SSH - SSH Config siehe [[Home - ssh-config]] - [[MobaXterm]] as Windows Client - Installation eines SSH Servers: `sudo apt-get install openssh-server` ## SSH Befehle | Definitionen | Description | |:------------- |:--------------------------------------------------------------------------------------------------------------------------------------------------------- | | `ssh-keygen` | - SSH Key Paar erstellen <br> - evtl. Passphrase erstellen, mit der der SSH Key verschlüsselt wird | | `ssh-copy-id` | - Public Key wird übertragen <br> --> PW von Server wird nicht mehr benötigt, da Authentifizierung mit den Key stattfindet. Lediglich Passphrase des Keys | | `ssh-add -L` | aktuellen SSH Key zeigen | | `sudo ssh -t hb sudo shutdown now -P` | **Execute remote command**, hier Shutdown home-backup von home-pi aus | ## .ssh Dateien kopieren ``` chmod 700 .ssh/id_rsa chmod 700 .ssh/id_rsa.pub chmod 644 .ssh/known_hosts chmod 600 ~/.ssh/config ``` ## SSH Spezial-Konfigurationen ### SSH-Agent einrichten Sinnvoll für [[MobaXterm]] und [[Cygwin]]. SSH-Agent einrichten, der die ständige Passphrase-Nachfrage umgeht, indem er prüft, ob es vorher schon eingegeben wurde und sich das für die Git-Bash/Cygwin Session speichert. Follow these steps to run ssh-agent automatically when you open Git-Bash. Copy the following lines and paste them into your ~/.profile or ~/.bashrc file in Git-Bash: ```bash env=~/.ssh/agent.env agent_load_env () { test -f "$env" && . "$env" >| /dev/null ; } agent_start () { (umask 077; ssh-agent >| "$env") . "$env" >| /dev/null ; } agent_load_env # agent_run_state: 0=agent running w/ key; 1=agent w/o key; 2= agent not running agent_run_state=$(ssh-add -l >| /dev/null 2>&1; echo $?) if [ ! "$SSH_AUTH_SOCK" ] || [ $agent_run_state = 2 ]; then agent_start ssh-add elif [ "$SSH_AUTH_SOCK" ] && [ $agent_run_state = 1 ]; then ssh-add fi unset env ``` ### SSH Jump Server - see [Tufora - ssh-configuration-for-jump-host](https://tufora.com/tutorials/linux/security/ssh-configuration-for-jump-host) ```sh Host * ForwardAgent yes # Jumpserver # - specific Server Hostname needs to be known (/etc/hosts Host mceE Hostname mce.a.com Port 1234 User admin # specfic server # - "Host" needs to be the real Hostname of that server, # that is being specified in the /etc/hosts file on the Jump server # - This is reused with "%h" Host MCE-Server Hostname %h Port 22 User admin ProxyCommand ssh -qW %h:%p mceE ``` ### SSH Connection Timeout - Config: `/etc/ssh/sshd_config` ``` TCPKeepAlive yes ClientAliveInterval 1200 ClientAliveCountMax 3 ``` - Timeout value = ClientAliveInterval * ClientAliveCountMax - **No Timeout:** `ClientAliveInterval 0` - Restart SSHD with `sudo systemctl reload sshd`