Difference between revisions of "Secure Shell"

From TBP Wiki
Jump to: navigation, search
(Created page with "Secure Shell, or SSH, is a cryptographic (encrypted) network protocol to allow remote login and other network services to operate securely over an unsecured network. SSH prov...")
 
(SSH Jumping)
 
(3 intermediate revisions by the same user not shown)
Line 15: Line 15:
  
 
     ssh -p 2210 username@localhost
 
     ssh -p 2210 username@localhost
 +
 +
Open a port tunnel on port 443 through ssh from one computer into another, perform a keepalive request, and prevent ssh from reconnecting if the connection is already established:
 +
 +
    ssh -XYC -R 443:127.0.0.1:443 -N -f -o ExitOnForwardFailure=yes -o ServerAliveInterval=60 user@domain.com
 +
 +
This will allow you to get around any port issues on the first network by using domain.com's network to "forward" the port over ssh to the first device. This can be installed to cronie to keep the connection going with the following example:
 +
 +
    if ps aux |grep "root@domain.com" |grep -vi grep |grep 443 ; then exit 0; else ssh -XYC -R 443:127.0.0.1:443 -N -f -o ExitOnForwardFailure=yes -o ServerAliveInterval=60 root@domain.com ; fi
 +
 +
=SSH Jumping=
 +
This will allow you to SSH through various SSH-enabled computers quickly and easily, assuming your SSH key is installed to each of these, in a seamless manner right to computer 192.168.0.202 using modifier "-j". This assumes that the domain.com SSH port is 999, the 192.168.0.111 SSH port is 123, and the 192.168.0.202 SSH port is 22. You can specify multiple computers, separated with a comma. The final destination will be separated by a space instead.
 +
 +
    ssh -C -o ServerAliveInterval=60 -i /home/username/.ssh/id_rsa.pub -J user@domain.com:999,user@192.168.0.111:123 user@192.168.0.202

Latest revision as of 13:49, 8 February 2023

Secure Shell, or SSH, is a cryptographic (encrypted) network protocol to allow remote login and other network services to operate securely over an unsecured network.

SSH provides a secure channel over an unsecured network in a client-server architecture, connecting an SSH client application with an SSH server. Common applications include remote command-line login and remote command execution, but any network service can be secured with SSH. The protocol specification distinguishes between two major versions, referred to as SSH-1 and SSH-2.

The most visible application of the protocol is for access to shell accounts on Unix-like operating systems, but it sees some limited use on Windows as well. In 2015, Microsoft announced that they would include native support for SSH in a future release.

SSH was designed as a replacement for Telnet and for unsecured remote shell protocols such as the Berkeley rlogin, rsh, and rexec protocols. Those protocols send information, notably passwords, in plaintext, rendering them susceptible to interception and disclosure using packet analysis. The encryption used by SSH is intended to provide confidentiality and integrity of data over an unsecured network, such as the Internet, although files leaked by Edward Snowden indicate that the National Security Agency can sometimes decrypt SSH, allowing them to read the content of SSH sessions.

Reverse SSH

You can initiate SSH using SSH in case you do not have access to the local firewall or something else. On the machine you want to SSH to, run the following:

   ssh –R 2210:localhost:22 username@domain.com

On the other computer that you want to ssh from, run the following:

   ssh -p 2210 username@localhost

Open a port tunnel on port 443 through ssh from one computer into another, perform a keepalive request, and prevent ssh from reconnecting if the connection is already established:

   ssh -XYC -R 443:127.0.0.1:443 -N -f -o ExitOnForwardFailure=yes -o ServerAliveInterval=60 user@domain.com

This will allow you to get around any port issues on the first network by using domain.com's network to "forward" the port over ssh to the first device. This can be installed to cronie to keep the connection going with the following example:

   if ps aux |grep "root@domain.com" |grep -vi grep |grep 443 ; then exit 0; else ssh -XYC -R 443:127.0.0.1:443 -N -f -o ExitOnForwardFailure=yes -o ServerAliveInterval=60 root@domain.com ; fi

SSH Jumping

This will allow you to SSH through various SSH-enabled computers quickly and easily, assuming your SSH key is installed to each of these, in a seamless manner right to computer 192.168.0.202 using modifier "-j". This assumes that the domain.com SSH port is 999, the 192.168.0.111 SSH port is 123, and the 192.168.0.202 SSH port is 22. You can specify multiple computers, separated with a comma. The final destination will be separated by a space instead.

   ssh -C -o ServerAliveInterval=60 -i /home/username/.ssh/id_rsa.pub -J user@domain.com:999,user@192.168.0.111:123 user@192.168.0.202