[TOC]
ssh username@myhostnaname.com -p 2995
connect to a remote machine from the linux command line (bash)
ssh -i ~/.sshkeys/aws.pem -p 2345 ec2-user@compute.amazonaws.com
connect using a specified private key file
ssh username@remotehost.net ls -l /
non interactive ssh, just one command
ERROR sudo: no tty present and no askpass program specified
ssh -t -i /home/ubuntu/aws.pem ubuntu@compute.amazonaws.com "sudo /bin/bash -c 'touch /opt/.license/.eula'"
force a pseudo tty and sudo to run a command
sudo apt-get install ssh
approx 18.6MB in size)
OR sudo apt-get install openssh-server
ssh is the open source secure method of remotely control via command line
ssh2 is the current secure version, "putty" is an example portable windows client binary
sudo nano /etc/ssh/sshd_config
protocol 2 //ensure ssh version 2 only
//note you may use your router for port redirection so that remote access is
//via an alt port but LAN is still through 22
#Port 22 //the default is too easy for script kiddies, change it...
Port 1119 //or have multiple ports
Port 2119 //but you may have to configure your firewall
PermitRootLogin yes //change this to "no", use a normal user and sudo
AllowUsers user1 user2 //add to the end of the file to allow only specific users
service sshd restart //won't disconnect your current session
sudo /etc/init.d/ssh reload //reload the new config
sudo /etc/init.d/ssh restart //restart the service (doesn't disconnect)
PORT FORWARDING WITH SSH
Similar to a VPN connection that allows you to act like you are making connections from the remote network that you VPN into.
A port forward from your home machine to hostname.domain.org so that it will take connections to localhost port 3306 and forward them to the remote side mysql.domain.org port 3306.
ssh -L 3306:mysql.domain.org:3306 username@hostname.domain.org
REVERSE PORT FORWARDING
Useful if you want to connect to a machine remotely to allow connections back in.
ssh -R 7022:localhost:22 username@home.ip.address
Then, at home.ip.address you can connect using: ssh -p 8022 username@localhost
IP TABLES TO REGULATE SSH
In the first example, if a user enters the wrong password, access to the SSH service is blocked for one minute, and the user gets only one login try per minute from that moment on:
~# iptables -A INPUT -p tcp -m state --syn --state NEW --dport 22 -m limit --limit 1/minute --limit-burst 1 -j ACCEPT ~# iptables -A INPUT -p tcp -m state --syn --state NEW --dport 22 -j DROP
In a second example, iptables are set to allow only host 193.180.177.13 to connect to the SSH service. After three failed login tries, iptables allows the host only one login try per minute:
~# iptables -A INPUT -p tcp -s 193.180.177.13 -m state --syn --state NEW --dport 22 -m limit --limit 1/minute --limit-burst 1 -j ACCEPT ~# iptables -A INPUT -p tcp -s 193.180.177.13 -m state --syn --state NEW --dport 22 -j DROP
PREVENTING CONNECTION TIMEOUTS AFTER A SHORT TIME
nano /etc/ssh/sshd_config
every 30 seconds sends a "do you want to quit"
after 5 messages without a response then it can disconnect
ClientAliveInterval 30 ClientAliveCountMax 5