ssh email@example.com -p 2995
connect to a remote machine from the linux command line (bash)
ssh -i ~/.sshkeys/aws.pem -p 2345 firstname.lastname@example.org
connect using a specified private key file
ssh email@example.com ls -l /
non interactive ssh, just one command
ERROR sudo: no tty present and no askpass program specified ssh -t -i /home/ubuntu/aws.pem firstname.lastname@example.org "sudo /bin/bash -c 'touch /opt/.license/.eula'"
force a pseudo tty and sudo to run a command
sudo apt-get install ssh
approx 18.6MB in size)
sudo apt-get install openssh-server
ssh is the open source secure method of remotely control via command line
ssh2 is the current secure version, "putty" is an example portable windows client binary
sudo nano /etc/ssh/sshd_config
protocol 2 //ensure ssh version 2 only //note you may use your router for port redirection so that remote access is //via an alt port but LAN is still through 22 #Port 22 //the default is too easy for script kiddies, change it... Port 1119 //or have multiple ports Port 2119 //but you may have to configure your firewall PermitRootLogin yes //change this to "no", use a normal user and sudo AllowUsers user1 user2 //add to the end of the file to allow only specific users
service sshd restart //won't disconnect your current session sudo /etc/init.d/ssh reload //reload the new config sudo /etc/init.d/ssh restart //restart the service (doesn't disconnect)
PORT FORWARDING WITH SSH
Similar to a VPN connection that allows you to act like you are making connections from the remote network that you VPN into.
A port forward from your home machine to hostname.domain.org so that it will take connections to localhost port 3306 and forward them to the remote side mysql.domain.org port 3306.
ssh -L 3306:mysql.domain.org:3306 email@example.com
REVERSE PORT FORWARDING
Useful if you want to connect to a machine remotely to allow connections back in.
ssh -R 7022:localhost:22 firstname.lastname@example.org
Then, at home.ip.address you can connect using: ssh -p 8022 username@localhost
IP TABLES TO REGULATE SSH
In the first example, if a user enters the wrong password, access to the SSH service is blocked for one minute, and the user gets only one login try per minute from that moment on:
~# iptables -A INPUT -p tcp -m state --syn --state NEW --dport 22 -m limit --limit 1/minute --limit-burst 1 -j ACCEPT ~# iptables -A INPUT -p tcp -m state --syn --state NEW --dport 22 -j DROP
In a second example, iptables are set to allow only host 220.127.116.11 to connect to the SSH service. After three failed login tries, iptables allows the host only one login try per minute:
~# iptables -A INPUT -p tcp -s 18.104.22.168 -m state --syn --state NEW --dport 22 -m limit --limit 1/minute --limit-burst 1 -j ACCEPT ~# iptables -A INPUT -p tcp -s 22.214.171.124 -m state --syn --state NEW --dport 22 -j DROP
PREVENTING CONNECTION TIMEOUTS AFTER A SHORT TIME
every 30 seconds sends a "do you want to quit"
after 5 messages without a response then it can disconnect
ClientAliveInterval 30 ClientAliveCountMax 5