Secure Shell (SSH)
Secure Shell (SSH) is a network protocol which transfers data using a secure channel between two networks.
Change Port Number
- Changing the port number for ssh can be one solution to ignore ssh brute force attack.
/etc/ssh/sshd_configfile and change the port number.
# Package generated configuration file # See the sshd(8) manpage for details # What ports, IPs and protocols we listen for Port 22
e.g) Port 1234
- and change the following lines
# Authentication: LoginGraceTime 120 PermitRootLogin yes StrictModes yes
to like these lines below
# Authentication: LoginGraceTime 120 PermitRootLogin no StrictModes yes AllowUsers username
-Creating a tunnel through ssh
$ ssh id@<remote machine address> -L <port number on local machine>:<local machine address>:<port on remote machine>
-To forward traffic from port 4881 on the local machine to port 8080 on the remote machine the IP of which is 192.168.0.10.
$ ssh firstname.lastname@example.org -L 4881:localhost:8080
-To test a Java web application, running on tomcat server on a remote machine.
$ ssh email@example.com -L 8080:localhost:8080
-To just forward a port,
-N option can be used.
$ ssh firstname.lastname@example.org -NL 4881:localhost:8080
-N Do not execute a remote command. This is useful for just forwarding ports (protocol version 2 only).
-Copy a file in the 'dir' directory on the remote machine to the directory 'home' on the local machine.
$ scp -pr username@remote_address:dir/file /home/
-p Preserves modification times, access times, and modes from the original file. -r Recursively copy entire directories.
-Copy a file on the local machine to remote machine
$ scp -p localfile remote.address:dir
Generate RSA Key
$ mkdir ~/.ssh $ chmod 700 ~/.ssh
$ ssh-keygen -t rsa
$ ssh-keygen -t rsa -C "email@example.com"
SSH Key Encryption Level
The default ssh key encryption level is 2048. To increase it to 4096
$ ssh-keygen -t rsa -b 4096
Transfer Client Key to Host
$ scp -P PORT_NUMBER ~/.ssh/id_rsa.pub user@hostname:.ssh/uploaded_key.pub $ ssh firstname.lastname@example.org "cat ~/.ssh/uploaded_key.pub >> ~/.ssh/authorized_keys"
ssh-copy-id <username>@<host> ssh-copy-id -i ~/.ssh/rsa_file.pub <username>@<host>
To specify the port number
ssh-copy-id -i ~/.ssh/rsa_file.pub "username@host -p 1234"
If it fails with the following error message.
Received disconnect from 220.127.116.11: Too many authentication failures for user
-o PubkeyAuthentication=no option.
ssh-copy-id -i ~/.ssh/rsa_file.pub "username@host -p 1234 -o PubkeyAuthentication=no"
Set up to Use only SSH Key to Log in
Set up to use only ssh key instead of username and password to log in to the server
PermitRootLogin no PasswordAuthentication no
# by Kevin (1 line) PasswordAuthentication no
If logging in with SSH key fails with the following error message.
Agent admitted failure to sign using the key.
$ ssh-add your-key Enter passphrase for your-key: Identity added: your-key (your-key)
Login without Using SSH Key
If SSH access failed with the following error,
$ ssh username@host ssh: connect to host kevin-l port 22: No route to host
$ ssh -o PubkeyAuthentication=no username@host
- Way to remove key from ~/.ssh/known_hosts
$ ssh-keygen -f "/home/USERNAME/.ssh/known_hosts" -R IP_ADDRESS
$ ssh-keygen -f "/home/USERNAME/.ssh/known_hosts" -R 18.104.22.168
SSH timed out too quickly
- Accessing a server through SSH and use it.
- don't use it for a short period of time (like less than 1 minute).
- Then the server doesn't respond anymore.
- Possible Solution:
/etc/ssh/ssh_configfile. Add the following line.
- The client will check if the server is still alive every 30 seconds.