Cheat sheet SSH

h4nna's photo
h4nna
·

3 min read

Cheat sheet SSH

SSH service

starts ssh service:

$ (sudo) service ssh start

checks ssh service status:

$ (sudo) service ssh status

stops ssh service

$ (sudo) service ssh stop

restarts ssh service

$ (sudo) service ssh restart

SSH connections

connects to a server (default port 22)

ssh user@server

runs a script on a remote server:

ssh user@server script_to_run

Compresses and downloads from a remote server:

$ ssh user@server "tar cvzf - ~/source" > output.tgz

specifies other ssh key for connection:

$ ssh -i ~/.ssh/specific_ssh_key

SCP (Secure Copy)

copies a file from a remote server to a local machine:

$ scp user@server:/directory/file.ext local_destination

copies a file between two servers:

opies a file from a local machine to a remote server
$ scp local_destination/file.ext user@server:/directory

uses a specific port declared for SHH in sshd_config

$ scp -P port

copies recursive a whole folder

$ scp -r user@server:/directory local_destination/

copies all files from a folder:

$ scp user@server:/directory/* local_destination

copies all files from a server folder to the current folder$ scp user@server:/directory/* .

compresses data on network using gzip:

$ scp -C

prints verbose info about the current transfer:

$ scp -v

SSH keys

generates a new ssh key:

$ ssh-keygen -t rsa -b 4096

sends the key to the server

$ ssh-copy-id user@server

converts ids_rsa into ppk:

 $ puttygen current_key -o keyname.ppk

SSH config:

open config file (usual location):

 $ sudo nano /etc/ssh/sshd_config

Changes default SSH port (22):

Port 9809

Disables root loginPermit

RootLogin no

Restricts access to specifucusers

AllowUsers user1, user2

Enables login through ssh key

PubkeyAuthentication yes

Disables login through password

PasswordAuthentication no

Disables usage of files .rhosts and .shosts

IgnoreRhosts yes

Disables a less secure type of login:

HostbasedAuthentication no

Number of unauthenticated connections before dropping:

MaxStartups 10:30:100

No. of failed tries before the servers stopsaccepting new tries:

MaxAuthTries 3

Max current ssh sessions:

MaxSessions 1

Disables interactive password authentication:

ChallengeResponseAuthentication no

No empty password allowed

PermitEmptyPasswords no

Disables Rhost authtentication:

 RhostsAuthentication no

Disables port forwarding (blocks i.e MySQL Workbench)

AllowTcpForwarding no 
X11Forwarding no

Prints much more info about SSH connections

LogLevel VERBOSE

Tunel ssh reverse

ssh adm@10.10.13.1 -L 10022:172.16.200.200:22

Blocks terminal, tunneling with Ctrl-C

ssh adm@10.10.13.1 -L 10022:172.16.200.200:22 -N

In the backgroud ends with kill

ssh adm@10.10.13.1 -L 10022:172.16.200.200:22 -N -f

Creating public tunel

ssh adm@10.10.13.1 -gL 10022:172.16.200.200:22
sshcheatsheet