SSH CheatSheet

SSH authentication keys

See Also:

• Secure Secure Shell

Generate new public/private keys pairs

ssh-keygen -t ed25519 -C "MyComment" -a 100 -f ~/.ssh/MySshKeyName
    Enter passphrase (empty for no passphrase):

Set a strong passphrase to protect your key

With:

• -t: key algorithm used
• -C: Comment can help to identify the key
• -a: key derivation function (KDF) rounds/iterations (16 by default)

Change private key access rights

Only user owner must be authorized to read and write.

Linux

chmod 600 ~/.ssh/MySshKeyName
# Verrify new access rights
ls -alt ~/.ssh/MySshKeyName

Windows

First remove ineritance from the .ssh folder

Icacls $env:USERPROFILE\.ssh /c /t /Inheritance:d

Icacls $env:USERPROFILE\.ssh\MySshKeyName.pub /c /t /Remove:g "Tout le monde" Administrateurs System
# Verrify new access rights
Icacls $env:USERPROFILE\.ssh\MySshKeyName.pub

Copy the public key to the server

The we need copy the public key to server authorized_keys file.

Linux

ssh-copy-id -i ~/.ssh/MySshKeyName.pub <SSH_USER>@<SSH_HOST>

Windows

On windows we can’t use ssh-copy-id, but we can use the above onliner command or copy the key via SFTP.

type $env:USERPROFILE\.ssh\MySshKeyName.pub | ssh <SSH_USER>@<SSH_HOST> "cat >> .ssh/authorized_keys"

Now we can connect to the server without password

ssh -i ~/.ssh/MySshKeyName SSH_USER@SSH_HOST

Update Passphrase

ssh-keygen -p -P <OldPassphrase> -N <NewPassphrase> -f <PrivateKey>

Example:

ssh-keygen -p -P 'Y27SH19HDIWD' -N 'azerty123' -f private-8297.key

Set SSH config

We can create ssh alias in ~/.ssh/config file.

See Man Page

# Global cofiguration
HOST *
    IgnoreUnknown AddKeysToAgent,UseKeychain
    UseKeychain yes
    # Specifies whether keys should be automatically added to a running ssh-agent(1)
    AddKeysToAgent yes

# Alias Configuration
HOST MyAlias
    HostName IP_ADDRESS_OR_FQDN
    Port SSH_SERVER_PORT
    User SSH_USER
    IdentitiesOnly yes # Use only shh key
    IdentityFile ~/.ssh/MySshKeyName # private ssh key path

Then we need to update access rights

chmod 600 ~/.ssh/config
# to verrify
ls -alt ~/.ssh/config

Now we can connect to the server with the above command.

ssh MyAlias

Send files over SSH with SCP

Upload File

scp <LocalFilePath> <sshUser>@<targetIP>:<TargetPath> -p <SshPort>

Download File

scp <sshUser>@<targetIP>:<RemoteFilePath> -p <SshPort> <LocalPath>

Port Forwarding

Static Port Forwarding

ssh - L <LocalPort>:<TargetForwardIp>:<TargetForwardPort> <sshUser>@<targetIP> -p <SshPort>

In above examble the target machine has a service accessible locally on 127.0.0.1:8080

To access this service from the local machine, execute port forwarding via ssh, this will turn accessible local service from target machine (127.0.0.1:8080) on local machine on 127.0.0.1:9001

ssh -L 9001:127.0.0.1:8080 matthew@10.10.11.245

Dynamic Port Forwarding

Instead of local port forwarding, we could have also opted for dynamic port forwarding, again using SSH .
Unlike local port forwarding and remote port forwarding, which use a specific local and remote port (earlier
we used 9001 and 8080 , for instance), dynamic port forwarding uses a single local port and dynamically
assigns remote ports for each connection.

ssh -D 9001 matthew@10.10.11.245

To make use of dynamic port forwarding, a tool such as proxychains is especially useful. In summary and
as the name implies, proxychains can be used to tunnel a connection through multiple proxies; a use case
for this could be increasing anonymity, as the origin of a connection would be significantly more difficult to
trace. In our case, we would only tunnel through one such "proxy"; the target machine.

Install Proxychains

sudo apt-get update
sudo apt-get install proxychains

Configure Proxychains

You have the option to select any editor that you like. For this example, we are using nano, but there are other alternatives such as vim, gedit, leafpad, or sublime.

Command:

sudo nano /etc/proxychains4.conf

The minimal changes that we have to make to the file for proxychains to work in our current use case is to:

1. Ensure that strict_chain is not commented out; ( dynamic_chain and random_chain should be commented out)
2. At the very bottom of the file, under [ProxyList] , we specify the socks5 (or socks4 ) host and port that we used for our tunnel

In our case, it would look something like this, as our tunnel is listening at localhost:9001.

<SNIP>
[ProxyList]
# add proxy here ...
# meanwile
# defaults set to "tor"
#socks4 127.0.0.1 9050
socks5 127.0.0.1 9001

Having configured proxychains correctly, we can now connect any service on the target, as if we were on the target machine ourselves!
This is done by prefixing whatever command we want to run with proxychains, like so:

Example for accessing PostgreSQL service :

proxychains psql -U toto -h localhost -p 5432

See Also

SSH

• SSH Ubuntu Wiki Guide
• Secure Secure Shell

Proxychains

• ProxyChains
• Proxychaining using Linux.
• How To Setup Proxychains In Linux Without Any Errors?

Related Articles