SSH CheatSheet
SSH authentication keys
See Also:
Generate new public/private keys pairs
ssh-keygen -t ed25519 -C "MyComment" -a 100 -f ~/.ssh/MySshKeyName
Enter passphrase (empty for no passphrase):
Set a strong passphrase to protect your key
With:
-t
: key algorithm used-C
: Comment can help to identify the key-a
: key derivation function (KDF) rounds/iterations (16 by default)
Change private key access rights
Only user owner must be authorized to read and write.
Linux
chmod 600 ~/.ssh/MySshKeyName
# Verrify new access rights
ls -alt ~/.ssh/MySshKeyName
Windows
First remove ineritance from the .ssh
folder
Icacls $env:USERPROFILE\.ssh /c /t /Inheritance:d
Icacls $env:USERPROFILE\.ssh\MySshKeyName.pub /c /t /Remove:g "Tout le monde" Administrateurs System
# Verrify new access rights
Icacls $env:USERPROFILE\.ssh\MySshKeyName.pub
Copy the public key to the server
The we need copy the public key to server authorized_keys
file.
Linux
ssh-copy-id -i ~/.ssh/MySshKeyName.pub <SSH_USER>@<SSH_HOST>
Windows
On windows we can’t use ssh-copy-id
, but we can use the above onliner command or copy the key via SFTP.
type $env:USERPROFILE\.ssh\MySshKeyName.pub | ssh <SSH_USER>@<SSH_HOST> "cat >> .ssh/authorized_keys"
Now we can connect to the server without password
ssh -i ~/.ssh/MySshKeyName SSH_USER@SSH_HOST
Update Passphrase
ssh-keygen -p -P <OldPassphrase> -N <NewPassphrase> -f <PrivateKey>
Example:
ssh-keygen -p -P 'Y27SH19HDIWD' -N 'azerty123' -f private-8297.key
Set SSH config
We can create ssh alias in ~/.ssh/config
file.
See Man Page
# Global cofiguration
HOST *
IgnoreUnknown AddKeysToAgent,UseKeychain
UseKeychain yes
# Specifies whether keys should be automatically added to a running ssh-agent(1)
AddKeysToAgent yes
# Alias Configuration
HOST MyAlias
HostName IP_ADDRESS_OR_FQDN
Port SSH_SERVER_PORT
User SSH_USER
IdentitiesOnly yes # Use only shh key
IdentityFile ~/.ssh/MySshKeyName # private ssh key path
Then we need to update access rights
chmod 600 ~/.ssh/config
# to verrify
ls -alt ~/.ssh/config
Now we can connect to the server with the above command.
ssh MyAlias
Send files over SSH with SCP
Upload File
scp <LocalFilePath> <sshUser>@<targetIP>:<TargetPath> -p <SshPort>
Download File
scp <sshUser>@<targetIP>:<RemoteFilePath> -p <SshPort> <LocalPath>
Port Forwarding
Static Port Forwarding
ssh - L <LocalPort>:<TargetForwardIp>:<TargetForwardPort> <sshUser>@<targetIP> -p <SshPort>
In above examble the target machine has a service accessible locally on 127.0.0.1:8080
To access this service from the local machine, execute port forwarding via ssh, this will turn accessible local service from target machine (127.0.0.1:8080
) on local machine on 127.0.0.1:9001
ssh -L 9001:127.0.0.1:8080 matthew@10.10.11.245
Dynamic Port Forwarding
Instead of local port forwarding, we could have also opted for dynamic port forwarding, again using SSH .
Unlike local port forwarding and remote port forwarding, which use a specific local and remote port (earlier
we used 9001
and 8080
, for instance), dynamic port forwarding uses a single local port and dynamically
assigns remote ports for each connection.
ssh -D 9001 matthew@10.10.11.245
To make use of dynamic port forwarding, a tool such as proxychains is especially useful. In summary and
as the name implies, proxychains can be used to tunnel a connection through multiple proxies; a use case
for this could be increasing anonymity, as the origin of a connection would be significantly more difficult to
trace. In our case, we would only tunnel through one such "proxy"; the target machine.
Install Proxychains
sudo apt-get update
sudo apt-get install proxychains
Configure Proxychains
You have the option to select any editor that you like. For this example, we are using nano, but there are other alternatives such as vim, gedit, leafpad, or sublime.
Command:
sudo nano /etc/proxychains4.conf
The minimal changes that we have to make to the file for proxychains to work in our current use case is to:
- Ensure that strict_chain is not commented out; ( dynamic_chain and random_chain should be commented out)
- At the very bottom of the file, under [ProxyList] , we specify the socks5 (or socks4 ) host and port that we used for our tunnel
In our case, it would look something like this, as our tunnel is listening at localhost:9001
.
<SNIP>
[ProxyList]
# add proxy here ...
# meanwile
# defaults set to "tor"
#socks4 127.0.0.1 9050
socks5 127.0.0.1 9001
Having configured proxychains correctly, we can now connect any service on the target, as if we were on the target machine ourselves!
This is done by prefixing whatever command we want to run with proxychains, like so:
Example for accessing PostgreSQL
service :
proxychains psql -U toto -h localhost -p 5432