2,306
edits
Changes
Jump to navigation
Jump to search
mLine 30:
Line 30: + + + + + + + + + + + + + + + Line 44:
Line 59: − netstat -n --protocol inet | grep ':22'+ − sudo lsof -i -n | egrep '\<ssh\>'+ − sudo lsof -i -n | egrep '\<sshd\>'</nowiki>+ Line 90:
Line 105: − IdentityFile ~/.ssh/Trinity.pub+ − User rafa+ − port 10535+ − + − === $WORK/.ssh/config ===+ − Host flirt+ − IdentityFile ~/.ssh/Trinity.pub+ − User rafa+ − port 10536</nowiki>+ − IdentityFile ~/.ssh/DNC-FKY.pem+ − + − Host *+ − ServerAliveInterval 30+ − ServerAliveCountMax 2+ − + − Host mi6.rra.lan+ − IdentityFile ~/.ssh/rra_fake.pem+ − User rra+ − + − Host leaks.rra.lan+ − IdentityFile ~/.ssh/rt_rsa+ − User xe50582+ − + − Host news.menupayapp.com+ − IdentityFile ~/.ssh/rra_id.pem+ − User ubuntu+ − + − Host 20.1.40.109+ − IdentityFile ~/.ssh/rt_rsa+ − User rra+ − + − Host gitrra.dyndns.org+ − IdentityFile ~/.ssh/DNC-FKY.pem+ − User ubuntu+ − + − Host mapper1+ − IdentityFile ~/.ssh/id_rsa+ − HostName WF00MPA1.igrupobbva+ − User pi+ − + − Host mapper2+ − IdentityFile ~/.ssh/id_rsa+ − HostName WF00MPA2.igrupobbva+ − User pi+ − + − + − + − # LEAVE THIS ONES AT THE BOTTOM (WILDCHARS) First match will be used + − Host 20.1.40.*+ − IdentityFile ~/.ssh/rt_rsa+ − User xe50582+ − + − Host *.rra.lan+ − IdentityFile ~/.ssh/rt_rsa+ − User xe50582+ − + − + − Host 10.255.0.*+ − IdentityFile ~/.ssh/rt_rsa+ − User xe50582</nowiki>+ Line 178:
Line 193: − Host *+ − ServerAliveInterval 60+ − ServerAliveCountMax 2</nowiki>+ Line 191:
Line 206: − echo 60 > /proc/sys/net/ipv4/tcp_keepalive_time</nowiki>+ Line 253:
Line 268: − IdentityFile ~/.ssh/DNC-FKY.pem+ − User ubuntu+ − Host *+ − ServerAliveInterval 30+ − ServerAliveCountMax 2+ − + − Host 10.255.0.*+ − IdentityFile ~/.ssh/rt_rsa+ − User xe50582+ − + − Host leaks.rra.lan+ − IdentityFile ~/.ssh/rt_rsa+ − User xe50582+ − + − Host news.menupayapp.com+ − IdentityFile ~/.ssh/rra_id.pem+ − User ubuntu+ − + − Host 20.1.40.109+ − IdentityFile ~/.ssh/rt_rsa+ − User rra+ − + − Host 20.1.40.*+ − IdentityFile ~/.ssh/rt_rsa+ − User xe50582+ − + − + − Host pdgrt.rra.lan+ − User rra+ − + − + − host geoip.dyndns.org+ − IdentityFile ~/.ssh/rra_springfield.pem+ − User ubuntu+ − + − host rrafara.dyndns.org+ − IdentityFile ~/.ssh/DNC.pem+ − User ubuntu+ − + − host deathnote.rra.lan+ − User rra+ − + − host savvius.rra.lan+ − User root+ − + − + − Host *.rra.lan+ − # IdentityFile ~/.ssh/rt_rsa+ − User xe50582+ − + − + − Host 10.255.0.32+ − IdentityFile ~/.ssh/rra_fake.pem+ − user rra+ − + − Host aws-gitlab+ − IdentityFile ~/.ssh/DNC-FKY.pem+ − User ubuntu+ − </nowiki>+
→ssh tunneling
or change in /etc/ssh/sshd_config the line:
or change in /etc/ssh/sshd_config the line:
AuthorizedKeysFile /etc/ssh/%u/authorized_keys
AuthorizedKeysFile /etc/ssh/%u/authorized_keys
== SSH with jump machine ==
<syntaxhighlight lang="bash">
ssh -J xe50582@vegeta.rra.lan -ND 1080 15.17.170.46
</syntaxhighlight>
=== Jump via .ssh/config ===
<syntaxhighlight lang="text">
Host raspisalto
Hostname 15.17.170.46
User pi
ProxyCommand ssh vegeta.rra.lan -W 15.17.170.46:22
</syntaxhighlight><syntaxhighlight lang="bash">
ssh -D 1080 -N -f -C -q raspisalto
</syntaxhighlight>
==ssh tunneling==
==ssh tunneling==
===Check/close open tunnels===
===Check/close open tunnels===
<nowiki>
<nowiki>
netstat -n --protocol inet | grep ':22'
sudo lsof -i -n | egrep '\<ssh\>'
sudo lsof -i -n | egrep '\<sshd\>'</nowiki>
'''To close open tunnels'''<br />
'''To close open tunnels'''<br />
===$HOME/.ssh/config===
===$HOME/.ssh/config===
<nowiki>Host morpheus
<nowiki>Host morpheus
IdentityFile ~/.ssh/Trinity.pub
User rafa
port 10535
=== $WORK/.ssh/config ===
Host flirt
IdentityFile ~/.ssh/Trinity.pub
User rafa
port 10536</nowiki>
(connections config)
(connections config)
<nowiki>Host fpsim-frontend
<nowiki>Host fpsim-frontend
IdentityFile ~/.ssh/DNC-FKY.pem
Host *
ServerAliveInterval 30
ServerAliveCountMax 2
Host mi6.rra.lan
IdentityFile ~/.ssh/rra_fake.pem
User rra
Host leaks.rra.lan
IdentityFile ~/.ssh/rt_rsa
User xe50582
Host news.menupayapp.com
IdentityFile ~/.ssh/rra_id.pem
User ubuntu
Host 20.1.40.109
IdentityFile ~/.ssh/rt_rsa
User rra
Host gitrra.dyndns.org
IdentityFile ~/.ssh/DNC-FKY.pem
User ubuntu
Host mapper1
IdentityFile ~/.ssh/id_rsa
HostName WF00MPA1.igrupobbva
User pi
Host mapper2
IdentityFile ~/.ssh/id_rsa
HostName WF00MPA2.igrupobbva
User pi
# LEAVE THIS ONES AT THE BOTTOM (WILDCHARS) First match will be used
Host 20.1.40.*
IdentityFile ~/.ssh/rt_rsa
User xe50582
Host *.rra.lan
IdentityFile ~/.ssh/rt_rsa
User xe50582
Host 10.255.0.*
IdentityFile ~/.ssh/rt_rsa
User xe50582</nowiki>
==LDAP ldapkeyfile==
==LDAP ldapkeyfile==
create file: /home/user/.ssh/config with the following content: (client side) chmod 600
create file: /home/user/.ssh/config with the following content: (client side) chmod 600
<nowiki>
<nowiki>
Host *
ServerAliveInterval 60
ServerAliveCountMax 2</nowiki>
For each user, or ading to /etc/ssh/ssh_config
For each user, or ading to /etc/ssh/ssh_config
ServerAliveInterval 60
ServerAliveInterval 60
2:
2:
<nowiki>
<nowiki>
echo 60 > /proc/sys/net/ipv4/tcp_keepalive_time</nowiki>
Shell script to reconnect on broken pipe:
Shell script to reconnect on broken pipe:
===Work===
===Work===
<nowiki>Host fpsim-frontend
<nowiki>Host fpsim-frontend
IdentityFile ~/.ssh/DNC-FKY.pem
User ubuntu
Host *
ServerAliveInterval 30
ServerAliveCountMax 2
Host 10.255.0.*
IdentityFile ~/.ssh/rt_rsa
User xe50582
Host leaks.rra.lan
IdentityFile ~/.ssh/rt_rsa
User xe50582
Host news.menupayapp.com
IdentityFile ~/.ssh/rra_id.pem
User ubuntu
Host 20.1.40.109
IdentityFile ~/.ssh/rt_rsa
User rra
Host 20.1.40.*
IdentityFile ~/.ssh/rt_rsa
User xe50582
Host pdgrt.rra.lan
User rra
host geoip.dyndns.org
IdentityFile ~/.ssh/rra_springfield.pem
User ubuntu
host rrafara.dyndns.org
IdentityFile ~/.ssh/DNC.pem
User ubuntu
host deathnote.rra.lan
User rra
host savvius.rra.lan
User root
Host *.rra.lan
# IdentityFile ~/.ssh/rt_rsa
User xe50582
Host 10.255.0.32
IdentityFile ~/.ssh/rra_fake.pem
user rra
Host aws-gitlab
IdentityFile ~/.ssh/DNC-FKY.pem
User ubuntu
</nowiki>
===Trinity===
===Trinity===
<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">