Difference between revisions of "SSH"

From The TinkerNet Wiki
Jump to navigation Jump to search
Line 4: Line 4:
 
[[Passwordless SSH]]
 
[[Passwordless SSH]]
  
===Troubleshooting===
+
=Using SSH to get stuff done=
 +
==Make it easier to connect==
 +
Don't use password authentication. Use [https://www.ssh.com/academy/ssh/public-key-authentication Public Key Authentication].
 +
* <code>ssh-keygen</code>
 +
** (Note: You only have to do this step once.)
 +
** The passphrase is optional.
 +
* <code>ssh-copy-id '''user@MACHINENAME'''</code>
 +
This will simplify your life.  From this point on, any time you SSH into (or SCP to/from etc...) the machine known as '''MACHINENAME''' while working at the machine you've done this on, you'll be automagically authenticated.
 +
 
 +
==Signing in to a machine==
 +
Pretty straightforward:
 +
* <code>ssh '''user@MACHINENAME'''</code>
 +
This will securely give you a terminal session of the remote machine.  (Much like good old telnet... But not quite so sketchily insecure.)
 +
 
 +
==Executing commands remotely==
 +
Also, pretty straightforward...
 +
* <code>ssh '''user@MACHINENAME "Command to be executed"'''</code>
 +
One thing to note...
 +
 
 +
If you want to execute a command remotely that requires '''sudo''', you'll have to add a '''-t''' to the command line or else '''sudo''' with tell you where to go.
 +
* <code>ssh -t '''user@MACHINENAME "Command to be executed"'''</code>
 +
This is because '''sudo''' intentionally will NOT run without a local terminal session.
 +
 
 +
==Transferring files==
 +
There are at least 3 ways you can securely transfer files using '''SSH''' (via the '''SCP''' command)
 +
 
 +
From the local machine to a remote machine:
 +
* <code>scp '''FileName''''''user@MACHINENAME:Destination'''</code>
 +
From a remote machine to the local machine:
 +
* <code>scp'''user@MACHINENAME:FileNameDestination'''</code>
 +
From a remote machine to another remote machine:
 +
* <code>scp'''user@MACHINENAME:FileName user@OTHERMACHINENAME:Destination'''</code>
 +
 
 +
Starting to see a pattern?
 +
 
 +
As a bonus, [https://linux.die.net/man/1/rsync RSYNC] will use '''SSH''' as a transport layer.
 +
 
 +
==Port forwarding (AKA Tunnelling)==
 +
Working on this part...
 +
 
 +
[https://www.ssh.com/academy/ssh/tunneling/example An example]
 +
 
 +
=Troubleshooting=
 
(somebody remind me to clean this crap up & make it easier to follow...)
 
(somebody remind me to clean this crap up & make it easier to follow...)
  
Line 35: Line 77:
 
when you try to ssh to a machine...
 
when you try to ssh to a machine...
  
<code>sudo ssh-keygen -f ~/.ssh/known_hosts -R HOSTIP</code>
+
* <code>sudo ssh-keygen -f ~/.ssh/known_hosts -R HOSTIP</code>
  
 
Messages like:
 
Messages like:
Line 50: Line 92:
 
If you see:
 
If you see:
  
<code>Failed to add the host to the list of known hosts (/Users/USER/.ssh/known_hosts).</code>
+
* <code>Failed to add the host to the list of known hosts (/Users/USER/.ssh/known_hosts).</code>
  
 
Check permissions & ownership on that file...   
 
Check permissions & ownership on that file...   
  
===Some SSH reference Links===
+
=Some SSH reference Links=
  
 
*[http://matt.might.net/articles/ssh-hacks/ SSH Tricks]
 
*[http://matt.might.net/articles/ssh-hacks/ SSH Tricks]

Revision as of 00:55, 7 June 2021

How To Enable SSH in Linux Mint

Passwordless SSH

Using SSH to get stuff done

Make it easier to connect

Don't use password authentication. Use Public Key Authentication.

  • ssh-keygen
    • (Note: You only have to do this step once.)
    • The passphrase is optional.
  • ssh-copy-id user@MACHINENAME

This will simplify your life. From this point on, any time you SSH into (or SCP to/from etc...) the machine known as MACHINENAME while working at the machine you've done this on, you'll be automagically authenticated.

Signing in to a machine

Pretty straightforward:

  • ssh user@MACHINENAME

This will securely give you a terminal session of the remote machine. (Much like good old telnet... But not quite so sketchily insecure.)

Executing commands remotely

Also, pretty straightforward...

  • ssh user@MACHINENAME "Command to be executed"

One thing to note...

If you want to execute a command remotely that requires sudo, you'll have to add a -t to the command line or else sudo with tell you where to go.

  • ssh -t user@MACHINENAME "Command to be executed"

This is because sudo intentionally will NOT run without a local terminal session.

Transferring files

There are at least 3 ways you can securely transfer files using SSH (via the SCP command)

From the local machine to a remote machine:

  • scp FileName'user@MACHINENAME:Destination'

From a remote machine to the local machine:

  • scpuser@MACHINENAME:FileNameDestination

From a remote machine to another remote machine:

  • scpuser@MACHINENAME:FileName user@OTHERMACHINENAME:Destination

Starting to see a pattern?

As a bonus, RSYNC will use SSH as a transport layer.

Port forwarding (AKA Tunnelling)

Working on this part...

An example

Troubleshooting

(somebody remind me to clean this crap up & make it easier to follow...)

If you get crap like:

Warning: the ECDSA host key for '<snip>' differs from the key for the IP address '<snip>'
Offending key for IP in /home/<snip>/.ssh/known_hosts:14
Matching host key in /home/<snip>/.ssh/known_hosts:12
Are you sure you want to continue connecting (yes/no)?

or maybe:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
SHA256:'<snip>'
Please contact your system administrator.
Add correct host key in /home/user/.ssh/known_hosts to get rid of this message.
Offending RSA key in /home/user/.ssh/known_hosts:102
  remove with:
  ssh-keygen -f "/home/user/.ssh/known_hosts" -R '<snip>'
RSA host key for '<snip>' has changed and you have requested strict checking.
Host key verification failed.

when you try to ssh to a machine...

  • sudo ssh-keygen -f ~/.ssh/known_hosts -R HOSTIP

Messages like:

Warning: the RSA host key for '<snip>' differs from the key for the IP address '<snip>'
Offending key for IP in /home/user/.ssh/known_hosts:102
Matching host key in /home/user/.ssh/known_hosts:103
Are you sure you want to continue connecting (yes/no)? 

mean that you have an extra entry in your known_hosts file & indicates the line you want to delete...

If you see:

  • Failed to add the host to the list of known hosts (/Users/USER/.ssh/known_hosts).

Check permissions & ownership on that file...

Some SSH reference Links