SSH: Difference between revisions
Jump to navigation
Jump to search
Anthoanthop (talk | contribs) No edit summary |
Anthoanthop (talk | contribs) No edit summary |
||
(13 intermediate revisions by the same user not shown) | |||
Line 3: | Line 3: | ||
Ensure this value in /etc/ssh/sshd_config: | Ensure this value in /etc/ssh/sshd_config: | ||
LogLevel VERBOSE | |||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
/etc/init.d/ssh restart | |||
</syntaxhighlight> | |||
/etc/init.d/ssh restart</syntaxhighlight> | |||
Everytime a new SSH connexion is completed you could list the fingerprint used: tail -f /var/log/auth.log | Everytime a new SSH connexion is completed you could list the fingerprint used: tail -f /var/log/auth.log | ||
Line 18: | Line 17: | ||
[[ -n $l && ${l###} = $l ]] && ssh-keygen -l -f /dev/stdin <<<$l; | [[ -n $l && ${l###} = $l ]] && ssh-keygen -l -f /dev/stdin <<<$l; | ||
done < /root/.ssh/authorized_keys | done < /root/.ssh/authorized_keys | ||
</syntaxhighlight> | |||
=To disable SSH host key checking= | |||
<syntaxhighlight lang="bash"> | |||
for i in 172.16.1.{1..12} 172.17.1.{1..10} 172.18.1.{1..3}; do scp -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no /etc/scribe/scribe.conf root@$i:/etc/scribe/scribe.conf; done | |||
</syntaxhighlight> | |||
=Improve copy performance by changing Cipher= | |||
<syntaxhighlight lang="bash"> | |||
scp -o Cipher=arcfour local-file user@remote.example.com:/path/ | |||
</syntaxhighlight> | |||
= Convert OpenSSH keys to .ppk (Putty) on Linux with puttygen = | |||
(Adapt rsa / dsa) | |||
<syntaxhighlight lang="bash"> | |||
apt-get install putty-tools | |||
cd ~/.ssh/ | |||
puttygen id_dsa -o id_dsa.ppk | |||
</syntaxhighlight> | |||
= Enter SSH Passphrase only once = | |||
If you want to prevent to be asked for your passphrase everytime you try a SSH connection with this message: | |||
<i>Enter passphrase for key '/home/username/.ssh/id_rsa'</i> | |||
Add in your .ssh/config one line at the beginning: | |||
AddKeysToAgent yes | |||
= Deprecated options when restarting OpenSSH in Debian Stretch (Ex: Deprecated option KeyRegenerationInterval) = | |||
You can remove deprecated configuration lines with this: | |||
<syntaxhighlight lang="bash"> | |||
sed -i '/KeyRegenerationInterval/d' /etc/ssh/sshd_config | |||
sed -i '/ServerKeyBits/d' /etc/ssh/sshd_config | |||
sed -i '/RSAAuthentication/d' /etc/ssh/sshd_config | |||
sed -i '/RhostsRSAAuthentication/d' /etc/ssh/sshd_config | |||
/etc/init.d/ssh restart | |||
</syntaxhighlight> | </syntaxhighlight> |
Latest revision as of 09:50, 27 September 2017
Display key fingerprints informations in /var/log/auth.log
If you have multiple users connecting to a single SSH account (ie: root) and you want to identify clearly who's connecting:
Ensure this value in /etc/ssh/sshd_config:
LogLevel VERBOSE
/etc/init.d/ssh restart
Everytime a new SSH connexion is completed you could list the fingerprint used: tail -f /var/log/auth.log
To identify a fingerprint's owner by listing all entries in /root/.ssh/authorized_keys
while read l; do
[[ -n $l && ${l###} = $l ]] && ssh-keygen -l -f /dev/stdin <<<$l;
done < /root/.ssh/authorized_keys
To disable SSH host key checking
for i in 172.16.1.{1..12} 172.17.1.{1..10} 172.18.1.{1..3}; do scp -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no /etc/scribe/scribe.conf root@$i:/etc/scribe/scribe.conf; done
Improve copy performance by changing Cipher
scp -o Cipher=arcfour local-file user@remote.example.com:/path/
Convert OpenSSH keys to .ppk (Putty) on Linux with puttygen
(Adapt rsa / dsa)
apt-get install putty-tools
cd ~/.ssh/
puttygen id_dsa -o id_dsa.ppk
Enter SSH Passphrase only once
If you want to prevent to be asked for your passphrase everytime you try a SSH connection with this message:
Enter passphrase for key '/home/username/.ssh/id_rsa'
Add in your .ssh/config one line at the beginning:
AddKeysToAgent yes
Deprecated options when restarting OpenSSH in Debian Stretch (Ex: Deprecated option KeyRegenerationInterval)
You can remove deprecated configuration lines with this:
sed -i '/KeyRegenerationInterval/d' /etc/ssh/sshd_config
sed -i '/ServerKeyBits/d' /etc/ssh/sshd_config
sed -i '/RSAAuthentication/d' /etc/ssh/sshd_config
sed -i '/RhostsRSAAuthentication/d' /etc/ssh/sshd_config
/etc/init.d/ssh restart