![(please configure the [header_logo] section in trac.ini)](/Utils/chrome/site/your_project_logo.png){kind=logo}
| Version 24 (modified by , 12 months ago) (diff) |
|---|
SSH KEY GEN
- Create ssh key at localhost
ssh-keygen -t rsa -b 4096 -C user@remotehost.com
Then they will ask to enter default .ssh path
Enter file in which to save the key (/home/yourusername/.ssh/id_rsa):
We can key in any passphrase to make extra security but just press enter with empty key it will automate gen-key for you
Enter passphrase (empty for no passphrase):
Now the public and private key will be kept in
ls -al /home/yourusername/.ssh/id_rsa /home/yourusername/.ssh/id_rsa.pub
- In your local host copy public key (id_rsa.pub) to remote host
ssh-copy-id remote_username@server_ip_address
or with manual ssh with
cat ~/.ssh/id_rsa.pub | ssh remote_username@server_ip_address "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"
- Now you can ssh with out prompt for password
Tunnel ssh
Ref ref
Remote to local
At localhost user create tunnel to remote host with following
ssh -R 8022:localhost:22 remoteUser@remotehost.comThen, at remote host, user can ssh -p 8022 localUser@127.0.0.1 to localhost
If we want to bind to specific interface (NICs), we use
ssh -R 128.199.96.250:8022:localhost:22 krit@128.199.96.250and at 128.199.96.250 server on /etc/ssh/sshd_config file add this line
GatewayPorts clientspecifiedThen user can access ssh -p 8022 128.199.96.250 will forward to client on this tunnel
Local to Remote
At localhost user create tunnel to remote host with following
[krit@mini ~]$ ssh -L 2000:localhost:22 remoteUser@remotehost.comThen, at localhost, user can ssh -p 2000 krit@127.0.0.1 at localhost it will tunnel to remote host
ssh rsync
rsync from local to remote server via ssh we need to install apt install sshpass
[omd@local Test]$ sshpass -p "password" /usr/bin/rsync -a ~/var/log/Rsync/out.txt krit@172.17.0.1:Tmp/Test
ssh tunnel
At remote server that we would like to ssh in used following config with ssh_public key place at local server.
root@dwdm:/etc/systemd/system# more sshtunnel.service [Unit] Description=SSH Tunnel After=network.target [Service] Restart=always RestartSec=20 User=root ExecStart=/usr/bin/ssh -NT -o ServerAliveInterval=60 -o ExitOnForwardFailure=yes -R 32022:localhost:22 vodka@18x.1xx.217.xx [Install] WantedBy=multi-user.target
Then run
root@dwdm:/etc/systemd/system# systemctl daemon-reload root@dwdm:/etc/systemd/system# systemctl enable sshtunnel root@dwdm:/etc/systemd/system# systemctl start sshtunnel root@dwdm:/etc/systemd/system# systemctl status sshtunnel ● sshtunnel.service - SSH Tunnel Loaded: loaded (/etc/systemd/system/sshtunnel.service; enabled; vendor preset: enabled) Active: active (running)
