spanskiblog/content/posts/SSH.md


+++
date="2023-02-03"
author="spanskiduh"
title="SSH"
description="click to read about SSH"
+++
# SSH

### basic
- `/etc/ssh/ssh_config` - config location (client)
- `/etc/ssh/sshd_config` - config location (server)

### Enable encryption

- `ssh-keygen -t rsa` - generate private and public key
- `ssh-copy-id <server-ip>` - copy ssh identity to server

--> uncomment `PasswordAuthentication no` (on server)
**Warning** store private key on a secure location, if you lose it, you will lose connection to a server!

### SSH ECDSA (smaller keys)

#### Generate keypair

```bash
ssh-keygen -t ed25519 -f ~/.ssh/keys/id_ed2552_devel_server
```
### Copy to remote

```bash
ssh-copy-id -i ~/.ssh/keys/id_ed25520_devel_server devel@devel.hsrv
```

### FAIL2BAN
- use it to secure ssh

### SCP
- `scp <filename> <user@server_ip:/destination_folder>` - copy file to server, same goes for rsync

### SSH CONFIG FILE

example for github:
```bash
Host github.com
  User git
  Hostname github.com
  PreferredAuthentications publickey
  IdentityFile ~/.ssh/id_ed25519
```

exmaple for any server:
```bash
Host vpn.de 
  HostName vpn.de 
  IdentityFile ~/.ssh/keys/vpn_de
  Port 22
  User root
```

*note*:  You should put your server's ip in `/etc/hosts/` for easier migrations.

### How to joke around with medic

```bash
oli@bert:~$ ssh tim
oli@tim:~$ export DISPLAY=:0
oli@tim:~$ firefox
```

### Reverse SSH tunnel
If you want some port that is behind the firewall, but exposed on the server.
You can spawn a reverse ssh tunnel to that port issuing this command:

```bash
ssh -L 8888:localhost:8888 -f -N hsrv_devel
```

or: `ssh -L [LOCAL_IP:]LOCAL_PORT:DESTINATION:DESTINATION_PORT [USER@]SSH_SERVER`

read [here](https://linuxize.com/post/how-to-setup-ssh-tunneling/) more.

or forcily:

```bash
ssh -L 8888:localhost:8888 -f -N hsrv_devel -o ClearAllForwardings=yes
```
Add move script and update config 2022-12-24 17:42:40 +01:00
Hello 2022-12-24 17:09:22 +01:00			`+++`
Update of the site 2023-02-27 21:59:02 +01:00			`date="2023-02-03"`
Hello 2022-12-24 17:09:22 +01:00			`author="spanskiduh"`
			`title="SSH"`
Add move script and update config 2022-12-24 17:42:40 +01:00			`description="click to read about SSH"`
Hello 2022-12-24 17:09:22 +01:00			`+++`
			`# SSH`

			`### basic`
			- `/etc/ssh/ssh_config` - config location (client)
			- `/etc/ssh/sshd_config` - config location (server)

			`### Enable encryption`

			- `ssh-keygen -t rsa` - generate private and public key
			- `ssh-copy-id <server-ip>` - copy ssh identity to server

			--> uncomment `PasswordAuthentication no` (on server)
			`Warning store private key on a secure location, if you lose it, you will lose connection to a server!`

h 2022-12-30 11:09:01 +01:00			`### SSH ECDSA (smaller keys)`

			`#### Generate keypair`

			```bash
			`ssh-keygen -t ed25519 -f ~/.ssh/keys/id_ed2552_devel_server`
			```
			`### Copy to remote`

			```bash
Update of the site 2023-02-27 21:59:02 +01:00			`ssh-copy-id -i ~/.ssh/keys/id_ed25520_devel_server devel@devel.hsrv`
h 2022-12-30 11:09:01 +01:00			```

Hello 2022-12-24 17:09:22 +01:00			`### FAIL2BAN`
			`- use it to secure ssh`

			`### SCP`
Update site 2022-12-24 22:54:34 +01:00			- `scp <filename> <user@server_ip:/destination_folder>` - copy file to server, same goes for rsync

			`### SSH CONFIG FILE`

			`example for github:`
			```bash
			`Host github.com`
			`User git`
			`Hostname github.com`
			`PreferredAuthentications publickey`
			`IdentityFile ~/.ssh/id_ed25519`
			```

			`exmaple for any server:`
			```bash
			`Host vpn.de`
			`HostName vpn.de`
			`IdentityFile ~/.ssh/keys/vpn_de`
			`Port 22`
			`User root`
			```
Hello 2022-12-24 17:09:22 +01:00
Update site 2022-12-24 22:54:34 +01:00			note: You should put your server's ip in `/etc/hosts/` for easier migrations.
Hello 2022-12-24 17:09:22 +01:00
			`### How to joke around with medic`

			```bash
			`oli@bert:~$ ssh tim`
			`oli@tim:~$ export DISPLAY=:0`
			`oli@tim:~$ firefox`
			```
Update of the site 2023-02-27 21:59:02 +01:00
			`### Reverse SSH tunnel`
			`If you want some port that is behind the firewall, but exposed on the server.`
			`You can spawn a reverse ssh tunnel to that port issuing this command:`

			```bash
			`ssh -L 8888:localhost:8888 -f -N hsrv_devel`
			```

			or: `ssh -L [LOCAL_IP:]LOCAL_PORT:DESTINATION:DESTINATION_PORT [USER@]SSH_SERVER`

			`read [here](https://linuxize.com/post/how-to-setup-ssh-tunneling/) more.`

			`or forcily:`

			```bash
			`ssh -L 8888:localhost:8888 -f -N hsrv_devel -o ClearAllForwardings=yes`
			```