SSH Can

SSH can start a shell in remote host $ s
s h r o o t @ 1 8 8 . 1 6 6 . 2 5 3 . 2 5 3 P a s s w o r d : s s h d e m o #

SSH can save you some typing $ v i m
~ / . s s h / c o n f i g H o s t s s h d e m o H o s t N a m e 1 8 8 . 1 6 6 . 2 5 3 . 2 5 3 U s e r r o o t

SSH can save you even more typing (authentication with SSH
key) Step 1: First, you need to generate your SSH key $ s s h - k e y g e n G e n e r a t i n g p u b l i c / p r i v a t e r s a k e y p a i r . E n t e r f i l e i n w h i c h t o s a v e t h e k e y ( / r o o t / . s s h / i d _ r s a ) : E n t e r p a s s p h r a s e ( e m p t y f o r n o p a s s p h r a s e ) : E n t e r s a m e p a s s p h r a s e a g a i n : Y o u r i d e n t i f i c a t i o n h a s b e e n s a v e d i n / r o o t / . s s h / i d _ r s a . Y o u r p u b l i c k e y h a s b e e n s a v e d i n / r o o t / . s s h / i d _ r s a . p u b . T h e k e y f i n g e r p r i n t i s : 2 9 : a 4 : 8 3 : 8 a : a 7 : c 7 : a 6 : d 3 : a 5 : 6 6 : 4 1 : c 6 : 0 3 : 0 e : b 3 : 0 c r o o t @ s s h d e m o T h e k e y ' s r a n d o m a r t i m a g e i s : + - - [ R S A 2 0 4 8 ] - - - - + | | | E | | = = . | | . o = . o . | | o . . o . S | | . . . . . . | | o o . + | | . o O | | o B | + - - - - - - - - - - - - - - - - - +

key) Step 2: Copy your SSH public key $ c a t ~ / . s s h / i d _ r s a . p u b s s h - r s a A A A A B 3 N z a C 1 y c 2 E A A A A D A Q A B A A A B A Q D X g D g c r R n W n J O w f L U 0 Z Q P t U l F j r v W Y t F l W l 3 M 7 N p L 1 J T g g p r J X N Q e C c 7 y a M 2 E 1 G S 2 W q Z H C d C Z Q X v L U s Y Y i / x 2 E j l l f 5 u / j b 4 a P b X g u o p a P 3 M i W R 3 9 m b j C v f 2 h 9 6 5 T R 4 q R Y L W Y 5 6 x t a W p m z D Y e J F 3 g 1 s F E N a 4 z 8 p i 2 3 e W k s 6 Z n l Y h J 2 9 1 K u Y w k 3 R q S a 6 + H c 8 d H S U A Y 5 q 2 Y Y f K y W a u C U S 5 g S 7 0 F a v K l k i i X a M N / 5 v w A S r U 4 1 d 9 w K g H y l V H 0 U 7 b y 2 / c Y M E B h O T X U D a 3 c Y d j c h E C 0 8 I Z f H R G Q 0 c 0 O 3 W A 7 0 x 9 T q 4 c R Q x 2 o T A B D Y g l Q q U u 0 p O s / p H Y n q k n h f Z f 5 Z Y h C / 2 7 6 h r o o t @ s s h d e m o

key) Step 3: Add SSH public key to a u t h o r i z e d _ k e y s s s h d e m o # m k d i r - p ~ / . s s h s s h d e m o # c a t m y k e y . p u b > > ~ / . s s h / a u t h o r i z e d _ k e y s

key) How do you know a coworker's SSH key with style? $ c u r l h t t p s : / / g i t h u b . c o m / r i c k m a k . k e y s s s h - r s a A A A A B 3 N z a C 1 y c 2 E A A A A B I w A A A Q E A 1 F 7 k u I x N 6 o P f W I 8 o 7 7 w g o 7 l b x l F k x u 9 P j a Y l y 4 U 0 F P c r E o d A r Q 4 6 V H T d u 7 H O A e I v Y 8 k Q i L L d 8 t 0 k r A 0 T 6 N W 3 B f k 4 N y 8 x N s 0 m e d / G X d B P a l h 4 W 0 R 0 3 0 Z y 4 N e B J J 2 k D c W t V u k r N v M 6 S k y 9 V o k l s 0 H / 8 w l I m T v 3 D R C / 2 q T w e X y d O o 7 S F x H 1 U S G w t u p j C 8 E v v U + z 3 7 c 1 L G Q G L Y L 0 L c F s m 6 a E H n d 1 B B g M C N i L F E W c S + S V 7 b 2 D h W C U X / Z 2 5 R T c B 7 L l + p V L Q E w z 3 c f U 0 A i v a X V o K z w Q H / r G e 6 q 7 U a 8 9 i U A C M W 9 D k h Q y M 7 5 a b y Y B 0 A H l I S 6 c b R Z G u 5 q a g K m S f 7 O i R T R p p t / + 8 Q = =

SSH can forward your key to remote host without exposing
your private key $ s s h - A s s h d e m o s s h d e m o # s s h r o o t @ o t h e r h o s t o t h e r h o s t # TYPE LESS: Add F o r w a r d A g e n t to ssh_config

SSH can copy files to/from remote host $ s c
p s s h d e m o : r e m o t e _ f i l e . t x t l o c a l _ f i l e . t x t $ s c p l o c a l _ f i l e . t x t s s h d e m o : r e m o t e _ f i l e . t x t

SSH can execute program without shell $ s s h
s s h d e m o u n a m e - a SSH executes `uname -a` at the remote host, then disconnect.

SSH can read/write stdin/stdout $ s s h s s
h d e m o l s - 1 | p b c o p y $ c a t ~ / . s s h / i d _ r s a . p u b | s s h s s h d e m o s h - c " c a t > > ~ / . s s h / a u t h o r i z e d _ k e y s "

SSH can connect to locked-down host via gateway $ v
i m ~ / . s s h / c o n f i g H o s t p r o d H o s t N a m e s e c u r e - s e r v e r . e x a m p l e . c o m U s e r r o o t P r o x y C o m m a n d s s h u b u n t u @ g a t e w a y - s e r v e r . e x a m p l e . c o m e x e c n c % h % p SSH set up the proxy by running P r o x y C o m m a n d , then connect to target host through the proxy.

SSH can forward local port to remote port $ s
s h - L 3 3 0 6 : l o c a l h o s t : 3 3 0 6 s s h d e m o You can now connect to localhost:3306 for MySQL server running on the remote host.

SSH can forward remote port to local port $ s
s h - R 8 0 : l o c a l h o s t : 8 0 0 0 s s h d e m o Port 80 on remote server is now forwarded to localhost:8000. NOTE: Need G a t e w a y P o r t s in s s h d _ c o n f i g ( 5 )

SSH can act as SOCKS proxy $ s s h
- D 2 1 0 8 0 s s h d e m o SOCKS proxy now listening at localhost:21080.

SSH can run GUI programs $ s s h -
X s s h d e m o s s h d e m o # f i r e f o x

Thank you

SSH Can

SSH Can

Oursky Limited

More Decks by Oursky Limited

Other Decks in Programming

Featured

Transcript

SSH Can

SSH can start a shell in remote host $ s

SSH can save you some typing $ v i m

SSH can save you even more typing (authentication with SSH

SSH can save you even more typing (authentication with SSH

SSH can save you even more typing (authentication with SSH

SSH can save you even more typing (authentication with SSH

SSH can forward your key to remote host without exposing

SSH can copy files to/from remote host $ s c

SSH can execute program without shell $ s s h

SSH can read/write stdin/stdout $ s s h s s

SSH can connect to locked-down host via gateway $ v

SSH can forward local port to remote port $ s

SSH can forward remote port to local port $ s

SSH can act as SOCKS proxy $ s s h

SSH can run GUI programs $ s s h -

Thank you