1# Check the keys that the client is offering
2ssh -v git@bitbucket.org
3
4# Restart SSH agent
5killall ssh-agent; eval `ssh-agent`
6
7# Show all added private keys to the SSH Agent
8ssh-add -L
9
10# Check if your private/public key works againts a remote
11ssh -T git@bitbucket.org
12
13# SSH
14Generate public/private keys
15`ssh-keygen`
16`cd ~/.ssh`
17* Public key is readable by anyone.
18
19# Copy the public key to remote server
20`ssh-copy-id root@1.1.1.1`
21
22# Access a bash shell on remote server
23`ssh root@1.1.1`
24`cd .ssh`
25`vi authorized_keys` *keys with access granted
26
27# Ports
28Default port: 22
29`ssh -p 2022 -i ~/.ssh/key1 root@1.1.1.1 hostname`
30
31# SSH Config Alias
32`vi ~/.ssh/config`
33Host fancyhost
34 Hostname 11.1.1.1
35 User root
36 AddKeysToAgent yes
37 UseKeychain yes
38 IdentityFile ~/.ssh/id_rsa
39 Port 22
40`ssh fancyhost`
41
42# Secure copy
43Copy from local to remote
44`echo xpto > file.txt`
45`scp file.txt root@1.1.1.1:~/home`
46`scp -r files root@1.1.1.1:~/home`
47Copy from remote to local
48`scp -r root@1.1.1.1:~/home ./home`
49
50# Proxy with SSH Tunnel
51Scenario: Connection is being blocked on current network
52`ssh -f -N -L 8000:google.pt:80 root@1.1.1.1`
53`ps aux | grep ssh`
54`kill 1111`
55
56# Remote port forwarding
57`vi /etc/ssh/sshd_config`
58GatewayPorts yes
59`service ssh restart`
60Forward remote host 8000 to localhost 3000
61`ssh -R 8000:localhost:3000 root@1.1.1.1`
62
63# Escape Sequence
64`.
65
66# Verify fingerprints
67History of servers which we connected to
68`vi ~/.ssh/known_hosts`
69Get fingerprintn of the remote machine:
70`ssh root@1.1.1.1`
71`ssh-keygen -l -f /etc/ssh/ssh_host_ecdsa_key.pub`
72Remove fingerprints form our known_hosts
73`ssh-keygen -R 1.1.1.1`
74
75# Lock down SSH connections
76`vi /etc/ssh/sshd_config`
77PermitRootLogin No
78AllowUsers xpto admin claudio@1.2.3.4
79`service ssh restart`
80
81# Audit SSH Connection attempts
82`vi /var/log/auth.log`
83`vi ~/.bash_history`
84`vi .zsh_history`
85Created on 7/8/2018