SSH - JA Smith

# Setting Up Public-Private Keypairs - place pubkey on server in `authorized_keys` and disable password authentication in `/etc/ssh/sshd_config` - privkey can be passphrase protected - `ssh-keygen` generates public/private rsa key pair by default in `~/.ssh/` - `known_hosts` keeps record of where we have ssh'ed to - `id_rsa` is privkey - `id_rsa.pub` is a pubkey - `ssh-copy-id user_name@remote_ip` copies default pubkey name to `authorized_keys` file on in user_name's home folder on remote_ip - `ssh-copy-id -i /path_to/custom_pubkey_name user_name@remote_ip` copies custom pubkey name - `ssh-agent` can obviate need to re-enter passphrase - `ssh-agent` cannot makes add env variables and, instead, shows which env variables to manually enter - `eval` takes output from a command and executes it - `eval 'ssh-agent'` avoids needing to manually enter the above shown env variable - `ssh-agent -k` kills the entered environment variables - `ssh-add` adds passphrase to memory so as not to re-enter passphrase # SSH Options - -i for specifying an identity file - -f for sending tunnel into the background - -p to specify a port - -v for verbose output - -L for local mode - -R for remote mode - -D for SOCKS proxy - -N for none execution of remote command (useful for forwarding ports) within SSH - -X for X11 forwarding # SSH config files - `/etc/ssh/sshd_config` system config file for SSH server - `/etc/ssh/ssh_config` system config file for SSH client - `~/.ssh/config` user-specific SSH client config file that overrides `/etc/ssh/ssh_config` - `~/.ssh/authorized_keys` includes pubkeys for clients connecting to the associated SSH server - `~/.ssh/known_hosts` list of fingerprints (pubkeys) of SSH server that the associated SSH clinet has connected to - helps to warn of MiTM attacks # Using SSH as a VPN ## SOCKS proxy - no encryption by default - `ssh -D 1080 user_name@remote_ip` ssh's into remote server and establishes socks proxy - enter localhost or 127.0.0.1 and port 1080 as socks host in web browser's proxy config page to use the ssh socks proxy - 1080 is "default" socks port - now web browser traffic will route through the ssh socks proxy ## `sshuttle` - `sshuttle -r user_name@remote_ip 0/0 -x remote_ip` creates tunnel to remote_ip and routes all traffic through it - can route selected only traffic but 0/0 is all traffic - -x remote_ip excludes remote host traffic - changes rotuing on local machine - remote server needs python 2.3+ - can also route DNS and UDP through SSH tunnel # SSH Tunnels - local tunnel (forward tunnel) - reaches in from local_IP and - `ssh -L local_IP:local_port:remote_IP:remote_port remote_ip` - fields 1+2 = what you access (server/listener); fields 3+4 what you get (client/feeder) - remote tunnel (reverse tunnel) - forwards traffic directed to remote_port on remote_IP to local_IP - bypasses local FW and need for port forwarding - `ssh -R remote_IP:remote_port:local_IP:local_port remote_ip` - fields 1+2 = what you access; fields 3+4 what you get - X11 forwarding - `ssh -X remote_IP` X11 server renders display on local machine, e.g., firefox browser - drawback - slow - may be useful for thin client or in a pinch - port forwarding - `ssh -L local_IP:local_port:remote_IP:remote_port remote_ip` - e.g., tunnel traffic to server that only listens on localhost - dynamic forwarding - `ssh -D 1080 user_name@remote_ip` - socks proxy functionality