Ssh: Difference between revisions

Quickstart

• For any new host, you need to copy private key to .ssh and cat public key into .ssh/authorized_keys.

ssh newhost
export GOODHOST=bitpost.com
# -- YOU CAN COPY AND PASTE THIS --
mkdir -p .ssh
cd .ssh
scp $GOODHOST:.ssh/id_rsa* .
cat id_rsa.pub >> authorized_keys
# -- COPY AND PASTE END --

• Control-D to disconnect and ssh back in to make sure it's working

Shortcut and Key organization

• Always set up shortcuts to get to hosts fast in .ssh/config; see common for example, it's used everywhere.
• You can use any file for key by specifying an [IdentityFile] in .ssh/config.

Enable X11 forwarding

• server: install xauth
• server: enable in /etc/ssh/sshd_config
• server: make sure you have an X environment installed (install of any X app will pull it in)
• client: set [ForwardX11Trusted yes] in /etc/ssh/ssh_config (no doesn't work)
• client: make sure you have an X server environment - on windows, use x2go
• if you need to become root after you have ssh'ed (for example to run wireshark), do this magic to patch in x authorization, oh yeah!

sudo su -
[root ~]# touch .Xauthority
[root ~]# xauth add $(xauth -f ~ec2-user/.Xauthority list|tail -1)
[root ~]# xclock& # good to go!

NOTE: This step gets it going automatically, but that has messed with the ability to ssh/git through non-X servers like bitpost. Just use [ssh -Y] as needed.

• client: set [ForwardX11 yes] in /etc/ssh/ssh_config (in place of ssh -Y)

ProxyJump

You can set up a hostname configuration to jump directly through another machine if needed:

• make sure you are running ssh>=7.3 everywhere
  • if you have to jump through Windows, Cygwin has a nice sshd that works out of the box for the most part, with ProxyJump capability.
  • Ubuntu must be 17.04 or newer.
• configure a host shortcut AwsInstance from dmz to internet
• configure a host shortcut DmzHostfrom lab to dmx
• configure a host shortcut AwsInstanceJumpfrom lab to internet, with ProxyJump DmzHost