SSH - mwicat/personal GitHub Wiki
Generate key
ssh-keygen -t rsa -b 4096 -f your_key
Show auth log
grep sshd /var/log/auth.log | grep user
Add host to known keys
ssh-keyscan -H yourhost >> ~/.ssh/known_hosts
Get host key
ssh-keygen -lf <(ssh-keyscan localhost 2>/dev/null)
Show key info
ssh-keygen -l -f your_key
Regenerate hosts keys
ssh-keygen -f /etc/ssh/ssh_host_rsa_key -N '' -t rsa
ssh-keygen -f /etc/ssh/ssh_host_dsa_key -N '' -t dsa
Decrypt ssh key
openssl rsa -in id_rsa -out id_rsa_dec
Autostart pageant
C:\PuTTY\pageant.exe d:\main.key d:\secondary.key
Configuration
Host *
ControlPath ~/.ssh/master-%r@%h:%p
ControlMaster auto
User myuser
Compression yes
Cipher blowfish
Host myhost
HostName myhost
IdentityFile ~/.ssh/id_myhost
List ssh keys
ssh-add -L
Remove ssh keys
ssh-add -D
Show RSA fingerprint
ssh-keygen -lf ~/.ssh/id_rsa.pub
SFTP only
sftp_user=myuser
sudo adduser ${sftp_user}
sudo mkdir -p /var/sftp/${sftp_user}
sudo chown root:root /var/sftp/${sftp_user}
sudo chmod 755 /var/sftp/${sftp_user}
sudo mkdir -p /var/sftp/${sftp_user}/uploads
sudo chown ${sftp_user}:${sftp_user} /var/sftp/${sftp_user}/uploads
sudo vi /etc/ssh/sshd_config
Subsystem sftp internal-sftp -l INFO
sftp_user=myuser
cat >>/etc/ssh/sshd_config <<EOF
Match User ${sftp_user}
ForceCommand internal-sftp -l INFO
PasswordAuthentication yes
ChrootDirectory /var/sftp/${sftp_user}
PermitTunnel no
AllowAgentForwarding no
AllowTcpForwarding no
X11Forwarding no
EOF
sudo systemctl restart sshd
Authorized keys
sudo mkdir /etc/ssh/keys
sudo vi /etc/ssh/sshd_config
AuthorizedKeysFile /etc/ssh/keys/%u/authorized_keys
SFTP log
sftp_user=myuser
mkdir -m2755 "/var/sftp/${sftp_user}/dev"
cat >/etc/rsyslog.d/sftp.conf <<EOF
# create additional sockets for the sftp chrooted users
module(load="imuxsock")
input(type="imuxsock" Socket="/var/sftp/${sftp_user}/dev/log" CreatePath="on")
# log internal-sftp activity to sftp.log
if \$programname == 'internal-sftp' then /var/log/sftp.log
& stop
EOF
cat /var/log/sftp.log