Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
ssh [2009/03/10 17:48] a |
ssh [2016/08/04 09:37] (current) zagi [other SSH stuff] |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== banner in ssh ====== | + | ====== SSH ====== |
+ | |||
+ | Links: | ||
+ | * [[http:// | ||
+ | * [[http:// | ||
+ | |||
+ | ===== banner in ssh ===== | ||
/ | / | ||
Line 11: | Line 17: | ||
| | ||
- | ===== Creating | + | http:// |
+ | |||
+ | |||
+ | |||
+ | ===== SSH and working with keys ===== | ||
- | **DSA key** | + | create your key |
| | ||
+ | copy your new key out to all the servers, and make ssh use it. | ||
+ | the mkdir below may fail if the directory exists, ignore the error its harmless | ||
+ | <code bash|> | ||
+ | for i in $(cat servers) ; do | ||
+ | echo SERVER=$; | ||
+ | scp ~/ | ||
+ | ssh $i "mkdir .ssh ; | ||
+ | chmod 700 .ssh ; | ||
+ | cat ~/ | ||
+ | chmod 644 / | ||
+ | done | ||
+ | </ | ||
+ | |||
+ | ===== How to Fix Offering key in ~/ | ||
+ | # ssh -o ' | ||
+ | |||
+ | ==== Remove the offending ssh key ==== | ||
+ | < | ||
+ | @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ | ||
+ | @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! | ||
+ | @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ | ||
+ | IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! | ||
+ | Someone could be eavesdropping on you right now (man-in-the-middle attack)! | ||
+ | It is also possible that the RSA host key has just been changed. | ||
+ | The fingerprint for the RSA key sent by the remote host is | ||
+ | a7: | ||
+ | Please contact your system administrator. | ||
+ | Add correct host key in / | ||
+ | Offending key in / | ||
+ | Permission denied (publickey, | ||
+ | </ | ||
+ | |||
+ | # sed -i ' | ||
+ | |||
+ | <note important> | ||
+ | |||
+ | **Perl solution**: | ||
+ | # perl -pi -e ' | ||
Line 110: | Line 158: | ||
This document is free; you can redistribute it and/or modify it under the terms of the GNU GPL, see http:// | This document is free; you can redistribute it and/or modify it under the terms of the GNU GPL, see http:// | ||
+ | |||
+ | |||
+ | ===== Fail2Ban ==== | ||
+ | / | ||
+ | \\ | ||
+ | action = %(action_mw)s\\ | ||
+ | |||
+ | |||
+ | ===== other SSH stuff ====== | ||
+ | |||
+ | use EF DSCP in ssh: | ||
+ | |||
+ | ~/ | ||
+ | IPQoS ef | ||
+ | | ||
+ | use jump host | ||
+ | |||
+ | ~/ | ||
+ | Host finalhost | ||
+ | HostName finalhost | ||
+ | User userfinal | ||
+ | ProxyCommand ssh proxyuser@proxyhost nc %h %p | ||
+ | |||
+ | then one can simply type | ||
+ | |||
+ | ssh finalhost | ||
+ | to ssh via proxyhost to final destination host | ||
+ | |||
+ | |||
+ | using same options for multiple hosts in same domain | ||
+ | |||
+ | Host switch* router* myrouter* cmts* | ||
+ | |||
+ | no need to type FQDN for switch-somethingsomething |