exu/wiki-grav
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Format with prettier

Browse Source
This commit is contained in:
RealStickman 2023-01-05 12:44:27 +01:00
parent a8a3f5de59
commit 5a3d639843
1 changed files with 52 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
pages/04.other/ssh/default.en.md
View File

@ -4,25 +4,33 @@ visible: true
--- ---
[toc] [toc]
## Linux Server ## Linux Server
### Installation ### Installation
#### Debian #### Debian
`# apt install openssh-server` `# apt install openssh-server`
#### Arch #### Arch
`# pacman -S openssh` `# pacman -S openssh`
`# systemctl enable ssh` `# systemctl enable ssh`
### Configuration file ### Configuration file
`/etc/ssh/sshd_config` `/etc/ssh/sshd_config`
Make sure to restart the sshd service after changes. Make sure to restart the sshd service after changes.
### Change port ### Change port
Uncomment `Port` and set any port number Uncomment `Port` and set any port number
### Root login ### Root login
`PermitRootLogin` setting `PermitRootLogin` setting
``` ```
@ -30,6 +38,7 @@ yes -> Able to log in with password as root
``` ```
### Password Authentication ### Password Authentication
`PasswordAuthentication` setting `PasswordAuthentication` setting
``` ```
@ -50,6 +59,7 @@ This happens, when a host key is used that has been deprecated in the locally in
Use the option `-oHostKeyAlgorithms=+<host key type>` with ssh to connect regardless. Use the option `-oHostKeyAlgorithms=+<host key type>` with ssh to connect regardless.
## Windows Server ## Windows Server
Open PowerShell as administrator Open PowerShell as administrator
`Add-WindowsCapability -Online -Name OpenSSH.Server` `Add-WindowsCapability -Online -Name OpenSSH.Server`
@ -66,20 +76,25 @@ Create firewall rule for port 22
`New-NetFirewallRule -Name sshd -DisplayName 'OpenSSH Server (sshd)' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22` `New-NetFirewallRule -Name sshd -DisplayName 'OpenSSH Server (sshd)' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22`
## Linux Client ## Linux Client
### Configuration file ### Configuration file
`/etc/ssh/ssh_config` `/etc/ssh/ssh_config`
### Connect to non-standard port ### Connect to non-standard port
`$ ssh -p (port) (user)@(ip)` `$ ssh -p (port) (user)@(ip)`
### X11 passthrough ### X11 passthrough
`$ ssh -X (user)@(ip)` `$ ssh -X (user)@(ip)`
### ssh keys ### ssh keys
Create new key: Create new key:
`$ ssh-keygen` `$ ssh-keygen`
*Example* for ed25519 key: _Example_ for ed25519 key:
`$ ssh-keygen -t ed25519` `$ ssh-keygen -t ed25519`
The "-C" flag can be used to add comments in ssh key files. The "-C" flag can be used to add comments in ssh key files.
@ -91,17 +106,21 @@ If you are copying the ssh key from a different client, use the "-f" flag
`$ ssh-copy-id -f -i (public key file) (user)@(ip/domain)` `$ ssh-copy-id -f -i (public key file) (user)@(ip/domain)`
## Windows Client ## Windows Client
Open PowerShell as administrator Open PowerShell as administrator
`Add-WindowsCapability -Online -Name OpenSSH.Client` `Add-WindowsCapability -Online -Name OpenSSH.Client`
## SSH Tunnel systemd Service ## SSH Tunnel systemd Service
SSH tunnels can be created as systemd services SSH tunnels can be created as systemd services
*Example tunnel:* _Example tunnel:_
`ssh -NTfL 8080:webserver:80 user@remotehost` `ssh -NTfL 8080:webserver:80 user@remotehost`
### Tunnel settings ### Tunnel settings
Save the file under `/etc/systemd/system/(application/tunnel name)` Save the file under `/etc/systemd/system/(application/tunnel name)`
``` ```
PATH_TO_KEY=(ssh key path) PATH_TO_KEY=(ssh key path)
LOCAL_PORT=8080 LOCAL_PORT=8080
@ -112,8 +131,10 @@ REMOTE_HOST=remotehost
``` ```
### Tunnel service ### Tunnel service
This service can be used with multiple different "tunnel settings" files. Similar to how the wg-quick service works with different wireguard configs. This service can be used with multiple different "tunnel settings" files. Similar to how the wg-quick service works with different wireguard configs.
Save this file under `/etc/systemd/system/local-tunnel@.service` Save this file under `/etc/systemd/system/local-tunnel@.service`
``` ```
[Unit] [Unit]
Description=Setup a local tunnel to %I Description=Setup a local tunnel to %I
@ -135,5 +156,6 @@ Finally, the tunnel can be enabled
`# systemctl enable --now local-tunnel@(application/tunnel name)` `# systemctl enable --now local-tunnel@(application/tunnel name)`
## References ## References
- [Windows OpenSSH Installation](https://docs.microsoft.com/en-us/windows-server/administration/openssh/openssh_install_firstuse) - [Windows OpenSSH Installation](https://docs.microsoft.com/en-us/windows-server/administration/openssh/openssh_install_firstuse)
- [SSH Tunnel as systemd service](https://ivanmorenoj.medium.com/ssh-tunnel-as-systemd-service-3c53bd157ac1) - [SSH Tunnel as systemd service](https://ivanmorenoj.medium.com/ssh-tunnel-as-systemd-service-3c53bd157ac1)