Thursday, January 25, 2018

ssh

# ssh-copy-id in the hard way.
cat ~/.ssh/id_rsa.pub | ssh <user>@<hostname> 'cat >> .ssh/authorized_keys && echo "Key copied"'

# "Could not open a connection to your authentication agent"
# "sign_and_send_pubkey: signing failed: agent refused operation"
ssh-add ~/.ssh/id_rsa

# ssh proxy? # the key is L
ssh -NfL PORT_ON_127.0.0.1:DESTINATION:22 PROXY_SERVER_IP?

#ssh without ssh-copy-id  nor autossh
#mind the \t and space

#!/usr/bin/python
# simplest builtin python pseudo-tty for ssh password. meuh
# http://unix.stackexchange.com/a/276385/119298
import os
def run(cmd,*args):
    pid, fd = os.forkpty()
    if pid==0: # child
        os.execlp(cmd,*args)
    while True:
        data = os.read(fd,1024)
        print data
        if "password:" in data:    # ssh prompt
            os.write(fd,"mypassword\n")
        elif data.endswith("$ "):  # bash prompt for input
            os.write(fd,"echo hello\n")
            os.write(fd,"echo bye\n")
            os.write(fd,"exit\n")

run("ssh", "ssh", "user@remote")


# dev
sshuttle --dns -r USER@127.0.0.1:22 0/0

###login without password without ssh-copy-id
ssh-keygen on local host and  cp .ssh(644)/id_rsa.pub content to remote host:~/.ssh/authorized_keys(600) (or check the auth key location in /etc/ssh/sshd_conf!@#$...)



u cannot "ip a" or it well show ip command not found, u should /sbin/i
sshpass  -p 'UR_PASSWORD' ssh -tt -o StrictHostKeyChecking=no   UR_ID@SERVER_IP sshpass  -p 'SERVER_PASSWORD' ssh -tt   2ND_SERVER "/sbin/ip a >>/tmp/b"






"Pseudo-terminal will not be allocated because stdin is not a terminal"
ssh -T( -t is useless)

ServerAliveInterval: number of seconds that the client will wait before sending a null packet to the server (to keep the connection alive).

ClientAliveInterval: number of seconds that the server will wait before sending a null packet to the client (to keep the connection alive).

Setting a value of 0 (the default) will disable these features so your connection could drop if it is idle for too long.

ServerAliveInterval seems to be the most common strategy to keep a connection alive. T


ssh tunnel need no "net.ipv4.ip_forward=1"



Unable to negotiate with 10.1.16.5 port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1
(cisco using weak ssh as default but openssh doesn't support it)

 ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 user@ip


/etc/ssh/ssh_config
~/.ssh/config
Host *
ServerAliveInterval 300
ServerAliveCountMax 2
/etc/ssh/sshd_config:
ClientAliveInterval 300
ClientAliveCountMax 2


ssh -R  66666(new_port_on_remote_host):127.0.0.1:22(local_ssh_port) remote_ip -p 99999(remote_ssh_port)
need no IPv4 forward.

ssh-keygen
ssh-copy-id -i ~/.ssh/id_rsa.pub 192.168.0.104 -p99999
ssh 192.165.0.104 -p99999
Posted by at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)