Code Snippet

Just another Code Snippet site

#2095

[How-To] SSH

Olivier | How-To | 7

SSH to a machine using an SSH bastion (proxy)

ssh -o ProxyCommand="ssh -W %h:%p -q BASTION_USER@BASTION_SERVER" FINAL_USER@FINAL_SERVER

for example : 

ssh -o ProxyCommand="ssh -W %h:%p -q root@10.2.3.88" fusion@svc-1

and with additional SSH options : 

ssh -o ProxyCommand="ssh -W %h:%p -q -p 8022 -oHostKeyAlgorithms=+ssh-dss root@10.2.3.88" -oHostKeyAlgorithms=+ssh-dss fusion@svc-1

—-
SSHPass

sshpass -p password ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null user@target

Execure command as ssh (using SSH PASS)

sshpass -p password ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null user@target whoami
sshpass -p password ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null user@target cat /etc/hosts
sshpass -p password ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null user@target 'sed -i ...'

, , ,

7 thoughts on “[How-To] SSH

  • Olivier says:
    15/02/2019 at 12:16

    Gen SSH keys

    ssh-keygen -t rsa -C "your.email@example.com" -b 4096
    Reply
  • OLIVIER COMBE says:
    03/03/2021 at 11:15

    To enable color over ssh (with or without sshpass) : 

    ssh -t toto@VM

    or (in case of error like “Pseudo-terminal will not be allocated because stdin is not a terminal”)

    ssh -tt toto@VM
    Reply
  • OLIVIER COMBE says:
    28/04/2021 at 16:01

    SSH without password (using Public/Private key)

    # Generate key
ssh-keygen -t rsa -b 4096

# Ensure permissions are correct on .ssh folder
sudo chmod 750 /home/USER
sudo chown USER:GROUP /home/USER/.ssh
chmod 0700 ~/.ssh
chmod 0644 ~/.ssh/known_hosts

# Ensure permissions are correct on authorized_keys and keys
touch ~/.ssh/authorized_keys
chmod 0644 ~/.ssh/authorized_keys
chmod 0600 ~/.ssh/id_rsa
chmod 0644 ~/.ssh/id_rsa.pub

# Copy Public key to remote target
ssh-copy-id -i ~/.ssh/id_rsa.pub REMOTE_HOST_IP


# Test the connection
ssh REMOTE_HOST_IP

    If the connection is refused, ensure the permissions on .ssh folder is also correct on remote host

    Reply
  • OLIVIER COMBE says:
    29/04/2021 at 07:17

    SSHD Update config only for a dedicated host : 

    # Global settings
…
PasswordAuthentication no
…

# Settings that override the global settings for matching IP addresses only
Match address 192.0.2.0/24
    PasswordAuthentication yes

    systemctl reload sshd
    Reply
  • OLIVIER COMBE says:
    28/05/2021 at 09:30

    Disable HostKey check (CLI) : 

    ssh -o StrictHostKeyChecking=no user@server

    Disable UserKnownHostsFile

    ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null user@server
    Reply
  • OLIVIER COMBE says:
    28/05/2021 at 12:47

    SSH with Identity file and Bastion :

    ~/.ssh/config :

    Host *
  PubkeyAuthentication yes
  StrictHostKeyChecking no
  
Host SSH_BASTION
  HostName <BASTION_IP>
  IdentityFile /<PATH>/<TO>/bastion.pem
  User userOnBastion
  
Host *.my-domain-1.com
  IdentityFile /<PATH>/<TO>/my-domain.pem
  ProxyCommand ssh -W %h:%p -qSSH_BASTION

    Permissions :
    pemfile : 0600
    config file : 0600
    .ssh folder : 0700

    Reply
  • OLIVIER COMBE says:
    10/01/2024 at 16:17

    Convert PEM key to PPK key:

    yum install -y putty

puttygen MY_KEY.pem -o MY_KEY.ppk -O private

    Convert PPK key to PEM key:

    puttygen MY_KEY.ppk -O private-openssh -o MY_KEY.pem
    Reply

Leave a Reply to Olivier Cancel reply

Your email address will not be published. Required fields are marked *