SSH Cheatsheet¶
基本書式¶
$ ssh HOSTNAME // user名が同じな場合
$ ssh USER@HOSTNAME
$ ssh USER@HOSTNAME -p PORTNUM -i /PATH/TO/PRIVKEY
Generate Key¶
クライアントで公開鍵と秘密鍵を作って, サーバにクライアントの秘密鍵を登録する. それでクライアントからクライアント秘密鍵でサーバに接続する
[client]$ ssh-keygen -t rsa -C your_email@example.com
[client]$ ssh-keygen -t rsa -b 4096 -C your_email@example.com
[client]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/vagrant/.ssh/id_rsa): CONOHAVPS
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in vps.
Your public key has been saved in vps.pub.
The key fingerprint is:
SHA256:t2Vyt2r8LkPGW+GcEePwr4R6R8uhIlI6Cf9ZD+EdeRA vagrant@vagrant
The key's randomart image is:
+---[RSA 2048]----+
| E |
| ..o |
| .+ o |
| o= |
| S +.*+o= |
| . .o O=+O..|
| o + ==.B.+ |
| * .oooO.= |
| +o. +o*o |
+----[SHA256]-----+
[client]$ ls
CONOHAVPS CONOHAVPS.pub
[client]$ scp CONOHAVPS.pub USER@HOSTNAME:~/
[client]$ ssh USER@HOSTNAME
[server]$ cat CONOHAVPS.pub >> ~/.ssh/authorized_keys
[server]$ chmod 600 ~/.ssh/authorized_keys
[server]$ rm CONOHAVPS.pub
[client]$ ssh -l USER -i ~/.ssh/CONOHAVPS HOSTNAME
~/.ssh以下にCONOHAVPS, CONOHAVPS.pubが出来上がっていて、
それぞれ秘密鍵,公開鍵である。
.ssh/config の書き方¶
Host host0
Hostname 10.0.0.1
User slankdev
IdentityFile /PATH/TO/PRIVKEY
Host fujikojump
HostName 163.138.238.18
User slankdev
IdentityFile ~/.ssh/privatekey
ProxyCommand ssh -CW %h:%p host0
これにより以下が同じになる
ssh ALIASNAME
ssh USER@HOSTNAME -p PORTNUM -i /PATH/TO/PRIVKEY
ServerAliveInterval¶
$ vi .ssh/config
ServerAliveInterval 60 # 60sec毎に生きている報告をする
SSHトンネル¶
topology
client---------(internet)--------(1.1.1.1)jumper(.1)-----(10.0.0.0/24)-----(.2)target[http]
client$ ssh -L 8080:10.0.0.2:80 jumper
client$ curl localhost:8080
This is taiget's http server
その時のconfig
Host *
User slankdev
Host jumper
Hostname 1.1.1.1
User slankdev
IdentityFile ~/.ssh/id_rsa
Host jumper-tunnel
Hostname 1.1.1.1
User slankdev
IdentityFile ~/.ssh/id_rsa
LocalForward 8080 10.0.0.2:80
Host testvm
User slankdev
Hostname dev001-testvm.example.local
ProxyCommand ssh -W %h:%p igw1
SSH Server Operation¶
- log: (Ubuntu: /var/log/auth.log)
- config:
- /etc/ssh/ 以下にある
- sshd_config: 基本config
- $HOME/.ssh/ 以下にもおける
- config: client config置いてる
- /etc/ssh/ 以下にある
一部だけ
Port 22
Protocol 2
PermitRootLogin yes
RSAAuthentication yes
PubkeyAuthentication yes
ChallengeResponseAuthentication yes
PasswordAuthentication no
Check priv,pub-keys pair is valid¶
$ ssh-keygen -y -f <private_key>
% ssh-keygen -e -f <private_key> [-m <key_format>]
ssh-agent¶
TBW