Link to this headingSSH

Scan SSH for bad configurations
Scan SSH for bad configurations
SSH Cheat Sheet

Link to this headingGenerating Keys

Generate new ED25519 Curve Keys:

ssh-keygen -t ed25519 -b 521 -f ~/.ssh/id_ed25519_$(date +%Y-%m-%d)

Link to this headingGenerate Keys on a YubiKey

Generate Key with other Authentication Factors:

#No PIN or touch are required ssh-keygen -t ed25519-sk -O resident -O no-touch-required #PIN but no touch required ssh-keygen -t ed25519-sk -O resident -O verify-required -O no-touch-required #No PIN but touch is required ssh-keygen -t ed25519-sk -O resident #A PIN and a touch are required (most secure) ssh-keygen -t ed25519-sk -O resident -O verify-required

Adding Keys:

#Enable ssh-agent eval "$(ssh-agent -s)" #Temporarily add the YubiKey to the agent ssh-add -K #Permanently add the YubiKey to the agent ssh-keygen -K

Link to this headingSSH User Config

Located at ~/.ssh/config

Host * Port 2222 Host remoteserver HostName remoteserver.thematrix.io User neo Port 2112 IdentityFile /home/test/.ssh/remoteserver.private_key #Run Command after connecting #RemoteCommand tmux new -A -s default Host my-ec2-public Hostname ec2???.compute-1.amazonaws.com User ubuntu IdentityFile ~/.ssh/my-ec2-key.pem

Link to this headingSSH Multiplex using ControlPath

ControlPerisist keeps the socket open for X mins after the shell has been closed. This allows easier reconnection.

ControlMaster this makes it faster to make multiple connections to the same server.

ControlPath where to store the information

Host remoteserver HostName remoteserver.example.org ControlMaster auto ControlPath ~/.ssh/control/%r@%h:%p ControlPersist 10m

Link to this headingProxy using SOCKS

ssh -D 8888 user@remoteserver

Link to this headingEnable Socks Proxy on Chrome

In Firefox select Preferences -> General | Network settings and add 127.0.0.1 and 8888 for the port. There is also an option to proxy DNS requests using the SOCKS proxy.

Link to this headingEnable Socks Proxy on Chrome

Using the Command below the browser will proxy the data over the SOCKS proxy and will also proxy the DNS requests.

google-chrome --proxy-server="socks5://192.168.1.10:8888"

Link to this headingUsing Proxychains

proxychains rdesktop $RemoteWindowsServer

Link to this headingReverse Proxy

The example below sets up a proxy from the remoteserver port 1999 to the localhost. Then the remoteserver is able to set up a SOCKS proxy using localhost:1999 and be forwarded through to client ssh computer.

ssh -v -R 0.0.0.0:1999 192.168.1.100 user@remoteserver

Link to this headingSSH Port Forwarding (Tunneling)

The example below uses ssh to forward the remote port 80 to the local port 9999. This means that going to 127.0.0.1:9999 will tunnel out to the remoteserver and connect to port 80. Since the ssh will go to server port 80 does not need to be accessible to the rest of the internet.

ssh -L 9999:127.0.0.1:80 user@remoteserver

Link to this headingSSH Tunnel Forward to Secondary Remote host

The example below uses the remoteserver as a jumpbox to connect to another system with the ip address 10.10.10.10 in the local network of the remoteserver. It then forwards the localhost port 1999 to the internal IP of 10.10.10.10:80

ssh -L 0.0.0.0:9999:10.10.10.10:80 user@remoteserver

Link to this headingSSH reverse Port Forwarding (Tunneling)

The example below forwards the remoteserver port 1999 to the localhost port 902. This means that if an external client connects to port 1999 on the remote server they will get the localhost port 902 instead.

localhost:~$ ssh -v -R 0.0.0.0:1999:127.0.0.1:902 192.168.1.100 user@remoteserver

Link to this headingEstablish a VPN over SSH

Must have sudo/root access on both the client and server.
You might also need to change the sshd_config.

PermitRootLogin yes PermitTunnel yes

The ssh command is:

ssh -v -w any root@remoteserver

SSH Client Side:

ip addr add 10.10.10.2/32 peer 10.10.10.10 dev tun0 ip tun0 up

SSH Server Side:

ip addr add 10.10.10.10/32 peer 10.10.10.2 dev tun0 ip tun0 up

SSH Client Side:
Now it is possible to make the internal subnet accessible. This makes it a half tunnel VPN.

route add -net 10.10.10.0 netmask 255.255.255.0 dev tun0

SSH Server Side:

echo 1 > /proc/sys/net/ipv4/ip_forward iptables -t nat -A POSTROUTING -s 10.10.10.2 -o enp7s0 -j MASQUERADE

Link to this headingCopy SSH id file to remote host

ssh-copy-id user@remoteserver -i ~/.ssh/id_ecc.pub

Link to this headingRun commands

Link to this headingNon-interactive command

Run the command on the remote computer and then use grep locally.

ssh remoteserver "cat /var/log/nginx/access.log" | grep badstuff.php

Send piped information to remote server.

cat ~/.ssh/id_rsa.pub | ssh remoteserver 'cat >> .ssh/authorized_keys'

Link to this headingRemote Packet Capture in Wireshark

Capture packets on remote host and view locally in Wireshark.

ssh root@remoteserver 'tcpdump -c 1000 -nn -w - not port 22' | wireshark -k -i -

Link to this headingSSH Copy Folder from Local to Remote

Tar and send a directory through a pipe to the remoteserver and untar the data.

tar -cvj /datafolder | ssh remoteserver "tar -xj -C /datafolder"

Link to this headingRun a GUI application remotely

X11Forwarding needs to be enabled in the sshd_config

ssh -X remoteserver vmware

Link to this headingEdit Files with vim over SSH

vim scp://user@remoteserver//etc/hosts

Link to this headingCopy files remotely with rsync and SSH

rsync -az /home/testuser/data remoteserver:backup/

Link to this headingSSH over TOR Network

torsocks ssh myuntracableuser@remoteserver

Link to this headingMount SSH to a directory

sshfs user@remoteserver:/media/data ~/data/

Link to this headingVLC to Stream over SSH

vlc sftp://remoteserver//media/uploads/myvideo.mkv

Link to this heading2FA

Setup Two factor (2FA) SSH with Google Authenticator

Link to this headingBouncing through jump hosts

ssh -J host1,host2,host3 [email protected]

To use this ability in the ssh_config use the ProxyJump configuration option. If you regularly have to jump through multiple hosts; use the config file and your alias to host4 will save you a lot of time.

Link to this headingSecuring sshd_config

Link to this headingChange the default SSH Port

Port 37972

Link to this headingModify Port Forwarding within a session with ~C

Within a SSH session using ~C[ENTER] will show forwarding options.

localhost:~$ ~C ssh> -h Commands: -L[bind_address:]port:host:hostport Request local forward -R[bind_address:]port:host:hostport Request remote forward -D[bind_address:]port Request dynamic forward -KL[bind_address:]port Cancel local forward -KR[bind_address:]port Cancel remote forward -KD[bind_address:]port Cancel dynamic forward ssh> -D 9999 Forwarding port.

NOTE: zsh doesnt work with this. You need to use bash

Link to this headingClose Hung SSH connection

“Enter” then ~ then . will kill a hung SSH connection, instead of having to close the terminal tab