IT notes


When using ssh, if then doing something like sudo -i the environment vars are gone, to preserve modify your sudoers (/usr/local/etc/sudoers or /usr/local/etc/sudoers.d/devops) and add something like: Defaults env_keep += "SSH_TTY SSH_CONNECTION SSH_CLIENT" In this case, it will preserve your SSH environment vars.

ssh wireshark

To analyze traffic remotely over ssh: ssh [email protected] sudo tcpdump -U -s0 -i pflog0 -w -| wireshark -k -i - In case need an specific port: ssh [email protected] sudo tcpdump -U -s0 -i pflog0 -w - 'port 5984' | wireshark -k -i - To ignore trafic from ssh: ssh [email protected] sudo tcpdump -U -s0 -i pflog0 -w - 'not port 22' | wireshark -k -i -

Block SSH on MacOS

To block incoming ssh connections, edit the /etc/pf.conf and add the following line at the bottom: block in log quick proto tcp from any to any port 22 You can use vim or use something like this: sudo sh -c "echo 'block in log quick proto tcp from any to any port 22' >> /etc/pf.conf" Then reload the pfrules: sudo pfctl -Fa -f /etc/pf.conf For this to work the firewall must be enabled.


To create a git repository and access to it via ssh: $ ssh $ mkdir my-new-repo $ cd my-new-repo $ git --bare init To access your repo (clone it): $ git clone ssh://[email protected]:2222/~user/my-new-repo

ssh CanonicalDomains

SSH Canonicalization CanonicalDomains # CanonicalizeFallbackLocal no CanonicalizeHostname yes Host * IdentityFile ~/.ssh/exampleCOM User foo Host * IdentityFile ~/.ssh/exampleNET User foo Host * User foo IdentityFile ~/.ssh/exampleORG more info:

ssh permissions are too open

To set mode 0400 to all your ssh keys: $ find ~/.ssh/* -type f -name "id*" -not -iname "*.pub" -exec chmod 0400 {} \+


To save SSH keys in macOS Sierra keychain add this to ~/.ssh/config: Host * AddKeysToAgent yes UseKeychain yes Keychain changes Prior to macOS Sierra, ssh would present a dialog asking for your passphrase and would offer the option to store it into the keychain. This UI was deprecated some time ago and has been removed. Instead, a new UseKeychain option was introduced in macOS Sierra allowing users to specify whether they would like for the passphrase to be stored in the keychain.

ssh update Host Keys

To create new ssh keys on the server: ssh-keygen -f /etc/ssh/ssh_host_rsa_key -N '' -t rsa ssh-keygen -f /etc/ssh/ssh_host_ecdsa_key -N '' -t ecdsa -b 521 To check the fingerprint: ssh-keygen -lf ssh_host_ecdsa_key On the client side: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that a host key has just been changed.

two factor authentication with ssh

Two-Factor-Authentication “2FA” with SSH Install google authenticator and libqrencode: pkg install pam_google_authenticator pkg install libqrencode Edit /etc/pam.d/sshd an add the following line to the auth section: # auth auth sufficient no_warn no_fake_prompts auth requisite no_warn allow_local #auth sufficient no_warn try_first_pass #auth sufficient no_warn try_first_pass #auth required no_warn try_first_pass auth required /usr/local/lib/ Add this to/etc/ssh/sshd_config: CallengeResponseAuthentication yes UsePAM yes AuthenticationMethods publickey,keyboard-interactive This setup will do a “publickey + verification code”, without password, in case you require password edit the /etc/pam.


pdsh - issue commands to groups of hosts in parallel Install: brew install pdsh Usage: pdsh -R ssh -w ^servers.txt "<command>" In where servers.txt is something like: one-liner: pdsh -b -w ",," "<command>" -b Disable ctrl-C status feature so that a single ctrl-C kills parallel job. (Batch Mode)