IT notes

bastion ssh

ProxyJump This is the easiest (new) way: Host 10.* ProxyJump [email protected]:2222 Using ProxyCommand Replace your.bastion.tld with your bastion server and set your bastion username in the ProxyCommand: Host bastion Hostname your.bastion.tld ForwardAgent yes Host 10.10.* ProxyCommand ssh <your-username>@bastion -W %h:%p example To login with user devops to server 10.10.3.4: $ ssh -l devops 10.10.3.4 or $ ssh [email protected] SSH sockets To speed up more when using the bastion host things this can be added at the top of the ~/.

ssh ed25519

Generate your new ssh ed25519 key: $ ssh-keygen -o -a 1000 -t ed25519

ssh proxy

SSH SOCKS5 proxy Route web traffic securely without a VPN using a SOCKS tunnel with ssh: $ ssh -D 8080 -f -C -q -N [email protected] -D 8080 tells ssh to launch a SOCKS server on port 8080 locally. -f Forks the process to the background. -C Compresses the data before sending it. -q Uses quiet mode. -N Tells SSH that no command will be sent once the tunnel is up.

ssh escape sequences

While using ssh your connection may become idle or unresponsive in any case instead of waiting you can simple terminate the connection by sending a escape sequence: ~. SSH escape sequences sequence description ~. terminate connection (and any multiplexed sessions) ~B send a BREAK to the remote system ~C open a command line ~R request rekey ~V/v decrease/increase verbosity (LogLevel) ~^Z suspend ssh ~# list forwarded connections ~& background ssh (when waiting for connections to terminate) ~?

ssh rsa public key encryption

Encrypt a file using ssh public keys. Create ssh public key in PEM format: ssh-keygen -f id_rsa.pub -e -m PKCS8 > id_rsa.pem.pub Use openssl to encrypt/decrypt Encrypt: openssl rsautl -encrypt -pubin -inkey ~/.ssh/id_rsa.pem.pub -ssl -in test.txt -out test.txt.enc Decrypt: openssl rsautl -decrypt -inkey ~/.ssh/id_rsa -in test.txt.enc -out test.txt.enc.txt

mosh

mosh (mobile shell) Remote terminal application that allows roaming, supports intermittent connectivity, and provides intelligent local echo and line editing of user keystrokes. Mosh is a replacement for SSH. It’s more robust and responsive, especially over Wi-Fi, cellular, and long-distance links. How to install server FreeBSD: $ pkg install net/mosh Edit /etc/login.conf and add this to the default: :charset=UTF-8:\ :lang=en_US.UTF-8:\ :setenv=LC_COLLATE=C: After editing /etc/locing.conf run:

mosh

mosh (mobile shell) Remote terminal application that allows roaming, supports intermittent connectivity, and provides intelligent local echo and line editing of user keystrokes. Mosh is a replacement for SSH. It’s more robust and responsive, especially over Wi-Fi, cellular, and long-distance links. How to install server FreeBSD: $ pkg install net/mosh Edit /etc/login.conf and add this to the default: :charset=UTF-8:\ :lang=en_US.UTF-8:\ :setenv=LC_COLLATE=C: After editing /etc/locing.conf run:

Port knocking

In computer networking, port knocking is a method of externally opening ports on a firewall by generating a connection attempt on a set of prespecified closed ports. Once a correct sequence of connection attempts is received, the firewall rules are dynamically modified to allow the host which sent the connection attempts to connect over specific port(s). For example, Using PF on FreeBSD to only open port 22 after X number of attempts to connect on port 1234: