Wikiversity

OpenSSH

OpenSSH is a popular suite of software utilities implementing Secure Shell (SSH) protocol. OpenSSH includes the ability to set up a TCP secured channel and it is widely use as a replacement for not secured telnet and secure replacement of file transfers such as rcp and ftp. OpenSSH offers a great number of features including ssh session multiplexing. [1][2]


The OpenSSH suite includes the following command-line utilities and daemons:

  • ssh, ssh client and TCP secure replacement for rlogin, rsh and telnet to allow shell access to a remote machine.
  • scp, a replacement for rcp (Unix)
  • sftp, a replacement for ftp to copy files between computers
  • sshd, the SSH server daemon which allows shell access and file transfers to a remote machine.
  • ssh-keygen, a tool to inspect and generate the RSA, DSA and Elliptic Curve keys that are used for user and host authentication
  • ssh-agent and ssh-add, utilities to ease authentication by holding keys ready and avoid the need to enter passphrases every time they are used
  • ssh-keyscan, which scans a list of hosts and collects their public keys
  • ssh-copy-id, copy local keys to remote machine.

Readings

edit


ssh clients

edit

OpenSSH includes an ssh client:ssh. Others clients are available such us putty, mosh, paramiko and autossh[3].

autossh[4] main feature not include in OpenSSH ssh client is the capability to monitor an ssh connection and restart it if necessary.

  • Loop waiting to connect to server: AUTOSSH_POLL=5 AUTOSSH_GATETIME=0 autossh -M 0 -o ServerAliveInterval=5 -o ServerAliveCountMax=1 YOUR_SERVER_NAME_OR_IP

Ssh clients in Linux are frequently executed inside a terminal or using any kind of terminal multiplexer such as tmux or screen.

Activities

edit

Basic

edit

Intermediate

edit
  • Learn about different client connection options, such us: -oBatchMode=yes or -o ConnectTimeout=2[7]
  • Connect to remote server temporarily turning off host key checking, (security implications): ssh -oStrictHostKeyChecking=no SERVER_NAME

Advanced

edit
  1. Read ssh documentation about multiplexing https://en.wikibooks.org/wiki/OpenSSH/Cookbook/Multiplexing and its implementation details: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/PROTOCOL.mux?annotate=HEAD
  2. Configure ssh session multiplexing
  3. Use ProxyJump directive to connect using a "Jump Server"[8]
  4. Run a shell script on a remote machine using ssh: ssh root@MachineB 'bash -s' < local_script.sh[9]. See also: parallel
  5. Read https://github.com/openssh/openssh-portable source code

See also

edit

References

edit
  1. https://en.wikibooks.org/wiki/OpenSSH/Cookbook/Multiplexing
  2. https://stackoverflow.com/questions/20410252/how-to-reuse-an-ssh-connection
  3. https://linux.die.net/man/1/autossh
  4. https://linux.die.net/man/1/autossh
  5. https://serverfault.com/questions/52285/create-a-public-ssh-key-from-the-private-key
  6. https://www.digitalocean.com/community/tutorials/how-to-configure-ssh-key-based-authentication-on-a-linux-server
  7. https://linux.die.net/man/1/ssh
  8. https://en.wikibooks.org/wiki/OpenSSH/Cookbook/Proxies_and_Jump_Hosts#Passing_Through_One_or_More_Gateways_Using_ProxyJump
  9. https://stackoverflow.com/a/2732991
  10. https://github.com/yrutschle/sslh
Retrieved from "https://en.wikiversity.org/w/index.php?title=OpenSSH&oldid=2102420"