Notas

Notas, scripts, algoritmos de uso diario y documentación de algunos proyectos.

View on GitHub
8 March 2021

SSH

by Juan Manuel González Garzón

SSH

I. Providing secure access for users

A. Create a SSH key

#!/bin/sh

# Basic usage ssh-keygen:
# $ ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa | rsa1] [-N new_passphrase] [-C comment] [-f output_keyfile]
# -q : Quiet
# The
# (-b 521 is the biggest value posible for ecdsa)

ssh-keygen -b 521 -t ecdsa -C 'Work station JM'

B. Sending the public key to another linux

#!/bin/sh

# Basic usage ssh-copy-id:
# $  ssh-copy-id [-f] [-n] [-i [identity_file]] [-p port] [-o ssh_option] [user@]hostname
# -f: Forced mode, read more.
# -n: Do a dry-run. Print the keys that would have been installed

ssh-copy-id -i ~/.ssh/id-ecdsa user@host

II. Issuing remote commands

ssh user@remote-ip-address "command"
ssh user@remote-ip-address "bash -s" < nombreScript.sh

III. Interactive and automated file transfers

# Bring a folder from other machine
scp -r user@remote-ip-address:/home/other-user/Videos/testSCP/ Documents/

IV. Managing network infrastructure

Example of SSH Tunneling and port forwarding

MACHINE_GATE=
MACHINE_GATE_USER=
MACHINE_GATE_PORT=

MACHINE_WORKSPACE=
MACHINE_WORKSPACE_USER=

DB_PROD=
DB_PROD_PORT=

DB_DEVL=
DB_DEVL_PORT=

TUNNELING_DB_PROD="38083:${DB_PROD}:${DB_PROD_PORT}"
TUNNELING_DB_DEVL="38082:${DB_DEVL}:${DB_DEVL_PORT}"
TUNNELING_WEB_SERVER="5000:${MACHINE_WORKSPACE}:8080"

# Connect to workspace without tunneling
# ssh -tp ${MACHINE_GATE_PORT} ${MACHINE_GATE_USER}@${MACHINE_GATE} "ssh ${MACHINE_WORKSPACE_USER}@${MACHINE_WORKSPACE}"

# Port forwarding, BD Prod
# ssh -L $TUNNELING_DB_PROD -p ${MACHINE_GATE_PORT} ${MACHINE_GATE_USER}@${MACHINE_GATE}

# Port forwarding, DB Devl
# ssh -L $TUNNELING_DB_DEVL -p ${MACHINE_GATE_PORT} ${MACHINE_GATE_USER}@${MACHINE_GATE}

# Port forwarding, Web Server
# ssh -L $TUNNELING_WEB_SERVER -p ${MACHINE_GATE_PORT} ${MACHINE_GATE_USER}@${MACHINE_GATE}

# Port forwarding, All together
ssh -t -L $TUNNELING_DB_PROD -L $TUNNELING_DB_DEVL -L $TUNNELING_WEB_SERVER -p $MACHINE_GATE_PORT "${MACHINE_GATE_USER}@${MACHINE_GATE}" "ssh ${MACHINE_WORKSPACE_USER}@${MACHINE_WORKSPACE}"

# TODO: Add an image of the example network
# TODO: ssh -i ./key.pem -p 56789 -X user@remote-domain

Reference

https://linux.die.net/man/1/ssh
https://www.ssh.com/ssh/command/
https://www.ssh.com/ssh/tunneling/
https://www.ssh.com/ssh/tunneling/example
https://www.ssh.com/ssh/sftp/

Credits

Ssh icons created by Freepik - Flaticon

tags: