SSH

SSH Without PasswordAuthentication

Gen key

ssh-keygen -t rsa

Copy to remote

# ssh-copy-id -i ~/.ssh/id_rsa.pub user@remote-system
# or
# may be on .ssh forder not exist on remote
# cat ~/.ssh/*.pub | ssh user@remote-system 'umask 077; cat >>.ssh/authorized_keys'

source: https://www.schlittermann.de/doc/ssh.html

Issues

Connection to nagios.vavmaster.de closed by remote host. Connection to nagios.vavmaster.de closed. behind fritzbox

Fix

cat /proc/sys/net/ipv4/tcp_keepalive_time
echo "60" > /proc/sys/net/ipv4/tcp_keepalive_time

persistent

echo "net.ipv4.tcp_keepalive_time = 60" >> /etc/sysctl.conf

source: https://wilfing.eu/artikel/ssh-keepalive

SSH TUNEL

New project is active. See code/tunel project

ssh -fN -RREMOTEDOMAIN:10004:localhost:22 USER@REMOTEDOMAIN

or use autossh (reconnects automaticaly)

autossh -M 10901 -fN -o "PubkeyAuthentication=yes" -o "StrictHostKeyChecking=false" -o "PasswordAuthentication=no" -o "ServerAliveInterval 60" -o "ServerAliveCountMax 3" -R REMOTEDOMAIN:10009:localhost:22 root@REMOTEDOMAIN

Try to connect

ssh REMOTEDOMAIN -p 10009

Check also sshd conf entry

GatewayPorts clientspecified

Check

netstat -nap

Example

ssh -fN -R a.moqops.com:8080:localhost:8080 relay@moqops.com

Important

DNS must match the for domain. Check for example with ifconfig. It must not be a public ip, IP must be the same as on Interface.

To make tunel on startup DO systemd

Create a stat script

# cd /usr/local/bin
# cat > tunel

#!/bin/bash
autossh -M 10999 -fN -o "PubkeyAuthentication=yes" -o "StrictHostKeyChecking=false" -o "PasswordAuthentication=no" -o "ServerAliveInterval 60" -o "ServerAliveCountMax 3" -R 192.168.8.102:22:localhost:22 root@nagios.vavmaster.de

# chmod a+x tunel

# cd /etc/systemd/system
# cat > tunel.service

[Unit]
Description=tunel Unit
Wants=network-online.target
After=network.target network-online.target

[Service]
User=root
Type=simple
ExecStart=/usr/local/bin/tunels/kafka

RestartSec=5
Restart=always

[Install]
WantedBy=multi-user.target

# systemctl enable tunel.service
# reboot

# NOW
# systemctl enable tunel.ssh.service
# systemctl start tunel.ssh.service

Connection from outside than $ ssh monitoring.vavmaster.de -p 2222 -l vavvav

To debug connection

ssh -vvv REMOTEDOMAIN -p 2222 -l USER

SSH Agent

If agent are active use for axample this rsync command to provide the keygen

rsync  -avzhe  ssh -A REMOTEHOST:/mnt/temp/* .

See scripts * scripts.

source

• https://gist.github.com/drmalex07/c0f9304deea566842490

• https://hobo.house/2016/06/20/fun-and-profit-with-reverse-ssh-tunnels-and-autossh/

• https://linux.die.net/man/1/autossh