This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
сервис_ssh [2021/10/13 14:31] val [Windows] |
сервис_ssh [2024/02/22 07:51] val [SSH вместо RCP (SCP)] |
||
---|---|---|---|
Line 13: | Line 13: | ||
* [[http://www.putty.org/|PuTTY]] | * [[http://www.putty.org/|PuTTY]] | ||
* [[https://the.earth.li/~sgtatham/putty/latest/w64/]] | * [[https://the.earth.li/~sgtatham/putty/latest/w64/]] | ||
+ | * [[http://val.bmstu.ru/unix/SSH/putty-64bit-0.76-installer.msi]] | ||
<code> | <code> | ||
Line 18: | Line 19: | ||
HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\SshHostKeys | HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\SshHostKeys | ||
+ | </code> | ||
+ | |||
+ | === MobaXterm === | ||
+ | |||
+ | * [[https://mobaxterm.mobatek.net/|MobaXterm]] | ||
+ | * [[https://bbs.archlinux.org/viewtopic.php?id=174595|Weird characters while pasting in terminal]] | ||
+ | <code> | ||
+ | printf "\e[?2004l" | ||
</code> | </code> | ||
Line 39: | Line 48: | ||
... | ... | ||
PermitRootLogin yes | PermitRootLogin yes | ||
+ | ... | ||
+ | #KexAlgorithms +diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1 | ||
+ | #HostkeyAlgorithms +ssh-dss,ssh-rsa | ||
... | ... | ||
</code> | </code> | ||
Line 57: | Line 69: | ||
<code> | <code> | ||
+ | $ sftp -P 2222 -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no user3@localhost | ||
+ | |||
$ mkdir .ssh/ | $ mkdir .ssh/ | ||
Line 64: | Line 78: | ||
ServerAliveInterval 10 | ServerAliveInterval 10 | ||
- | #Host server2* | + | #Host gitlab* |
# Port 2222 | # Port 2222 | ||
- | # User backup | + | ## User root |
- | #Host 172.16.1.* 192.168.*.* *.corpX.un | + | #Host switch* 192.168.X.5* |
- | # UserKnownHostsFile=/dev/null | + | |
- | # StrictHostKeyChecking=no | + | |
- | + | ||
- | #Host switch* 192.168.X.3 192.168.X.4 192.168.X.5* | + | |
# KexAlgorithms +diffie-hellman-group1-sha1 | # KexAlgorithms +diffie-hellman-group1-sha1 | ||
# Ciphers +aes128-cbc | # Ciphers +aes128-cbc | ||
+ | # UserKnownHostsFile=/dev/null | ||
+ | # StrictHostKeyChecking=no | ||
+ | # LogLevel ERROR | ||
</code> | </code> | ||
Line 94: | Line 107: | ||
student@hostX$ cd /; sudo tar -cf - etc/ | ssh -l user1 gate "cat > etc.tar" | student@hostX$ cd /; sudo tar -cf - etc/ | ssh -l user1 gate "cat > etc.tar" | ||
- | server# ssh switch "show cdp neighbors" | + | server# ssh switch1 "show cdp neighbors" |
</code> | </code> | ||
==== SSH вместо RCP (SCP) ==== | ==== SSH вместо RCP (SCP) ==== | ||
+ | ==== SCP ==== | ||
<code> | <code> | ||
- | $ scp -P 2222 val@radio.specialist.ru:/usr/local/www/apache22/data/unijava/jre-8u211-windows-x64.exe . | + | $ scp -P 2222 val@radio.specialist.ru:/usr/local/www/apache22/data/unix/virus.zip . |
server# scp switchN:running-config /srv/tftp/switchN-running-config | server# scp switchN:running-config /srv/tftp/switchN-running-config | ||
server# sshpass -p cisco scp switchN:running-config /srv/tftp/switchN-running-config | server# sshpass -p cisco scp switchN:running-config /srv/tftp/switchN-running-config | ||
+ | |||
+ | server# scp -3 192.168.X.101:/etc/docker/daemon.json gate:/etc/docker/daemon.json | ||
</code> | </code> | ||
Line 168: | Line 184: | ||
... | ... | ||
</code><code> | </code><code> | ||
- | lan# ssh -N -R 2222:localhost:22 user1@server.corpX.un | + | # cat /proc/sys/net/ipv4/ip_local_port_range |
+ | |||
+ | lan# ssh -N -R 61022:localhost:22 -o ServerAliveInterval=60 user1@server.corpX.un | ||
lan# ssh -N -R 3101:192.168.100+X.101:3389 user1@server.corpX.un | lan# ssh -N -R 3101:192.168.100+X.101:3389 user1@server.corpX.un | ||
Line 184: | Line 202: | ||
</code> | </code> | ||
+ | ==== Управление доступом на основе членства в группе ==== | ||
+ | |||
+ | Пример использования отдельного файла конфигурации | ||
+ | |||
+ | <code> | ||
+ | gate# cat /etc/ssh/sshd_config.d/my.conf | ||
+ | </code><code> | ||
+ | #AllowGroups sudo | ||
+ | |||
+ | #DenyGroups group1 group2 | ||
+ | </code> | ||
==== Запрет Forwarding портов ==== | ==== Запрет Forwarding портов ==== | ||
Line 220: | Line 249: | ||
==== Парольная аутентификация ==== | ==== Парольная аутентификация ==== | ||
<code> | <code> | ||
- | [gate.isp.un:~] # apt install sshpass | + | server# apt install sshpass |
- | [gate.isp.un:~] # sshpass -p '123' ssh 172.16.1.13 | + | server# sshpass -p 'strongpassword' ssh vagrant@node1 |
server# sshpass -p cisco ssh switchN | server# sshpass -p cisco ssh switchN | ||
Line 233: | Line 262: | ||
=== Настройка sshd на использование ключей === | === Настройка sshd на использование ключей === | ||
<code> | <code> | ||
- | gate# cat /etc/ssh/sshd_config | + | gate# less /etc/ssh/sshd_config |
</code><code> | </code><code> | ||
... | ... | ||
- | PubkeyAuthentication yes | + | #PubkeyAuthentication yes |
#AuthorizedKeysFile %h/.ssh/authorized_keys | #AuthorizedKeysFile %h/.ssh/authorized_keys | ||
... | ... | ||
Line 403: | Line 432: | ||
=== Настройка unix клиента ssh на использование GSSAPI === | === Настройка unix клиента ssh на использование GSSAPI === | ||
<code> | <code> | ||
- | client1# cat /etc/ssh/ssh_config | + | client1# less /etc/ssh/ssh_config |
</code><code> | </code><code> | ||
... | ... |