ssh

Links Linux/AddSshUserKeyOnly , Cisco/SshLogin , /Linux/Security/LoginHistory , LinuxSssdADauth

ssh to old servers with unsecure ciphers

• error received

  Unable to negotiate with 10.10.10.1 port 22: no matching cipher found. Their offer: aes256-cbc,aes128-cbc,3des-cbc

• Set key exchange

  ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 user@legacyhost
  # or in config
      KexAlgorithms +diffie-hellman-group1-sha1

List supported settings

• add -G to command line to see active setting

• for available settings

  ssh -Q cipher       # List supported ciphers
  ssh -Q mac          # List supported MACs
  ssh -Q key          # List supported public key types
  ssh -Q kex          # List supported key exchange algorithms

Convert putty rsa public key to openssl format

1. Copy rsa key into clipboard and save to /tmp/key.pub e.g.

   cat - > /tmp/key.pub

2. for key beginning with "---- BEGIN SSH2 PUBLIC KEY ----"

   ssh-keygen -i -f /tmp/key.pub
   ## using ssh-rsa <xxx> output from previous command
   $ echo "ssh-rsa <xxx> Name.Surname+Note@domain.com" | sudo tee /home/<user>/.ssh/authorized_keys

SSH socks connection

ssh -D 1337 -q -C -N user@ma.ttias.be

SSH Errors and fix's

• Err: Connection closed by authenticating user <user> <ip_addr> port <port> [preauth]

  • Cause: User tried to do password authentication, but  PasswordAuthentication no 

  • Fix: 1. Update /etc/ssh/sshd_config to allow password authentication
  • Fix: 2. Use ssh key to login.