746
Comment:
|
← Revision 6 as of 2024-01-10 21:56:28 ⇥
1607
|
Deletions are marked like this. | Additions are marked like this. |
Line 2: | Line 2: |
Links [[Linux/AddSshUserKeyOnly]] , [[Cisco/SshLogin]] | Links [[Linux/AddSshUserKeyOnly]] , [[Cisco/SshLogin]] , [[/Linux/Security/LoginHistory]] , [[LinuxSssdADauth]] |
Line 16: | Line 16: |
== List supported settings === | == List supported settings == |
Line 24: | Line 24: |
== Convert putty rsa public key to openssl format == 1. Copy rsa key into clipboard and save to /tmp/key.pub e.g. {{{ cat - > /tmp/key.pub }}} 2. for key beginning with "{{{---- BEGIN SSH2 PUBLIC KEY ----}}}" {{{ ssh-keygen -i -f /tmp/key.pub ## using ssh-rsa <xxx> output from previous command $ echo "ssh-rsa <xxx> Name.Surname+Note@domain.com" | sudo tee /home/<user>/.ssh/authorized_keys }}} == SSH socks connection == ssh -D 1337 -q -C -N user@ma.ttias.be == SSH Errors and fix's == * Err: Connection closed by authenticating user <user> <ip_addr> port <port> [preauth] * Cause: User tried to do password authentication, but {{{ PasswordAuthentication no }}} * Fix: 1. Update /etc/ssh/sshd_config to allow password authentication * Fix: 2. Use ssh key to login. |
ssh
Links Linux/AddSshUserKeyOnly , Cisco/SshLogin , /Linux/Security/LoginHistory , LinuxSssdADauth
ssh to old servers with unsecure ciphers
error received
Unable to negotiate with 10.10.10.1 port 22: no matching cipher found. Their offer: aes256-cbc,aes128-cbc,3des-cbc
Set key exchange
ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 user@legacyhost # or in config KexAlgorithms +diffie-hellman-group1-sha1
List supported settings
- add -G to command line to see active setting
for available settings
ssh -Q cipher # List supported ciphers ssh -Q mac # List supported MACs ssh -Q key # List supported public key types ssh -Q kex # List supported key exchange algorithms
Convert putty rsa public key to openssl format
Copy rsa key into clipboard and save to /tmp/key.pub e.g.
cat - > /tmp/key.pub
for key beginning with "---- BEGIN SSH2 PUBLIC KEY ----"
ssh-keygen -i -f /tmp/key.pub ## using ssh-rsa <xxx> output from previous command $ echo "ssh-rsa <xxx> Name.Surname+Note@domain.com" | sudo tee /home/<user>/.ssh/authorized_keys
SSH socks connection
ssh -D 1337 -q -C -N user@ma.ttias.be
SSH Errors and fix's
Err: Connection closed by authenticating user <user> <ip_addr> port <port> [preauth]
Cause: User tried to do password authentication, but PasswordAuthentication no
- Fix: 1. Update /etc/ssh/sshd_config to allow password authentication
- Fix: 2. Use ssh key to login.