Differences between revisions 4 and 5
Revision 4 as of 2021-06-23 21:02:28
Size: 1191
Editor: PieterSmit
Comment:
Revision 5 as of 2023-08-11 10:20:32
Size: 1260
Editor: PieterSmit
Comment:
Deletions are marked like this. Additions are marked like this.
Line 35: Line 35:

== SSH socks connection ==
ssh -D 1337 -q -C -N user@ma.ttias.be

ssh

Links Linux/AddSshUserKeyOnly , Cisco/SshLogin , /Linux/Security/LoginHistory

ssh to old servers with unsecure ciphers

  • error received 

    Unable to negotiate with 10.10.10.1 port 22: no matching cipher found. Their offer: aes256-cbc,aes128-cbc,3des-cbc

  • Set key exchange 

    ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 user@legacyhost
# or in config
    KexAlgorithms +diffie-hellman-group1-sha1

List supported settings

  • add -G to command line to see active setting

  • for available settings 

    ssh -Q cipher       # List supported ciphers
ssh -Q mac          # List supported MACs
ssh -Q key          # List supported public key types
ssh -Q kex          # List supported key exchange algorithms

Convert putty rsa public key to openssl format

  1. Copy rsa key into clipboard and save to /tmp/key.pub e.g. 

    cat - > /tmp/key.pub

  2. for key beginning with "---- BEGIN SSH2 PUBLIC KEY ----" 

    ssh-keygen -i -f /tmp/key.pub
## using ssh-rsa <xxx> output from previous command
$ echo "ssh-rsa <xxx> Name.Surname+Note@domain.com" | sudo tee /home/<user>/.ssh/authorized_keys

SSH socks connection

ssh -D 1337 -q -C -N user@ma.ttias.be

ssh (last edited 2024-01-10 21:56:28 by PieterSmit)