= ssh =
Links [[Linux/AddSshUserKeyOnly]] , [[Cisco/SshLogin]] , [[/Linux/Security/LoginHistory]] , [[LinuxSssdADauth]]

== ssh to old servers with unsecure ciphers ==
 * error received {{{
Unable to negotiate with 10.10.10.1 port 22: no matching cipher found. Their offer: aes256-cbc,aes128-cbc,3des-cbc
}}}

 * Set key exchange {{{
ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 user@legacyhost
# or in config
    KexAlgorithms +diffie-hellman-group1-sha1
}}}


== List supported settings ==
 * add -G to command line to see active setting
 * for available settings {{{
ssh -Q cipher       # List supported ciphers
ssh -Q mac          # List supported MACs
ssh -Q key          # List supported public key types
ssh -Q kex          # List supported key exchange algorithms
}}}

== Convert putty rsa public key to openssl format ==
 1. Copy rsa key into clipboard and save to /tmp/key.pub e.g. {{{
cat - > /tmp/key.pub
}}}
 2. for key beginning with "{{{---- BEGIN SSH2 PUBLIC KEY ----}}}" {{{
ssh-keygen -i -f /tmp/key.pub
## using ssh-rsa <xxx> output from previous command
$ echo "ssh-rsa <xxx> Name.Surname+Note@domain.com" | sudo tee /home/<user>/.ssh/authorized_keys

}}}

== SSH socks connection ==
ssh -D 1337 -q -C -N user@ma.ttias.be


== SSH Errors and fix's ==
 * Err: Connection closed by authenticating user <user> <ip_addr> port <port> [preauth]
   * Cause: User tried to do password authentication, but {{{ PasswordAuthentication no }}}
   * Fix: 1. Update /etc/ssh/sshd_config to allow password authentication
   * Fix: 2. Use ssh key to login.