Differences

This shows you the differences between two versions of the page.

--- cheatsheet:ssh [2023/02/16 20:54] – kamaradski
+++ cheatsheet:ssh [2023/02/21 12:24] (current) – kamaradski
@@ Line 31: / Line 31: @@
 $ ssh username@hostname "command"
 </code>
+===== keys and certificates =====
+==== create id_rsa ssh key ====
+<code bash>
+$ ssh-keygen -t rsa
+or
+$ ssh-keygen -t rsa -b 4096 -C "<comment>"
+</code>
+==== copy local public key to remote "known_hosts" ====
+<code bash>
+$ ssh-copy-id -i ~/.ssh/id_rsa.pub -p 1234 user@host
+</code>
+==== remove a specific host from the known_hosts file ====
+<code bash>
+$ ssh-keygen -f "/home/ubuntu/.ssh/known_hosts" -R "10.0.0.10"
+# Host 10.0.0.10 found: line 39
+# Host 10.0.0.10 found: line 40
+/home/ubuntu/.ssh/known_hosts updated.
+Original contents retained as /home/ubuntu/.ssh/known_hosts.old
+</code>
 ===== create "alias" configuration for a host =====
@@ Line 162: / Line 187: @@
 In this example, you're connecting to the "accessible.com" computer and creating a tunnel on port 8888. Any traffic sent to port 8888 on your home computer will be securely forwarded to the "server.example.com" server through the "accessible.com" computer. This is commonly in use in secure networks where you only can or want to expose 1 server to the internet, and you use this as jumphost to reach other services that are in the network behind.
+===== SSHd settings =====
+Related file: /etc/ssh/sshd_config
+==== disable the use of passwords to login ====
+Note: make sure you have a working key-based login in place before doing this (or local access via a real keyboard/monitor or KVM)
+<code>
+ChallengeResponseAuthentication no
+PasswordAuthentication no
+UsePAM no
+</code>
+==== disable the root account from logging in ====
+<code>
+PermitRootLogin no
+#PermitRootLogin prohibit-password
+</code>

wiki.kamaradski.com

User Tools

Site Tools

Differences

Page Tools