SSH
随着 Windows10 集成了 Open ssh. SSH 的简单总结有必要来一下。
Why we need SSH
-
TTY?
不严谨的说话,TTY 就是终端。terminal。
-
--tty , -t Allocate a pseudo-TTY
-
How to remote? SSH?
-
SSH without tty
Most command don’t need TTY to work.
ssh host_test ls
ssh host_test bash
- SSH with tty
ssh host_test
ssh -t host_test "vi text.txt"
ssh -t host_test top
- SSH through proxy
ssh root@domain.com -p 22 -o "ProxyCommand=nc -X connect -x 127.0.0.1:10801 %h %p"
or window version
ssh root@domain.com -p 22 -o "ProxyCommand=C:\Program Files (x86)\Nmap\ncat.exe --verbose --proxy-type http --proxy 127.0.0.1:10801 %h %p"
How SSH work
Authentications
PasswordAuthentication yes
PubkeyAuthentication yes
PasswordAuthentication
和 HTTPS(SSL)加密算法很像。 然而怎么保证 server 的 public key 不被替换呢(第一次连接时候)? 你要自己对自己的 known_hosts 负责。SSL 有浏览器内置的 CA 来校验 server public 是不是正确的。 Use SSH -v
or SSH -vvv
观察下连接过程。
- When an SSH server is initialized, it creates a host key, which is a public/private keypair. The SSH server gives out the public key to anyone who connects to it.
- Your SSH client checks if the host you are trying to connect to has a host key in the ~/.ssh/known_hosts file
- If the entry does not exist, add the host key to the ~/.ssh/known_hosts file
- If the entry exists, use the host key (which is a public key) to encrypt a message, and expect the server to decrypt it. If the server has successfully decrypted the message, then it means that the server holds the private key which matches the given host key, meaning that it is who it claims to be .
More details, please refer.
PubkeyAuthentication
Need do something in server.
- Client generate SSH keypair
- Add client public to server
~/.ssh/authorized_keys
- Use client private key.
ssh -i
.
SSH client config for multiple Pubkey
使用 PubkeyAuthentication, server 需要 client 的 public key。然后对于 client multiple,client 有很多 public key, ssh client 在建立连接时候该如何选择呢? 答案是 SSH 进行连接的时候,不需要指定 public key,private key 里面包含 public key。
# Company account
Host company
HostName github.com
PreferredAuthentications publickey
IdentityFile ~/.ssh/id_rsa_company
# over http proxy
ProxyCommand C:\Program Files (x86)\Nmap\ncat.exe --proxy-type http --proxy 127.0.0.1:10801 %h %p
# Personal account
Host personal
HostName github.com
PreferredAuthentications publickey
IdentityFile ~/.ssh/id_rsa_personal
Proxying with Dynamic Port Forwarding
- Why need this?
- Sample
Tunneling with Local Port Forwarding
- Why need this?
- Sample
Tunneling with Reverse Port Forwarding
- Why need this?
SSH Based Multi-hop Jump Hosts
- Why need this?
SSH Based VPN
- Why need this?
引用
Firewall Evasion and Remote Access with OpenSSH by Anthony Nocentino
OpenSSH Internals for PowerShell Pros by Anthony Nocentino
Or if you can’t access youtube,
https://www.bilibili.com/video/av52884427/