Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [ssh]

Secure Shell (SSH) is a protocol primarily for encrypted shell connections. This tag is also used for questions about sshd and openssh, the two standard applications for using SSH.

Secure Shell or SSH is a network protocol that allows data to be exchanged using a secure channel between two networked devices. Used primarily on Linux and Unix based systems to access shell accounts, SSH was designed as a replacement for Telnet and other insecure remote shells, which send information, notably passwords, in plaintext, rendering them susceptible to packet analysis.

It's important to note that there are two versions of SSH (1 and 2), and that version 1 is no longer considered secure, and should be replaced by version 2 where ever possible.

More information, including the more notable SSH-1 vulnerabilities, can be found at the Wikipedia page for SSH.

8868 questions
34
votes
4 answers

public key authentication fails ONLY when sshd is daemon

I have no clue on how this happens. The distro is Scientific Linux 6.1 and everything is set up to perform authentication via public key. Yet, when sshd is running as a daemon (service sshd start), it doesn't accept public keys. (To obtain this…
user666412
  • 443
  • 1
  • 4
  • 7
34
votes
7 answers

Resume command running in dropped SSH session

Reading this question got me to wondering. Assuming screen is not being used. If an SSH session on a Linux target is dropped, for whatever reason, and you reconnect before the server kills the session because of timeout, is it possible to regain…
John Gardeniers
  • 27,458
  • 12
  • 55
  • 109
33
votes
2 answers

How can I list MACs, Ciphers and KexAlogrithms supported by my ssh server?

How can I determine the supported MACs, Ciphers, Key length and KexAlogrithms supported by my ssh servers? I need to create a list for an external security audit. I'm looking for something similar to openssl s_client -connect example.com:443…
Henrik Pingel
  • 9,380
  • 2
  • 28
  • 39
33
votes
6 answers

Auto-storing server host key in cache with plink

I've been trying to issue commands using plink to retrieve information from my external server. Note that these plink commands are run from a binary that expects no input from the user. Is there a flag that will allow me to override this error…
Tad Oh
  • 333
  • 1
  • 3
  • 5
33
votes
4 answers

Why does the $PATH of an ssh remote command differ from that of an interactive shell?

I have a user that has made no modifications to the $PATH in any dot-files: it is exactly the system default setting. From a login shell: $ ssh example.com user@example.com:~$ cat /tmp/hello.hs #!/bin/bash echo "$SHELL" echo…
troutwine
  • 1,452
  • 5
  • 18
  • 33
33
votes
3 answers

Configuration for multiple port SSH

I need to listen to SSH on two ports: 22 for hosting admin access and 26 for regular access. I would like to disallow root login on 26 and disallow all but internal IPs for port 22. The latter can be done with iptables rules, but I don't know about…
CKoning
  • 339
  • 1
  • 3
  • 3
33
votes
4 answers

Enable Password Login for SSH on Amazon Linux AMI

I wan't to be able to login via ssh with a password and not the key file. Yeah I know it's totally insecure but at this point in the config I was turning variables off and on left and right trying to get this to work. # $OpenBSD:…
evolvd
  • 1,384
  • 6
  • 33
  • 58
33
votes
1 answer

how to interrupt a stuck ssh connection

Oooops i just typed "ip link set eth0 down" while i was sshed into a server. that ssh session is now stuck for the timeout. Is there a key I can press to kill the ssh session with out waiting for the timeout?
Arthur Ulfeldt
  • 3,249
  • 9
  • 33
  • 40
32
votes
2 answers

SSH - identify which users still login using passwords

I have an Ubuntu Linux server allowing password authentication for SSH, and I want to switch it to SSH keys only and disable password login. Before I disable password login, how can I find out which users are still using passwords, and which have…
PeterB
  • 619
  • 1
  • 8
  • 13
32
votes
6 answers

Measure total latency of SSH session

Is there a way to measure/report the overall latency in a tunneled SSH session? My particular setup is: Client (OS X + wifi router + ADSL modem) Gateway SSH server exposed to Internet Internal SSH target to which I'm tunneling I'm interested in…
pufferfish
  • 2,830
  • 11
  • 39
  • 40
32
votes
5 answers

Why run SSH on a different port

I am currently learning about installing Kippo SSH. From the tutorial, it said that I should reconfigure SSH port from 22 to a different port (which in this case 3389). So now whenever I try to SSH from a client, it will connect to port 3389. From…
Adam
  • 425
  • 5
  • 7
32
votes
1 answer

How can I set -X (X11Forwarding) in my ~/.ssh/config file for a specific host?

So if I'm VPN'ing in from home, I want all of those connections to have -X specified. I already have the keys copied and an entry in ~/.config with the ip and userid so all I have to do is go: ssh wk so this is the last fly in the ointment.
user447607
  • 493
  • 1
  • 6
  • 9
32
votes
7 answers

ssh: "Access denied by PAM account configuration" for one non-root user but not another

On a VM I am initializing I am able to log in as one non-root user (admin) but not another (tbbscraper) over SSH with public key authentication. The only error message I can find in any log file is Sep 18 17:21:04 [REDACTED] sshd[18942]: fatal:…
zwol
  • 1,355
  • 2
  • 12
  • 22
32
votes
9 answers

How can I map a SFTP to a Drive, natively in Windows

Today I saw that Vista and Win7 (which I am using) have the option to map ftp natively, according to this article: http://cybernetnews.com/cybernotes-map-a-ftp-to-a-drive-in-windows/ But I need to have sftp... does windows has the same function for…
Igor B.
  • 385
  • 1
  • 4
  • 7
32
votes
5 answers

Centralized management system for SSH keys?

We are looking to switch to key-based management of SSH logins, and wonder if there any key-management systems which would allow us to centrally manage the access keys world-wide. The system should ideally allow issuing key per client, and revoking…
SyRenity
  • 3,179
  • 11
  • 57
  • 79
1 2 3
99 100