Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [ssh]

Secure Shell (SSH) is a protocol primarily for encrypted shell connections. This tag is also used for questions about sshd and openssh, the two standard applications for using SSH.

Secure Shell or SSH is a network protocol that allows data to be exchanged using a secure channel between two networked devices. Used primarily on Linux and Unix based systems to access shell accounts, SSH was designed as a replacement for Telnet and other insecure remote shells, which send information, notably passwords, in plaintext, rendering them susceptible to packet analysis.

It's important to note that there are two versions of SSH (1 and 2), and that version 1 is no longer considered secure, and should be replaced by version 2 where ever possible.

More information, including the more notable SSH-1 vulnerabilities, can be found at the Wikipedia page for SSH.

8868 questions
44
votes
7 answers

Forward local port or socket file to remote socket file

Quick question - I run two linux boxes, one my own desktop and the other my VPS. For security reasons on the VPS end I opted for socket connections to MySQL (/var/run/mysqld/mysql.sock). I know I can tunnel like this: ssh -L 3307:127.0.0.1:3306…
user32616
43
votes
6 answers

ssh tunneling only access

Is it possible to configure ssh (on linux) to allow access for tunneling only? Ie user can setup tunnels but cannot get a shell/access files?
Second
  • 663
  • 1
  • 6
  • 8
43
votes
2 answers

How could I stop ssh offering a wrong key?

(This is a problem with ssh, not gitolite) I've configured gitolite on my home server (ubuntu 12.04 server, open-ssh). I want an special identityfile to administer the repositories, so I need to access throught ssh to my own host ussing two…
Alvaro Maceda
  • 543
  • 1
  • 4
  • 5
43
votes
1 answer

ssh tunnel - bind: Cannot assign requested address

Trying to create a socks (-D) ssh tunnel - Linux box to Linux box (both centos): sshd running on remote side ok. From local machine we do / see this: ssh -D 1080 user@8.8.8.8. user@8.8.8.8's password: bind: Cannot assign requested address (where…
JosephK
  • 633
  • 1
  • 6
  • 8
42
votes
3 answers

How to show the host/configured/default ssh "configuration"?

According to my ssh_config file... Configuration data is parsed as follows: command line options user-specific file system-wide file With that said, (and yes, I know, I could scour man ssh_config AND man ssh, and (hope) for documented…
mralexgray
  • 1,353
  • 3
  • 12
  • 29
42
votes
4 answers

Fingerprint of PEM ssh key

I have a PEM file which I add to a running ssh-agent: $ file query.pem query.pem: PEM RSA private key $ ssh-add ./query.pem Identity added: ./query.pem (./query.pem) $ ssh-add -l | grep query 2048 ef:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX…
Unknown
  • 1,341
  • 2
  • 13
  • 19
42
votes
9 answers

How do you setup ssh to authenticate using keys instead of a username / password?

How do you setup ssh to authenticate a user using keys instead of a username / password?
ScArcher2
  • 623
  • 1
  • 7
  • 9
41
votes
5 answers

windows 10 ssh proxycommand: "posix_spawn: No such file or directory"

I use Windows10 and I need to use a jumphost to get to my Linux servers. Thus I have configured my .ssh\config like so: Host jumphost HostName jumphost.server.local Host server*.server.local ProxyCommand ssh jumphost netcat -w 120 %h %p But when…
Chris
  • 921
  • 1
  • 7
  • 11
41
votes
3 answers

How to allow ssh to root user only from the local network?

I've installed Google-Authenticator on a CentOS 6.5 machine and configured certain users to provide OTP. While editing /etc/ssh/sshd_config I saw a directive "PermitRootLogin" which is commented out by default. I would like to set "PermitRootLogin…
Itai Ganot
  • 10,644
  • 29
  • 93
  • 146
41
votes
3 answers

What is gssapi-with-mic?

Debugging a Nagios warning on ssh, I've discovered that gssapi-with-mic is causing long lags in authentication. I've turned it off, but what exactly am I missing? I gather that GSSAPI is a tool for authentication, but what about the -with-mic part?
jldugger
  • 14,342
  • 20
  • 77
  • 129
41
votes
6 answers

Where is the sshd log file on Red Hat Linux stored?

Can someone please tell me where to find the SSHD log on RedHat and SELinux.... I would like to view the log to see who is logging into my account..
user150591
  • 437
  • 1
  • 4
  • 6
41
votes
5 answers

Smoothest workflow to handle SSH host verification errors?

This is a simple issue that we all face and probably resolve manually without giving much thought. As servers change, are re-provisioned, or IP addresses reallocated, we receive the SSH host verification message below. I'm interested in…
ewwhite
  • 197,159
  • 92
  • 443
  • 809
41
votes
5 answers

verify sshd configuration

How I can verify the configuration of sshd? For example, I want to make sure that these settings are set and applied: AllowUsers user1 user2 PasswordAuthentication no PermitRootLogin no Is the only way manually verifying the contents of the file…
JuanPablo
  • 913
  • 3
  • 10
  • 21
40
votes
6 answers

Forward SSH through SSH tunnel

My situation : Me(localhost) -> Server A(ip:100.100.100.100) =>(server B(ip:192.168.25.100),server....) i'm able to SSH into server since it has a true ip if i then want to connect to server b, i would ssh server b with it's…
tom91136
  • 503
  • 1
  • 4
  • 7
40
votes
8 answers

Automating ssh-copy-id

I have some arbitrary number of servers with the same user/pass combination. I want to write a script (that I call once) so that ssh-copy-id user@myserver is called for each server. Since they all have the same user/pass this should be easy but…
devin
  • 1,246
  • 3
  • 20
  • 27
1 2 3
99 100