CHEAT SHEET
SSH - common commands and secure config
SSH connections SSH keys
connects to a server (default port 22) generates a new ssh key
$ ssh user@server $ ssh-keygen -t rsa -b 4096
uses a specific port declared in sshd_config sends the key to the server
$ ssh user@server -p other_port $ ssh-copy-id user@server
runs a script on a remote server converts ids_rsa into ppk
$ ssh user@server script_to_run $ puttygen current_key -o keyname.ppk
compresses and downloads from a remote server
$ ssh user@server "tar cvzf - ~/source" > output.tgz SSH config
specifies other ssh key for connection opens config file (usual location)
$ ssh -i ~/.ssh/specific_ssh_fkey $ sudo nano /etc/ssh/sshd_config
changes default SSH port (22)
SSH service Port 9809
starts ssh service disables root login
$ (sudo) service ssh start PermitRootLogin no
checks ssh service status restricts access to specifucusers
$ (sudo) service ssh status AllowUsers user1, user2
stops ssh service enables login through ssh key
$ (sudo) service ssh stop PubkeyAuthentication yes
restarts ssh service disables login through password
$ (sudo) service ssh restart PasswordAuthentication no
disables usage of files .rhosts and .shosts
SCP (Secure Copy) IgnoreRhosts yes
copies a file from a remote server to a local machine
disables a less secure type of login
$ scp user@server:/directory/file.ext local_destination/
HostbasedAuthentication no
copies a file between two servers
number of unauthenticated connections
$ scp user@server:/dir/file.ext user@server:/dir
before dropping
MaxStartups 10:30:100
copies a file from a local machine to a remote server
$ scp local_destination/file.ext user@server:/directory
no. of failed tries before the servers stops
accepting new tries
uses a specific port declared for SHH in sshd_config
MaxAuthTries 3
$ scp -P port
max current ssh sessions
coppies recursive a whole folder
MaxSessions 1
$ scp -r user@server:/directory local_destination/
disables interactive password authentication
copies all files from a folder
ChallengeResponseAuthentication no
$ scp user@server:/directory/* local_destination/
no empty password allowed
copies all files from a server folder to the current folder
PermitEmptyPasswords no
$ scp user@server:/directory/* .
disables Rhost authtentication
compresses data on network using gzip
RhostsAuthentication no
$ scp -C
disables port forwarding (blocks i.e MySQL Workbench)
prints verbose info about the current transfer
AllowTcpForwarding no
$ scp -v
X11Forwarding no
Full articles about cyber security at prints much more info about SSH connections
https://blowstack.com/blog/cyber-security LogLevel VERBOSE
Author: Piotr Golon, piotr.golon@blowstack.com, https://blowstack.com