like ssh and secure keys ?
Generate Secure Key
ssh-keygen -o -a 100 -t ed25519 -C "MyFamousComment" ssh-keygen -o -a 100 -t ed25519 -C "$(whoami)@$(hostname)" ssh-keygen -o -a 100 -t ed25519 -C "$(whoami)@$(hostname) at $(date \"+%Y-%m-%d\")" ssh-keygen -o -a 100 -t ed25519 -C "$(whoami)@$(hostname) at $(date \"+%Y-%m-%d %H:%M\")"
What’s ed25519 ?
ssh-copy-id [email protected]
Connect to Remote
Connect to Remove without Agent Forwarding (use this unless you know what you’re dooing …)
ssh -a remotehost
Connect with Agent Forwarding
or if you need Agent Forwarding
ssh -A remotehost
Confirm Agent Forwarding
to confirm if agent forwarding is working, you can check your environment:
boss ~$ env |grep SSH SSH_TTY=/dev/ttyp0 SSH_AUTH_SOCK=/tmp/ssh-sx8jqoWoD7/agent.10207 SSH_CONNECTION=192.168.2 55484 192.168.1.1 22 SSH_CLIENT=192.168.108.2 55484 22
Check if Passphrase is set
ssh-keygen -y -f .ssh/id_ed25519
ssh-keygen -p -f .ssh/id_ed25519 Enter old passphrase: Enter new passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved with the new passphrase.
Extract Public Key from Private Key
ssh-keygen -y -f ~/.ssh/id_ed25519 ssh-keygen -y -f ~/.ssh/id_ed25519 > ~/.ssh/id_ed25519.pub
Change Comment on Privat Key
ssh-keygen -c -C "my new comment" -f ~/.ssh/id_ed25519 Old comment: whatever-was-here Comment 'my new comment' applied
SSH Authentication with Password (without Key)
ssh -o PreferredAuthentications=password -o PubkeyAuthentication=no -l user switchxxx
keychain is a manager for ssh-agent, typically run from ~/.bash_profile. It allows your shells and cron jobs to easily share a single ssh-agent process. By default, the ssh-agent started by keychain is long-running and will continue to run, even after you have logged out from the system.
doas pkg_add keychain $ keychain * keychain 2.8.5 ~ http://www.funtoo.org * Starting ssh-agent...
restrict Access via Authorized_Keys
you may wanna give some users access to a certain maschine, but just allow some commands. you can, for example, allow to get a file from a backup folder via ssh key
[email protected] # cat /root/.ssh/authorized_keys # Allow SCP for theirserver command="scp -f /home/backup/fullbackup.tar.gz",no-port-forwarding,no-agent-forwarding,no-X11-forwarding ssh-ed25519 AAAAC3Nzaxxxxxxxxxxxxxxxxxxxxx "pubkey from yourserver"
Any Comments ?