Rewizja 3a728b2a8aaeb0c2527dacc595ff505a1a06476c

ssh.md · 2.8 KiB · Markdown Surowy

# Agent Forwarding Adding and removing keys to the agent: ``` waja at Brotschneidemaschine in ~ $ eval "$(ssh-agent -s)" Agent pid 7715 waja at Brotschneidemaschine in ~ $ ssh-add -L The agent has no identities. waja at Brotschneidemaschine in ~ $ ssh-add ~/.ssh/id_rsa Identity added: /Users/waja/.ssh/id_rsa (waja@Brotschneidemaschine.local) waja at Brotschneidemaschine in ~ $ ssh-add -L ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCfovU+pdwsO4ubyG8kldmtFwVcfNIbJX8Qvi+4rWKmkcEx7xdz27o+CrCXyu3eSbw8q/BVNZImwbs3C4dCBZ+o7ZtHmJGYzyrIOkY1AD1kdf0tbH3boEqoL46xOx8zGIUWCcuJd+bzMw/ub/5Qf+yW6a00h4szFiREyM6k2y+0gF21ewoSKPZp+XTFFXfOoGAllJ1rhQq+PScUHHu81Ft9bl18e0SWKRJd/EOiI+2/GAb/jtYo0lxyIk1GrmZDA80Tew7Mv636zWfXUaL1Tr4Y8Wxmeetr97MLcVcY9hMZmQlcmurDqeIJdWn1IAr8IRieLJZPiMjt09LZ2EAd/TmI2lbfy3c+013qmc4YoOhXDlRgoS5qeQr/zupP1/0ATzG37pGtkomO1zz9WBafFy5ewzIU1YUArV+/PNWbVdrnIEOKmHF/YM/ZCA5JwFp7M/8FOHZrM6KvCwcnmtHOzU+0y7eHYejUHTBOIrk9/SfP37IFEELaNrEJdDokQBXpT38= waja@Brotschneidemaschine.local waja at Brotschneidemaschine in ~ $ tail -2 .ssh/config Host * ForwardAgent yes waja at Brotschneidemaschine in ~ $ ssh-add -d ~/.ssh/id_rsa Identity removed: /Users/waja/.ssh/id_rsa RSA (waja@Brotschneidemaschine.local) ``` Identities are not permanent, Desktop-Managers reads keys from `basename -s .pub ~/.ssh/*.pub`. ``` waja in 🌐 jumphost in ~ ✦ ❯ kill -9 7715 waja in 🌐 jumphost in ~ ✦ ❯ ssh-add -L Error connecting to agent: Connection refused waja in 🌐 jumphost in ~ ✦ ❯ eval "$(ssh-agent -s)" Agent pid 7795 waja in 🌐 jumphost in ~ ✦ ❯ ssh-add -L The agent has no identities. ``` ## SSH Agent forwarding is nice but... [You should only add servers you trust and that you intend to use with agent forwarding.](https://docs.github.com/en/developers/overview/using-ssh-agent-forwarding) [Why using SSH agent-forwarding is a Bad Idea](https://medium.com/kernel-space/why-using-ssh-agent-forwarding-is-a-bad-idea-6cbdff31bbee) # SSH ProxyCommand / ProxyJump ``` ~ via ☕ via  ✦ ❯ tail -7 .ssh/config Host 192.168.66.* # https://www.cyberciti.biz/faq/linux-unix-ssh-proxycommand-passing-through-one-host-gateway-server/ # https://goteleport.com/blog/ssh-proxyjump-ssh-proxycommand/ # https://en.wikibooks.org/wiki/OpenSSH/Cookbook/Proxies_and_Jump_Hosts #ProxyJump user1@10.42.5.6:22 #ProxyCommand ssh -q -W %h:%p user1@10.42.5.6 ProxyCommand ssh -o 'ForwardAgent yes' 10.42.5.66 'ssh-add && nc %h %p' ``` # SSH Multiplexing ``` ~ via ☕ via  ✦ ❯ tail -8 .ssh/config Host * # https://www.cyberciti.biz/faq/linux-unix-reuse-openssh-connection/ # https://blog.scottlowe.org/2015/12/11/using-ssh-multiplexing/ # https://en.wikibooks.org/wiki/OpenSSH/Cookbook/Multiplexing ControlPath ~/.ssh/controlmasters/%r@%h:%p ControlMaster auto ControlPersist yes MaxSessions 10 ``` https://www.maketecheasier.com/kill-unresponsive-ssh-session/

Agent Forwarding

Adding and removing keys to the agent:

waja at Brotschneidemaschine in ~
$ eval "$(ssh-agent -s)"
Agent pid 7715

waja at Brotschneidemaschine in ~
$ ssh-add -L
The agent has no identities.

waja at Brotschneidemaschine in ~
$ ssh-add ~/.ssh/id_rsa
Identity added: /Users/waja/.ssh/id_rsa (waja@Brotschneidemaschine.local)

waja at Brotschneidemaschine in ~
$ ssh-add -L
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCfovU+pdwsO4ubyG8kldmtFwVcfNIbJX8Qvi+4rWKmkcEx7xdz27o+CrCXyu3eSbw8q/BVNZImwbs3C4dCBZ+o7ZtHmJGYzyrIOkY1AD1kdf0tbH3boEqoL46xOx8zGIUWCcuJd+bzMw/ub/5Qf+yW6a00h4szFiREyM6k2y+0gF21ewoSKPZp+XTFFXfOoGAllJ1rhQq+PScUHHu81Ft9bl18e0SWKRJd/EOiI+2/GAb/jtYo0lxyIk1GrmZDA80Tew7Mv636zWfXUaL1Tr4Y8Wxmeetr97MLcVcY9hMZmQlcmurDqeIJdWn1IAr8IRieLJZPiMjt09LZ2EAd/TmI2lbfy3c+013qmc4YoOhXDlRgoS5qeQr/zupP1/0ATzG37pGtkomO1zz9WBafFy5ewzIU1YUArV+/PNWbVdrnIEOKmHF/YM/ZCA5JwFp7M/8FOHZrM6KvCwcnmtHOzU+0y7eHYejUHTBOIrk9/SfP37IFEELaNrEJdDokQBXpT38= waja@Brotschneidemaschine.local

waja at Brotschneidemaschine in ~
$ tail -2 .ssh/config 
Host *
  ForwardAgent yes

waja at Brotschneidemaschine in ~
$ ssh-add -d ~/.ssh/id_rsa
Identity removed: /Users/waja/.ssh/id_rsa RSA (waja@Brotschneidemaschine.local)

Identities are not permanent, Desktop-Managers reads keys from basename -s .pub ~/.ssh/*.pub.

waja in 🌐 jumphost in ~
✦ ❯ kill -9 7715

waja in 🌐 jumphost in ~
✦ ❯ ssh-add -L
Error connecting to agent: Connection refused

waja in 🌐 jumphost in ~
✦ ❯ eval "$(ssh-agent -s)"
Agent pid 7795

waja in 🌐 jumphost in ~
✦ ❯ ssh-add -L
The agent has no identities.

SSH Agent forwarding is nice but...

You should only add servers you trust and that you intend to use with agent forwarding. Why using SSH agent-forwarding is a Bad Idea

SSH ProxyCommand / ProxyJump

~ via ☕ via  
✦ ❯ tail -7 .ssh/config 
Host 192.168.66.*
  # https://www.cyberciti.biz/faq/linux-unix-ssh-proxycommand-passing-through-one-host-gateway-server/
  # https://goteleport.com/blog/ssh-proxyjump-ssh-proxycommand/
  # https://en.wikibooks.org/wiki/OpenSSH/Cookbook/Proxies_and_Jump_Hosts
  #ProxyJump user1@10.42.5.6:22
  #ProxyCommand ssh -q -W %h:%p user1@10.42.5.6
  ProxyCommand ssh -o 'ForwardAgent yes' 10.42.5.66 'ssh-add && nc %h %p'

SSH Multiplexing

~ via ☕ via  
✦ ❯ tail -8 .ssh/config 
Host *
  # https://www.cyberciti.biz/faq/linux-unix-reuse-openssh-connection/
  # https://blog.scottlowe.org/2015/12/11/using-ssh-multiplexing/
  # https://en.wikibooks.org/wiki/OpenSSH/Cookbook/Multiplexing
  ControlPath ~/.ssh/controlmasters/%r@%h:%p
  ControlMaster auto
  ControlPersist yes
  MaxSessions 10

https://www.maketecheasier.com/kill-unresponsive-ssh-session/