Differences between revisions 3 and 9 (spanning 6 versions)
Revision 3 as of 2019-11-01 08:48:58
Size: 460
Editor: Sciuro
Comment:
Revision 9 as of 2019-12-16 10:00:20
Size: 1344
Editor: Sciuro
Comment:
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
= SSH = #acl All:read
#lang en
Line 3: Line 4:
== Config file ==
Example		 <<TableOfContents()>>

= Tunneling =
Connect to a server and use a SOCKS5 proxy on local port 8080
{{{
ssh -D8080 user@server.name
}}}

Redirect a port on a remote server to your local host
{{{
ssh -L8080:internal.other.server:80 user@server.name
}}}

= Config =
== Server config ==
Add the following to the ''/etc/ssh/sshd_config'' file to restrict broken and misused ciphers.
{{{
KexAlgorithms curve25519-sha256@libssh.org
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com
}}}

== Client config ==
This is an example of a personal configfile in your ''.ssh/config''.
Line 13: Line 36:
= Examples =
Line 14: Line 38:
AllowTcpForwarding has to be enabled for the use of PermitOpen. This example shows us a ssh server where you can login, but have no rights at all to do anything, except restricted portforwarding. AllowTcpForwarding has to be enabled for the use of PermitOpen.

Contents

  1. Tunneling
  2. Config
    1. Server config
    2. Client config
  3. Examples
    1. Restricted shell

Tunneling

Connect to a server and use a SOCKS5 proxy on local port 8080 

ssh -D8080 user@server.name

Redirect a port on a remote server to your local host 

ssh -L8080:internal.other.server:80 user@server.name

Config

Server config

Add the following to the /etc/ssh/sshd_config file to restrict broken and misused ciphers. 

KexAlgorithms curve25519-sha256@libssh.org
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com

Client config

This is an example of a personal configfile in your .ssh/config. 

Host server
  hostname 1.2.3.4
  user username
  port 2222
  LocalForward 8443 localhost:443

Examples

Restricted shell

This example shows us a ssh server where you can login, but have no rights at all to do anything, except restricted portforwarding. AllowTcpForwarding has to be enabled for the use of PermitOpen. 

Match User testuser
   AllowTcpForwarding yes
   X11Forwarding no
   PermitTunnel no
   GatewayPorts no
   AllowAgentForwarding no
   PermitOpen localhost:80
   ForceCommand read -p "Press enter to exit"

Howto/SSH (last edited 2022-04-28 14:06:51 by Burathar)