|
Size: 1344
Comment:
|
Size: 1601
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 1: | Line 1: |
| ## page was renamed from Howto/Ssh | |
| Line 7: | Line 8: |
| Connect to a server and use a SOCKS5 proxy on local port 8080 | == SOCKS5 == Connect to a server and use a SOCKS5 proxy on local port 8080. |
| Line 12: | Line 14: |
| Redirect a port on a remote server to your local host | == Portforwarding == Redirect a port on a remote server to your local host. {{{#!diag nwdiag { network internal { external.server; internal.server [address=80]; } external.server -- internet; internet [shape = cloud]; internet -- user; } }}} |
| Line 14: | Line 31: |
| ssh -L8080:internal.other.server:80 user@server.name | ssh -L8080:internal.server:80 user@external.server |
| Line 36: | Line 53: |
| = Examples = |
Tunneling
SOCKS5
Connect to a server and use a SOCKS5 proxy on local port 8080.
ssh -D8080 user@server.name
Portforwarding
Redirect a port on a remote server to your local host.
nwdiag is invalid diag type or not implemented yet.
ssh -L8080:internal.server:80 user@external.server
Config
Server config
Add the following to the /etc/ssh/sshd_config file to restrict broken and misused ciphers.
KexAlgorithms curve25519-sha256@libssh.org Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com
Client config
This is an example of a personal configfile in your .ssh/config.
Host server hostname 1.2.3.4 user username port 2222 LocalForward 8443 localhost:443
Restricted shell
This example shows us a ssh server where you can login, but have no rights at all to do anything, except restricted portforwarding. AllowTcpForwarding has to be enabled for the use of PermitOpen.
Match User testuser AllowTcpForwarding yes X11Forwarding no PermitTunnel no GatewayPorts no AllowAgentForwarding no PermitOpen localhost:80 ForceCommand read -p "Press enter to exit"