Useful Commands/Security: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
| Line 2: | Line 2: | ||
! 情境 || 指令 | ! 情境 || 指令 | ||
|- | |- | ||
| | | Indirect Outgoing || | ||
<source lang="bash"> | <source lang="bash"> | ||
# (Private) localhost -> localhost:8888 -> server:22 -> somewhere.com:80 | |||
ssh -NCfL 127.0.0.1:8888:somewhere.com:80 server | ssh -NCfL 127.0.0.1:8888:somewhere.com:80 server | ||
# (Shared) any -> localhost:8888 -> server:22 -> somewhere.com:80 | |||
any -> localhost:8888 -> server:22 -> somewhere.com:80 | |||
ssh -NCfL *:8888:somewhere.com:80 server | ssh -NCfL *:8888:somewhere.com:80 server | ||
</source> | </source> | ||
Revision as of 04:05, 21 February 2019
| 情境 | 指令 |
|---|---|
| Indirect Outgoing |
# (Private) localhost -> localhost:8888 -> server:22 -> somewhere.com:80
ssh -NCfL 127.0.0.1:8888:somewhere.com:80 server
# (Shared) any -> localhost:8888 -> server:22 -> somewhere.com:80
ssh -NCfL *:8888:somewhere.com:80 server
|
| 從外面間接進來 |
效果會因為 sshd_config 的 GatewayPorts 而有差異 [GatewayPorts no]: bind 127.0.0.1 (預設)
home-nas -> home-nas:60080 -> home-nas:22 -> office-pc:## -> 192.168.1.100:80
[GatewayPorts yes]: bind 0.0.0.0
Any -> home-nas:60080 -> home-nas:22 -> office-pc:## -> 192.168.1.100:80
在 office-pc 執行這指令 ssh -NCfR 60080:192.168.1.100:80 home-nas
如果 GatewayPorts no 可以在回家時加上正向穿隧進行兩段穿隧 ssh -NCfL 61180:localhost:60080 home-nas
如果搭配 autossh 會更好用 autossh -M 11119 -NCfR 60080:192.168.1.100:80 home-nas
|
| SOCKS Relay Proxy |
Any -> localhost:3128 -> server:22 -> *:* ssh -NCfD *:3128 server
|
| 顯示已開啟的 Tunnel |
ps ax | awk '/ssh \-NCf/ { print $0 }' # 看完整指令
ps ax | awk '/ssh \-NCf/ { print $1 }' # 看 pid
ps ax | awk '/ssh \-NCf/ { print $7 }' # 看 port
ps ax | grep 'ssh \-NCf'
|
| Generate key pair |
# Save as default name id_rsa, id_rsa.pub
ssh-keygen
# Save as thefuck, thefuck.pub without password
ssh-keygen -f abc -N ''
# Save as thefuck, thefuck.pub with password
ssh-keygen -f abc -N '12345'
|
| Generate public key from private key |
# Dump
ssh-keygen -yf thefuck.pem
# Save as file
ssh-keygen -yf thefuck.pem > thefuck.pub
# Save as authorized_keys (while ~/.ssh/authorized_keys didn't exist)
ssh-keygen -yf thefuck.pem > authorized_keys
# Append into authorized_keys
ssh-keygen -yf thefuck.pem >> authorized_keys
|
