Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 1 year ago.
Improve this question
I have a Raspberry Pi behind an LTE-router to connect to the internet. The LTE router prevent the Pi to get assigned a static IP, so I created a service that builds a reverse ssh tunnel with auto-ssh to my private Server to be able to access my pi remotely. The problem is now, if someone gets the SD card of the Pi, he can read the private key from the file system and has access to my server.
Is there any way to protect my server from access through the ssh connection with this key while keep the abillity to build a reverse tunnel wihtout password?
The server is hosted by strato, which is managed by Plesk, so every domain has its own vhost file system in /var/www/vhost/domain.de. Would it be possible to isolate this space for the ssh access with exact this key on the Pi, so the Client can only see whats inside this folder? Or ist there any other solution for my problem?
Create a new (tunnel) key on the raspberry, only to build the reverse tunnel to your strato server.
On your strato server add the public key into .ssh/authorized_keys, but add in front
command=/bin/false ssh-rsa ....
To connect you have to add -N to ssh this will build a tunnel but doesn't try to open a shell.
Now it's unimportant if that key get lost, as it can only build a reverse tunnel, but can not open a shell.
You can even use that key for all raspi's to build individual reverse tunnels.
Obviously, you add on your raspi in .ssh/authorized_keys only your user key, not the tunnel key
Related
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 7 months ago.
Improve this question
I created a public SSH key on my local computer and added it to my github account.
Now I want to connect to my server (online) via terminal, in order to clone my git project to the server of my provider.
In an online tutorial to connect they suggest:
ssh root#< IP-ADDRESS OF THE SERVERS>
But in my server settings I can online find the following data:
SSH-Hostname,SSH-Username,SSH-Port,SSH Fingerprint
Is it possible to connect also with Hostname and Username? Because I cannot find the ip address of my provider.
Thank you
This isn't really on topic here (stackoverflow), but I'll put in a quick answer anyway: ssh makes a network connection to an ssh server, therefore ssh needs a network address for the server. This need not be an IP address, except for one other issue, which is that the ssh protocol is defined as a TCP protocol and TCP runs over IP (v4 or v6).
That said, almost all networking systems have a mechanism for translating a host name to a set of addresses (some of which may be IP addresses; others might be XNS or IPX or some such: see What is Address Family?). So you just need user#host, and something—OS and/or library dependent—will look up the proper IP address. You can leave off the user# part in some cases.
If (this is a pretty big "if") your system can't translate the host name to an IP address, or does it incorrectly, then you can resort to a raw IP address. This bypasses the translation step. If you don't trust your translation software, you can do this intentionally.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 1 year ago.
Improve this question
I'm working with Fedora33 and I have a problem with a ssh host connection (i'm just trying to remove it)
I have a pop up from Openssh that ask me for the host password
host.name password:
But i have not the password asked, i just want to remove that connection.
I tried to remove the host key like that
ssh-keygen -R 'ett.nacre-solutions.com'
but now i have an other pop up that i can't remove with this message :
The authenticity of host host.name can't be established.
ECDSA key fingerprint is SHA256:(random.caracters).
Are you sure you want to continue connecting (yes/no/[fingerprint])?
How can i really remove that automatic connection ? (The pop appears approximately every 5min)
Try this:
cat .ssh/known_hosts
Find the IP of 'ett.nacre-solutions.com' (if 'ett.nacre-solutions.com' was the last remote you connected to, the last IP in known_hosts belongs to it).
ssh-keygen -R <IP>
I suspect that you can't remove it because you're passing the web page instead of the IP.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 2 years ago.
Improve this question
I have a remote host ( a VPS ) that I connect to with SSH and it works fine. But sometimes I need to establish VPN connection on it.
By establishing the VPN connection, my ssh breaks and doesn't respond anymore and further tries to connect to it fails with the error:
ssh: connect to host 192.168.1.105 port 22: No route to host
How can I configure VPN or SSH in order to solve this conflict?
As I searched for this problem I saw configurations with iproutes and rules that resolved the problem.But I, myself, found an easy solution by changing the SSH config on client side of tht SSH connection.
There are some configurations on ssh that is reachable through this link.
After going through the link I found out you can create or change a config file ( ~/.ssh/conf )
nano ~/.ssh/conf
And changing it to:
Host *
ServerAliveInterval 300
ServerAliveCountMax 2
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 9 years ago.
Improve this question
I'm about to connect to a remote using SSH but I'm lost at doing this. I thought I get it but I'm not be been able to connect.
The client provided me the following information via email (I have no control of the remote site and I'm not the admin)
.pub file
SSH password
SSH username
Key type: DSA
Key Size: 1024
Hostname
I'm assume its port 22 (default for SSH). I remember some months ago I was able to connect with:
ssh -i /path_to_key_file username#remotehost.com
But this will work if its a private key file right? Do I have the right information to connect? What are the steps to connect successfully via a command line?
You either have public and private key or you login with username and password. Seeing that you received a public key file it's likely that you have to use key authentication to login. For that you'll need a private key of course.
But since your client also sent you a login and password you could try logging in without key authentication.
In short: your client is probably not completely comfortable with configuring shhd...
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
I've set up a Minecraft server on OpenShift, a free PaaS. OpenShift requires internal applications (like my server) to bind to a port in the range of 15000 to 35530 or port 8080. However, it also requires external client to access the server in one of these ports:
22,
25,
80,
109,
110,
143,
220,
443,
465,
587,
993,
or 995.
In other words, none of the internally exposed ports are exposed externally; however, there are two ways to communicate. One is SSH port tunneling, which I have setup on my computer already. The second one is through HTTP, which is automatically forwarded to 80 when it is sent through 8080 internally. The problem with SSH tunneling is that one needs to add a client's public key through OpenShift, and the client needs to setup their private key, which is too complicated for most of my friends.
I would like to make the connection process easier, so I thought of two possible ways of doing this. The first, which would be simpler to setup, would be to "unsecure" the SSH connections by not requiring a certain public or private key to connect. It's a game server, so security isn't an issue for me at all, but I think that this may not be possible, as SSH was built to be secure. The other way, which would be harder, would be to embed Minecraft packets into HTTP packets, which the OpenShift system automatically forwards. Perhaps this would be possible using an existing HHTP proxy system?
If anyone could help me solve this either of those two ways (or another way, if you can think of one), I would be very grateful!
Why not just create an ssh key pair specifically for this application and create a script that opens the tunnel using that specific key and then launches the program? You can also put restrictions on what any connection using that key is allowed to do (nothing).
#!/bin/sh
ssh -i ~/pathtoidfile -L 25565:localhost:yourport -f -N
# run minecraft to local server?
This is just off the cuff - probably not exactly correct. Also, assumes a unix (Mac or Linux) system. For windows, you'd have to install an ssh client (mingw?) and use cmd syntax.