Dans ce document, je vous explique quelques possibilités d'utilisation de SSH telles que l'environnement utilisateur, le tunneling, les différentes méthodes de transfert de fichiers.
10:01:23 root@sshtp:/etc/ssh#cat sshd_config #Package generated configuration file #See the sshd_config(5)manpage for details #What ports, IPs and protocols we listen for Port 22222 …
10:02:45 William@MBPWx:~# ssh-vp 22222 root@10.203.22.220 OpenSSH_6.2p2, OSSLShim 0.9.8r8 Dec 2011 debug1: Reading configuration data /etc/ssh_config debug1: /etc/ssh_config line20: Applying options for * debug1: /etc/ssh_config line53: Applying options for * debug1: Connecting to10.203.22.220 [10.203.22.220] port 22222. debug1: Connection established. …
10:04:45 William@MBPWx:~# ssh-vp 22222 root@10.203.22.220 root@10.203.22.220 … root@10.203.22.220's password: debug1: Authentications that can continue: public key,password Permission denied, please try again.
debug1: Next authentication method: password root@10.203.22.220's password: debug1: Authentications that can continue: public key,password Permission denied, please try again. root@10.203.22.220's password: Received disconnect from 10.203.22.220: 2: Too many authentication failures for root
10:38:38 root@sshtp:/etc/ssh# mkdir -p /data/ssh/share/test/
17:24:06 root@sshtp:~# apt-get install debootstrap 17:24:19 root@sshtp:~#debootstrap wheezy /data/ssh/share/test/ http://http.debian.net/debian/
17:31:10 William@MBPWx:~# ssh test@10.203.22.220 Password: Linux sshtp 3.2.0-4-amd64 #1SMP Debian 3.2.63-2+deb7u1 x86_64 The programs included with theDebian GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in/usr/share/doc/*/copyright. Debian GNU/Linux comes withABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. Last login: Mon Feb 917:29:08 2015 from 10.203.22.6 $ ls bin boot dev etc home lib lib64 media mnt opt proc root run sbin selinux srv sys tmp usr var $ pwd / $ uname -a Linux sshtp 3.2.0-4-amd64 #1SMP Debian 3.2.63-2+deb7u1 x86_64 GNU/Linux
Ssh vérifie que l'empreinte du serveur distant n'a pas changé entre deux connexions
11:03:00 root@lisa:~# ssh -vp22222 root@10.203.22.220 ... The authenticity of host'[10.203.22.220]:22222 ([10.203.22.220]:22222)' can't be established. ECDSA key fingerprint isb0:e0:76:9d:c8:15:91:88:99:02:e9:cf:0c:4e:fb:c2. Are you sure you want to continue connecting (yes/no)?
Les clés sont certainement la meilleure solution de connexion à ce jour. Cela fonctionne par paire (1 clé privée et 1 clé publique)
11:07:20 root@lisa:~#ssh-keygen Generating public/private rsakey pair. Enter file in which to savethe key (/root/.ssh/id_rsa): Enter passphrase (empty for nopassphrase): Enter same passphrase again: Your identification has beensaved in /root/.ssh/id_rsa. Your public key has been savedin /root/.ssh/id_rsa.pub. The key fingerprint is: df:42:d8:3e:e8:84:3f:dd:21:c6:e0:9e:49:cf:ac:fcroot@lisa The key's random art image is: +--[ RSA 2048]----+ | | | | | | | .o | | .Soo | | .o=+.. | | .ooO=o.. | | == =o. | | =+E | +-----------------+
11:15:09 root@lisa:~#ssh-copy-id -i .ssh/id_rsa.pub root@10.203.22.220 The authenticity of host'10.203.22.220 (10.203.22.220)' can't be established. ECDSA key fingerprint is b0:e0:76:9d:c8:15:91:88:99:02:e9:cf:0c:4e:fb:c2. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added'10.203.22.220' (ECDSA) to the list of known hosts. root@10.203.22.220's password: Now try logging into the machine, with "ssh 'root@10.203.22.220'", and check in: ~/.ssh/authorized_keys to make sure we haven't addedextra keys that you weren't expecting.
11:21:59 root@lisa:~# ssh-keygen -p -f .ssh/id_rsa Key has comment '.ssh/id_rsa' Enter new passphrase (emptyfor no passphrase): Enter same passphrase again: Your identification has beensaved with the new passphrase.
11:22:25 root@lisa:~# ssh -v root@10.203.22.220 root@10.203.22.220 ... debug1: key_parse_private_pem:PEM_read_PrivateKey failed debug1: read PEM private keydone: type Enter passphrase for key'/root/.ssh/id_rsa': debug1: read PEM private keydone: type RSA debug1: Authentication succeeded (publickey). Authenticated to 10.203.22.220([10.203.22.220]:22). debug1: channel 0: new[client-session] debug1: Requestingno-more-sessions@openssh.com debug1: Entering interactive session. debug1: Sending environment. debug1: Sending env LANGfr_FR.UTF-8 Last login: Mon Feb 911:20:32 2015 from 10.203.22.204
11:26:39 root@lisa:~# ssh root@10.203.22.220 hostname Enter passphrase for key'/root/.ssh/id_rsa': sshtp
12:37:47 root@lisa:~# ssh root@10.203.22.220 '(cat /etc/hosts | sed -s s/sshtop/sshtp/g >/tmp/testCMD); cat /tmp/testCMD' | grep sshtp Enter passphrase for key'/root/.ssh/id_rsa': 127.0.1.1 sshtp 12:46:14 root@lisa:~# ssh root@10.203.22.220 '(cat /etc/hosts | grep ssh > /tmp/testCMD);cat /tmp/testCMD' | ping ` awk '{print $1}'` Enter passphrase for key'/root/.ssh/id_rsa': PING 127.0.1.1 (127.0.1.1)56(84) bytes of data. 64 bytes from 127.0.1.1:icmp_req=1 ttl=64 time=0.045 ms 13:13:27 root@lisa root@lisa:~#DATE=`date +"%m-%d-%y"` ; ssh root@10.203.22.220 '(tar -zcvf bck_$DATE.tar.gz /data/ssh/ )' | scproot@10.203.22.220:/root/bck_$DATE.tar.gz ./
13:16:53 root@lisa:~# scp./testSCP root@10.203.22.220:/root Enter passphrase for key'/root/.ssh/id_rsa': testSCP 100% 2470 2.4KB/s 00:00
13:26:51 William@MBPWx:~# scp-3 root@10.203.22.204:/root/testSCP root@10.203.22.220 root@10.203.22.220:/root/
13:27:06 William@MBPWx:~# sshroot@10.203.22.204 '(scp ./testSCP root@10.203.22.220:/root/)'
13:31:49 root@lisa:~# sftp root@10.203.22.220 Connected to 10.203.22.220. sftp> ls bck_02-09-15.tar.gz fileTest fileTiti fileToto testSCP sftp> get fileTiti Fetching /root/fileTiti to fileTiti sftp> ^D 13:32:27 root@lisa:~# ll total 52 drwx------ 5 root root 4096févr. 9 13:32 . drwxr-xr-x 23 root root 4096nov. 18 15:19 .. drwx------ 2 root root 4096nov. 18 15:27 .aptitude -rw------- 1 root root 11106févr. 9 13:24 .bash_history -rw-r--r-- 1 root root 3114déc. 1 11:25 .bashrc drwx------ 3 root root 4096févr. 4 14:10 .config -rw-r--r-- 1 root root 0févr. 9 13:32 fileTiti -rw-r--r-- 1 root root 140nov. 19 2007 .profile drwxr-xr-x 2 root root 4096févr. 9 11:09 .ssh -rw-r--r-- 1 root root 2470févr. 9 13:16 testSCP -rw------- 1 root root 6170févr. 9 13:16 .viminfo
13:32:00 root@sshtp:~# mkdir /data/ssh/mount
13:33:27 root@lisa:~# mkdir /mnt/sshfs/ 13:35:04 root@lisa:~# apt-get install sshfs 13:35:36 root@lisa:~# sshfs root@10.203.22.220:/data/ssh/mount /mnt/sshfs/ 13:36:18 root@lisa:~# touch /mnt/sshfs/grosTest
13:36:49 root@sshtp:~# ll/data/ssh/mount total 8 drwxr-xr-x 2 root root 4096févr. 9 13:36 . drwxr-xr-x 4 root root 4096févr. 9 13:33 .. -rw-r--r-- 1 root root 0févr. 9 13:36 grosTest
13:42:14 root@lisa:~# apt-get install rsync
13:43:27 root@lisa:~# rsync -avz -e ssh /home/test/ root@10.203.22.220:/data/bck/test/ sending incremental file list ./ .bash_logout .bashrc .profile sent 2254 bytes received 72bytes 4652.00 bytes/sec total size is 4287 speedup is1.84
13:43:43 root@sshtp:~# ll /data/bck/test total 20 drwxr-xr-x 2 test test 4096nov. 18 15:41 . drwxr-xr-x 3 root root 4096févr. 9 13:41 .. -rw-r--r-- 1 test test 220nov. 18 15:41 .bash_logout -rw-r--r-- 1 test test 3392nov. 18 15:41 .bashrc -rw-r--r-- 1 test test 675nov. 18 15:41 .profile
13:57:13 root@sshtp:~# ssh -L 2080:10.203.22.204:80 root@10.203.22.204
14:15:50 William@MBPWx:~# ssh-nvNT -C -D 1080 root@10.203.22.204 … debug1: Authentication succeeded (public key). Authenticated to 10.203.22.204([10.203.22.204]:22). debug1: Local connections toLOCALHOST:1080 forwarded to remote address socks:0 debug1: Local forwarding listening on 127.0.0.1 port 1080. debug1: channel 0: new [portlistener] debug1: Local forwarding listening on ::1 port 1080. debug1: channel 1: new [portlistener] debug1: Requestingno-more-sessions@openssh.com debug1: Entering interactive session.
debug1: Connection to port1080 forwarding to socks port 0 requested. debug1: channel 2: new[dynamic-tcpip] debug1: Connection to port1080 forwarding to socks port 0 requested. debug1: channel 3: new[dynamic-tcpip] debug1: channel 2: free:direct-tcpip: listening port 1080 for 176.34.131.233 port 443,connect from ::1 port 56416, nchannels 4 debug1: Connection to port1080 forwarding to socks port 0 requested. debug1: channel 2: new[dynamic-tcpip] debug1: Connection to port1080 forwarding to socks port 0 requested. debug1: channel 4: new[dynamic-tcpip] debug1: Connection to port1080 forwarding to socks port 0 requested. debug1: channel 5: new[dynamic-tcpip] debug1: Connection to port1080 forwarding to socks port 0 requested. debug1: channel 6: new[dynamic-tcpip] debug1: Connection to port1080 forwarding to socks port 0 requested. debug1: channel 7: new[dynamic-tcpip]
14:48:23 root@lisa:~# ssh -w 0:0 root@10.203.22.220 Last login: Mon Feb 914:47:09 2015 from 10.203.22.204 14:48:24 root@sshtp:~# ip l 1: lo: <LOOPBACK,UP,LOWER_UP>mtu 16436 qdisc noqueue state UNKNOWN mode DEFAULT link/loopback00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0:<brOADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_faststate UP mode DEFAULT qlen 1000 link/etherae:44:27:2b:0e:c6 brd ff:ff:ff:ff:ff:ff 3: tun0:<POINTOPOINT,MULTICAST,NOARP> mtu 1500 qdisc noop state DOWNmode DEFAULT qlen 500 link/none 14:48:26 root@sshtp:~# ip lset up tun0 up 14:49:27 root@sshtp:~# ip a a192.168.22.220/24 dev tun0 14:49:48 root@sshtp:~# ip r a192.168.22.0/24 via 10.203.22.220 dev tun0 14:50:30 root@sshtp:~# ip lset up tun0 up 14:51:43 root@sshtp:~# ip a 1: lo: <LOOPBACK,UP,LOWER_UP>mtu 16436 qdisc noqueue state UNKNOWN link/loopback00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scopehost lo inet6 ::1/128 scope host valid_lft foreverpreferred_lft forever 2: eth0:<brOADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_faststate UP qlen 1000 link/etherae:44:27:2b:0e:c6 brd ff:ff:ff:ff:ff:ff inet 10.203.22.220/16 brd10.203.255.255 scope global eth0 inet6fe80::ac44:27ff:fe2b:ec6/64 scope link valid_lft foreverpreferred_lft forever 3: tun0:<POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdiscpfifo_fast state UNKNOWN qlen 500 link/none inet 192.168.22.220/24scope global tun0 14:52:16 root@sshtp:~# ip r default via 10.203.255.254 deveth0 10.203.0.0/16 dev eth0 protokernel scope link src 10.203.22.220 192.168.22.0/24 dev tun0 proto kernel scope link src 192.168.22.220
14:52:57 root@lisa:~# ip l setup dev tun0 14:53:18 root@lisa:~# ip a a 192.168.22.204 dev tun0 14:53:56 root@lisa:~# ip r a 192.168.22.0/24 via 192.168.22.204 dev tun0 14:54:29 root@lisa:~# ping 192.168.22.220 PING 192.168.22.220(192.168.22.220) 56(84) bytes of data. 64 bytes from 192.168.22.220:icmp_req=1 ttl=64 time=0.872 ms
14:37:02 William@MBPWx:~# ssh -X root@10.203.22.204 root@10.203.22.204 15:01:24 root@lisa:~# xeyes