Skip to content

Latest commit

 

History

History
140 lines (99 loc) · 3.15 KB

README.md

File metadata and controls

140 lines (99 loc) · 3.15 KB
Raw

SSH Cheatsheet

External Resources:

Proxy Jump

Method 1

Using your key for SSH to bastion and using your key to SSH to target host:

Host *
    Port 22
    User ubuntu
    StrictHostKeyChecking no
    UserKnownHostsFile /dev/null
    ServerAliveInterval 60
    ServerAliveCountMax 30

Host jump-host
    HostName bastion.domain.com
    IdentityFile ~/.ssh/bastion.pem

Host target-a
    HostName target-a.pvt.domain.com
    IdentityFile ~/.ssh/target_a.pem
    ProxyJump jump-host

Method 2

Using your key to SSH to bastion and using the remote key on B to SSH to the target host:

Host *
    Port 22
    User ubuntu
    StrictHostKeyChecking no
    UserKnownHostsFile /dev/null
    ServerAliveInterval 60
    ServerAliveCountMax 30

Host jump-host
    HostName bastion.domain.com
    IdentityFile ~/.ssh/bastion.pem
    
Host target-b
    HostName target-b.pvt.domain.com
    IdentityFile /home/ubuntu/.ssh/id_rsa
    ProxyCommand ssh -o 'ForwardAgent yes' jump-host 'ssh-add && nc %h %p'

Method 3

One liner:

ssh -i ~/.ssh/target.pem -o ProxyCommand="ssh -W %h:%p -i ~/.ssh/id_rsa -q ubuntu@bastion.domain" ubuntu@target.domain

SOCKS5 SSH Tunnel

To run a socks5 ssh tunnel in the foreground:

ssh -D 1337 -q -C -N jump-host

To run a forked socks5 ssh tunnel in the background:

ssh -D 1337 -q -C -N -f jump-host

Credit

SSH Tunnel

Setup a local tunnel accessible on port 8080 which will traverse via the tunnel to access port 9100 on target-a which is only accessible locally on the remote end.

First to setup our SSH Config (optional):

$ cat ~/.ssh/config
Host jump-host
    HostName jump-host.mydomain.com
    Port 22
    User ruan
    IdentityFile ~/.ssh/id_rsa
    
Host target-a
    Hostname 172.31.16.3
    User ec2-user
    IdentityFile ~/.ssh/id_rsa
    ProxyCommand ssh -o 'ForwardAgent yes' jump-host 'ssh-add && nc %h %p'

Method 1

This ssh session will log you into the remote server, so the session will remain active as long as you are logged in:

$ ssh -L 8080:localhost:9100 target-a

Method 2

Then we can do the same, but fork the ssh session to the background:

$ ssh -fN -L 8080:localhost:9100 target-a

To kill the session, you can get the pid by running: ps aux | grep '8080:localhost:9100', and then kill the pid with: kill $pid

Method 3

Then we can do the same, but run the ssh session in the forground:

$ ssh -fN -L 8080:localhost:9100 -CqN target-a

Now when you try to access port 8080 locally, you will see that we can reach port 80 on the remote target:

$ nc -vz localhost 8080
Connection to localhost port 8080 [tcp/*] succeeded!

Resources