Convenient and safe work with ssh servers

    Since work requires a lot of work remotely with unix servers, I had to figure out how to do it comfortably and safely and over time I had a desire to share. This note does not pretend to be new information, but it seemed to me that there is no complete guide anywhere, something similar is only in English .
    The description was tested under Debian GNU / Linux with KDE, but should fit the bulk of unix systems / distributions / window managers and graphical environments.

    Terminal



    I use yakuake - it’s very convenient to quickly invoke the console by key (default is F12)

    Login



    An important principle of security systems is that they must be convenient, otherwise they will not be used, regarding ssh this means that for security you need to use key authorization with a passphrase, and for convenience you need to store the passphrase from the key in the computer’s memory until reboot (i.e. you need to enter it once at machine startup, and you won’t have to enter anything until the next reboot).
    Starting position:
    1. It is understood that the remote ssh server is already configured for authorization by key (this is usually the case)
    2. It is understood that the ssh-agent is started automatically (usually it is, you can check it with the command ps aux | grep 'ssh')
    3. The ssh-askpass package is installed (you can put the command sudo aptitude install ssh-askpass)

    Algorithm
    1. when generating the key
    ssh-keygen -b 4096 -t rsa
    , we must enter the passphrase, otherwise losing the key will mean giving all your
    access to the attacker

    2. Copy the key to the server
    ssh-copy-id -i ~/.ssh/id_rsa.pub server.tld
    if the users on the local machine and the remote server are different, you must also specify the user name - ssh-copy-id user@server.tld

    3. KDE users to add keys when login to the ~ / .kde / Autostart folder, add the add-keys.sh script with the following contents There is a description for GNOME users . You can also use keychain to store keys in memory . We end the session, enter and see the password phrase request window, enter it and try to go to the server or execute the command
    #!/bin/bash
    /usr/bin/ssh-add






    ssh user@server.tld

    ssh user@server.tld uname -a

    Unstable operation



    With normal Internet browsing or downloading files with the corresponding software, you may not notice any disconnections, however, when working with the remote server via ssh, you will lose the connection when the connection is disconnected, all running programs will be stopped, for example, the running script will break, unsaved changes in the text editor will disappear, etc. .P.
    To solve this problem, there is a screen program , it remains running even if the connection is disconnected and keeps all applications that run in it open / running.

    Algorithm
    1. run screen, it may not change anything in appearance, but it echo $TERMwill say that we are in the screen
    2. using keyboard commands
    Ctrl+A затем «c» – создать окно screen
    Ctrl+A затем «K» – закрыть окно screen
    Ctrl+A затем «p» – переключиться к предыдущему окну screen
    Ctrl+A затем «n» – переключиться к следующему окну screen
    Ctrl+A затем «"» – выводит меню со списком окон
    Ctrl+A затем «number» – переходит на окно с нужным номером, нумерация с 0

    we need to create the number of windows, run the necessary programs in them, it is logical to develop a unified system for assigning windows to all servers (for example, in window number 1 have a connection to the database, in window number 2 logs, etc.).
    3. For some reason, the connection breaks
    4. We go to the server, execute:
    screen -d -RR
    and we are again in the same screen with all the applications in the same state.

    In addition, we read about screen:
    man screen
    and many articles on the network, for example this one .

    File sharing



    There is a scp utility for copying files to / from / between machines , a simple utility everything should be clear from the example of copying from the current machine to a remote server
    scp backdoor.sh user@server.tld:/home/user/
    from a remote server to the current (in the current folder)
    scp user@server.tld:/etc/passwd .

    For those suffering on MS Windows ®

    there is PuTTY :
    • PuTTY (ssh client)
    • PSCP (SCP client)
    • Pageant (similar to ssh-agent)
    • PuTTYgen (key generator)

    An analogue of the GNU screen is visible here .

    I hope someone will be useful.

    Also popular now: