Keepalive ssh sessions for longer durations

 

In general most of the ISP providers will terminate idle sessions as early as possible(maybe in a couple of minutes).

This will be an irritating thing if you work on a remote server with ssh. I had a similar issue with my ISP(Act Fibernet). To fix this issue I have experimented in multiple ways and I am sharing the easiest way to that works.

Add following lines in your /etc/ssh/sshd_config file:

ClientAliveInterval 60
ClientAliveCountMax 5

where ClientAliveInterval 60 seconds will send a null request from your node(client) to server every 60 seconds. ClientAliveCountMax 5 is to give up if it doesn’t receive any response after 5 retries.

After adding the above configurations restart ssh with the following command:

sudo service ssh restart

You can try with different values for ClientAliveInterval based on your ISP. In general most of the ISP’s will persist idle sessions for a couple of minutes. In my case Act Fibernet sessions are not responding after 2 minutes(approximately), so I used 60 seconds.

 

ssh disable warning messages – Linux/Ubuntu

To disable ssh warning message we need to add LogLevel to quiet in $HOME/.ssh/config file.

LogLevel=quiet

We can also diable warning messages with ssh command as shown below:

$ ssh -o LogLevel=quiet 192.168.1.10

With following example we can also disable Host Key Checking, set known hosts file to null and disable logging:

$ ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o LogLevel=quiet 192.168.1.20

ssh remove offending key – Linux/Ubuntu

 

ssh-keygen command is used to remove offending key entries from .ssh/known_hosts

Syntax to remove offending key of a host:

$ ssh-keygen -R hostName/IP_Address

Example 1:

$ ssh-keygen -R test.example.com

Above example will remove ssh key associated with hostname test.example.com

Example 2:

$ ssh-keygen -R 192.168.1.10

This example will remove ssh key associated with IP Address 192.168.1.10

SCP download multiple files

 

In general we will download one file at a time from remote file using scp.

We can also download multiple files/directories at once using scp command.

Here is the example to download multiple files/directories at once with scp:

$ scp -r user@ip-address:"/path/to/file /path/to/directory" /destination/path/

Above command will download both file and directory to destination path.

-Sany

Enable/Disable ssh access to root

Its always better to disable ssh access to root user which will protect the server from any attacks. Its kind of additional security layer on top of firewall.

There are 2 ways to disable SSH access to root.

With DenyUsers:

In /etc/ssh/sshd_config file search for line DenyUsers, if it exists edit it as follows else add following line:

DenyUsers root

If you want to disable ssh login for multiple users on the server add as following:

DenyUsers root user1 user2 user3

After updating sshd_config add restart sshd service with following command:

$ service sshd restart

Now try to ssh to root, it should not allow login even though you entered right password.

With PermitRootLogin:

PermitRootLogin will support 2 options “yes” and “no”.

Option yes will allow ssh to root and option no wont allow ssh to root.

To allow ssh to root add following line in /etc/ssh/sshd_config file and restart sshd service:

PermitRootLogin yes

To disable ssh to root add following line in /etc/ssh/sshd_config file and restart sshd service:

PermitRootLogin no

-Sany

Enable multiple ssh ports Linux

 

By default only one port (port number 22) will be enabled as ssh/scp port in Linux

To enable multiple ssh ports we need to tweak /etc/ssh/sshd_config file.

Open /etc/ssh/sshd_config with any editor and search for line Port 22. Below this line add a new port which you want to use.

Example: I would like to use 12345 as another ssh port, add it as shown below.

Port 22

Port 12345

Save and exit from /etc/ssh/sshd_config file.

Restart sshd service with following command:

$ service sshd restart

After restarting sshd service test try to login/ssh with new port 12345, it should work.

You can also check list of ports opened for ssh using following command where you can see port 22 and 12345 in output:

$ netstat -anp | grep ssh

Output:

tcp 0 0 :::22 :::* LISTEN 3075/sshd
tcp 0 0 :::12345 :::* LISTEN 3075/sshd

-Sany

Linux write/append to remote file using ssh

To append content of a file in a remote server’s file use following command:

$ cat input.txt| ssh hostname 'cat >> output.txt'

To append some text in remote servers file use following command:

$ echo "Your text here" | ssh hostname 'cat >> output.txt'

Where input.txt is input file, hostname is remote Linux machine hostname or ip address, and output.txt is output file in remote machine.

-Sany

Linux SSH without password

 

Whenever we login into remote server with ssh, it requires password authentication.

Let’s try to ssh check that you can ssh to the local host.

$ ssh localhost

By default it should ask for password.

To login without password we need to generate ssh keys, to generate use following command:

$ ssh-keygen -t dsa -P '' -f ~/.ssh/id_dsa

Above command will create 2 files id_dsa, and id_dsa.pub in .ssh directory which is located in home directory.

Now copy id_dsa.pub to authorized_keys.

$ cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys

Then try to ssh to your local host, it shouldn’t ask for password.

Similarly to login into a remote server copy id_dsa.pub content into remote server ~/.ssh/authorized_key file. Use following command to copy.

$ cat id_dsa.pub | ssh user@serverName/IP 'cat >> .ssh/authorized_keys'

Some recent version’s of ssh requires following permissions and authorized_keys2:

• Put the public key in .ssh/authorized_keys2 

  • $ cp .ssh/authorized_keys .ssh/authorized_keys2

• Change permission of .ssh directory to 700

  • $ chmod 700 .ssh

• Change permission of .ssh/authorized_keys2 to 640

  • $ chmod 640 .ssh/authorized_keys2

-Sany