- “Top 20 OpenSSH Server Best Security Practices” at UnixCraft – http://www.cyberciti.biz/tips/linux-unix-bsd-openssh-server-best-practices.html
- “How do I permit specific users SSH access?” (SoftLayer) – http://knowledgelayer.softlayer.com/questions/295/How+do+I+permit+specific+users+SSH+access%3F
- “Six things I wish Mom told me (about ssh)” – http://blog.ksplice.com/2010/08/six-things-i-wish-mom-told-me-about-ssh/
- “ProxyCommand – SSH Key on Proxing Machine” (comp.security.ssh; 2009) – http://groups.google.com/group/comp.security.ssh/browse_thread/thread/1e5ae560420b9d12
- “Quick HOWTO: Ch17 : Secure Remote Logins and File Copying” (LHN) – http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch17_:_Secure_Remote_Logins_and_File_Copying
- “Securing your ssh server” (Racker Hacker blog) – http://rackerhacker.com/2010/10/12/securing-your-ssh-server/
- “How to connect to a non standard SSH port in the Mac terminal” – http://chimac.net/2011/01/08/how-to-connect-to-a-non-standard-ssh-port-in-the-mac-terminal/
- ssh -p 12345 remoteUsername@address.of.remote.system
- “Best Practices to secure a OPENSSH/SSH Server” – http://teknoteknik.wordpress.com/2010/07/06/best-practices-to-secure-a-opensshssh-server/
- “Quick and dirty manual compile of OpenSSH on CentOS 5” (#!/bin/blog; 2008.04.06) – http://binblog.info/2008/04/06/quick-and-dirty-manual-compile-of-openssh-on-centos-5/
- “Using the SSH agent from daemon processes” (#!/bin/blog; 2008.12.31) – http://binblog.info/2008/12/31/using-the-ssh-agent-from-daemon-processes/
- “OpenSSH: Going flexible with forced commands” (#!/bin/blog; 2008.10.20) – http://binblog.info/2008/10/20/openssh-going-flexible-with-forced-commands/
- Secure Copy (SCP) (WikiPedia) – http://en.wikipedia.org/wiki/Secure_copy
- SSH tricks at SuperUser – http://superuser.com/questions/tagged/telnet+ssh
- related:
- Telnet tricks at SuperUser: Telnet tricks – http://superuser.com/questions/tagged/telnet | PuTTY tricks – http://superuser.com/questions/tagged/putty | Tunnels – http://superuser.com/questions/tagged/putty+tunnel
SSHFS (SSH FileSystem)
- “SSH Filesystem” – http://fuse.sourceforge.net/sshfs.html
- http://en.wikipedia.org/wiki/SSHFS
- https://help.ubuntu.com/community/SSHFS
- SHSFS FAQ – http://sourceforge.net/apps/mediawiki/fuse/index.php?title=SshfsFaq
Related:
- FISH (Files transferred over shell) protocol (WikiPedia) – http://en.wikipedia.org/wiki/Files_transferred_over_shell_protocol
- FTPFS – http://en.wikipedia.org/wiki/FTPFS
- WebDrive – http://en.wikipedia.org/wiki/WebDrive | http://www.webdrive.com/products/webdrive/
- FTPDrive – http://en.wikipedia.org/wiki/FTPDrive | http://www.killprog.com/fdrve.html
Authentication via public keys
- ‘OpenSSH key management” by Daniel Robbins (IBM):
- OpenSSH key management, Part 1 (2001.07.01) – http://www.ibm.com/developerworks/library/l-keyc.html
- OpenSSH key management, Part 2 (2001.09.01) – http://www.ibm.com/developerworks/library/l-keyc2/
- OpenSSH key management, Part 3 (2002.02.01) – http://www.ibm.com/developerworks/library/l-keyc3/
- “SSH with authentication key instead of password” – http://www.debian-administration.org/articles/530
- “Public key authentication with ssh” – http://www.linuxquestions.org/linux/answers/Networking/Public_key_authentication_with_ssh
- OpenSSH Public Key Authentication – http://web.archive.org/web/20070418231823/http://sial.org/howto/openssh/publickey-auth/
- “SSH Public Key (/w RSA) Authentication and SSH Tunneling – Part 1” (ipsure; 2010.02.03) – http://www.ipsure.com/blog/2010/ssh-public-key-w-rsa-authentication-and-ssh-tunneling-part-1/
SFTP
- “Chrooted SFTP with Public Key Authentication” (IPSURE; 2010.12.10) – http://www.ipsure.com/blog/2010/chrooted-sftp-with-public-key-authentication/
- How to mount SFTP accesses – http://wiki.gilug.org/index.php/How_to_mount_SFTP_accesses
- “OpenSSH chrooted SFTP (e.g. for Webhosting)” (#!/bin/blog; 2008.04.06) – http://binblog.info/2008/04/06/openssh-chrooted-sftp-eg-for-webhosting/
FTPS vs SFTP
- “FTPS vs. SFTP: What to Choose” by Eugene Mayevski (CodeGuru; 2007.10.11) – http://www.codeguru.com/csharp/.net/net_general/internet/article.php/c14329
- “FTPS vs. SFTP, once and for all” (#!/bin/blog; 2010.10.12) – http://binblog.info/2010/10/12/ftps-vs-sftp-once-and-for-all/
- FTPS (WikiPedia) – http://en.wikipedia.org/wiki/FTPS
- SSH File Transfer Protocol (Wikipedia) – http://en.wikipedia.org/wiki/SSH_file_transfer_protocol
- “Setup groups and users in FileZilla Server and connect with ftpes” (Banbika’s Blog; 2010.08.28) – http://banbika.wordpress.com/2010/08/28/setup-groups-and-users-in-filezilla-server-and-connect-with-ftpes/
- “Install and Configure FTP Secure (FTPS) or FTP-SSL using FileZilla” (Banbika’s Blog; 2010.08.24) – http://banbika.wordpress.com/2010/08/24/install-and-configure-ftp-secure-ftps-or-ftp-ssl-using-filezilla/
Using SCP
- Example syntax for Secure Copy (scp) – http://www.hypexr.org/linux_scp_help.php
- Copy the file “foobar.txt” from a remote host to the local host: $ scp your_username@remotehost.edu:foobar.txt /some/local/directory
- Copy the file “foobar.txt” from the local host to a remote host: $ scp foobar.txt your_username@remotehost.edu:/some/remote/directory
- Copy the directory “foo” from the local host to a remote host’s directory “bar”: $ scp -r foo your_username@remotehost.edu:/some/remote/directory/bar
- Copy the file “foobar.txt” from remote host “rh1.edu” to remote host “rh2.edu”: $ scp your_username@rh1.edu:/some/remote/directory/foobar.txt \
your_username@rh2.edu:/some/remote/directory/ - Copying the files “foo.txt” and “bar.txt” from the local host to your home directory on the remote host: $ scp foo.txt bar.txt your_username@remotehost.edu:~
- Copy multiple files from the remote host to your current directory on the local host: $ scp your_username@remotehost.edu:/some/remote/directory/\{a,b,c\}. Also:: $ scp your_username@remotehost.edu:~/\{foo.txt,bar.txt\} .
Use of Expect with SSH suite applications
Password-less SFTP
Establish the SFTP connection to the system AAAA where the user account BBBB has password CCCC, and go to the directory DDDD, all without being prompted to enter the password:
| sftpToAAAA.expect |
#!/bin/expect
# sftpToAAAA.expect
spawn sftp BBBB@AAAA
expect "password" {
sleep 1
send "CCCC\n"
}
send "cd DDDD\n"
interact
|
All normal warning on the danger of hard-wiring the password into scripts are in place here.
Password-less SCP
Use the SCP to upload connect system AAAA with user account BBBB (that has password CCCC), and upload the file EEEE to the directory DDDD, all without being prompted to enter the password:
| UploadEEEEtoAAAA.expect |
#!/bin/expect
spawn scp EEEE BBBB@AAAA:DDDD/EEEE
expect "password" {
send "CCCC\n"
}
|
More
- Expect and SSH – http://rootprompt.org/article.php3?article=9187
- expect and ssh – http://www.unix.com/unix-advanced-expert-users/50467-expect-ssh.html
- Expect and SSH in Cygwin – http://forums.devshed.com/unix-help-35/expect-and-ssh-in-cygwin-176556.html
Eikonal Blog 
[…] SSH, OpenSSH – https://eikonal.wordpress.com/2010/12/16/ssh-openssh/ […]
LikeLike
Pingback by Unix hardening « Eikonal Blog — 2010.12.16 @ 15:58
[…] SSH, OpenSSH – https://eikonal.wordpress.com/2010/12/16/ssh-openssh/ […]
LikeLike
Pingback by Unix pages (at this blog) « Eikonal Blog — 2011.04.04 @ 15:45
A domain name has changed for Lapipaplena. Please update your link for:
http://wiki.gilug.org/index.php/How_to_mount_SFTP_accesses
LikeLike
Comment by l — 2012.10.30 @ 03:02
Thank you! Link is corrected now.
LikeLike
Comment by sandokan65 — 2012.10.30 @ 14:22