One of your login scripts (.bashrc/.cshrc/etc.) is probably outputting data to the terminal (when it shouldn’t be). This is causing ssh to error when it is connecting and getting ready to copy as it starts receiving extra data it doesn’t expect. Remove output that is generated in the startup scripts. You can check if your … Read more
The primary difference is the concept of interactivity. It’s similar to running commands locally inside of a script, vs. typing them out yourself. It’s different in that a remote command must choose a default, and non-interactive is safest. (and usually most honest) STDIN If a PTY is allocated, applications can detect this and know that … Read more
This is probably an issue with D-Bus and systemd. If the dbus service is restarted for some reason, you will also need to restart systemd-logind. You can check if this is the issue by opening the ssh daemon log (on Ubuntu it should be /var/log/auth.log) and check if it has these lines: sshd[2721]: pam_systemd(sshd:session): Failed … Read more
You can use iptables to rate-limit new incoming connections to the SSH port. I’d have to see your entire iptables configuration in order to give you a turnkey solution, but you’re basically talking about adding rules like: iptables -A INPUT -p tcp –dport 22 -m recent –update –seconds 60 –hitcount 5 –name SSH –rsource -j … Read more
Just add a space after the key and put in the comment, e.g.: ssh-dss AAAAB3NzaC1kc3MAAACBAN+NX/rmUkRW7Xn7faglC/pxqbVIohbcVOt41VThMYORtMQr QSqMZugxew2s9iX4qRowHWLBRci6404nSydLiDe1q6/NmpK+oQ8zD1yXekl+fruBAYeno7f6dM7c 2swwwXY6knp4umXkLItxIUki6SXM0WfabJ8BwuNDyA8IrbFAAAAFQCynEN3MYXbs4AA7E/1I03jb B1rewAAAIAztzZUygrUI8XX6eE4zEHdTbv89AHYsAsf7fSAWnPxWc63dV0P5lCPNk58nze6+N+MD X7ZQADT6710fvbOmEFLciTwBGHHLxIV+1iTApJSsQp9T+pdkbFzBZ+mqQamZpSN1hC8fXe/Uty0D SbhnQ1qanwrOdKP1JV7DUgzehSfAAAAIEAwAyNYxUsGil46gZQea6sfhUnrBwyM6JnEbA6ogfGdS T2TDn1U5rfTV9UuNHzfoZ4CplVHclXyUPPhbKqcedpuRPJhHN/lp5MH7Q2tI/UxHvmePNHrXKk86 XYt7RzKHjWbHRxf84GIyTlKa8yfNfFlf9oNXdtBXcsJjHIvNsBk= ThisIsAComment The man page for sshd has a section on the authorized_keys format, where it states that the comment extends to the end of the line. While I haven’t tried it, you should … Read more
A trick I use sometimes is to use base64 to encode the commands, and pipe it to bash on the other site: MYCOMMAND=$(base64 -w0 script.sh) ssh user@remotehost “echo $MYCOMMAND | base64 -d | sudo bash” This will encode the script, with any commas, backslashes, quotes and variables inside a safe string, and send it to … Read more
If you’re logged in as root, you can easily wipe directories or do something that in retrospect is really dumb on the system with the flip of a finger, while as a user you normally have to put a few extra mental cycles into what you’re typing before doing something that is dangerous. Also any … Read more
I generally put something similar to the following at the beginning of every script (especially if it’ll run as a daemon): #!/bin/bash exec 3>&1 4>&2 trap ‘exec 2>&4 1>&3’ 0 1 2 3 exec 1>log.out 2>&1 # Everything below will go to the file ‘log.out’: Explanation: exec 3>&1 4>&2 Saves file descriptors so they can … Read more
You can use ssh-keygen for this. Despite its name it can do many more things than generating keys: dennis@lightning:~$ ssh-keygen -l -f .ssh/id_rsa.pub 2048 68:df:b2:22:d8:43:5d:36:75:c1:d8:59:c0:8c:22:e8 Dennis Kaarsemaker (RSA) dennis@lightning:~$ ssh-keygen -l -f foo.txt foo.txt is not a public key file.
You can use ssh -o StrictHostKeyChecking=no to turn off checking known_hosts momentarily. But I’d advise against this. You should really check why the host key has changed. Another option is to add a specific entry to your ~/.ssh/config for the host in question. This might be valid approach if you have a certain host which … Read more