openssh

How can I write a program (script) to remove obsolete host keys from ~/.ssh/known_hosts?

匆匆过客 提交于 2019-12-11 16:51:52
问题 I use a cluster of about 30 machines that have all recently been reconfigured with new OpenSSH host keys. When I try to log into one, I get this error message (many lines removed for brevity): @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ The fingerprint for the RSA key sent by the remote host is 52:bb:71:83:7e:d0:e2:66:92:0e:10:78:cf:a6:41:49. Add correct host key in /home/nr/.ssh/known_hosts to get rid of this message. Offending key in /home/nr/.ssh/known_hosts:50 I can go remove the

What causes `read()` in `c` does not read content that being input by other processes from the current `tty`?

淺唱寂寞╮ 提交于 2019-12-11 15:17:54
问题 I imitated the check-password module from openssh source code and it uses read() to get the content from the current tty's file descriptor, here is the code: #include <unistd.h> #include <stdio.h> #include <sys/types.h> #include <sys/stat.h> #include <fcntl.h> int main () { int ttyfd=open("/dev/tty", O_RDWR); if(ttyfd>=0) printf("good to open\n"); char * a; while(read (ttyfd,a,1)){ printf("%s", a); } return 0; } It runs in a terminal like this: root@localhost:~/Desktop# tty /dev/pts/0 root

retrieve SSH unique session ID

半城伤御伤魂 提交于 2019-12-11 12:36:44
问题 I wonder if there is any way to retrieve, for both a server and a client connected through ssh (OpenSSH), some unique session identifier (let this be USID ). This would be used to restrict the execution of a specific (custom) software (let it be a.exe ), so it can only be executed through a specific ssh session , even if other users (potentially root) have access to that executable: after a ssh session is opened from machine C (client) to machine S (server), machine C (which knows the USID )

Which Java Telnet or openSSH library?

*爱你&永不变心* 提交于 2019-12-11 11:53:29
问题 I need to make a small test program in java which has to communicate with remote Windows server using telnet, or openSSH. Which library would you suggest to use? I'd like to use a well documented and stable library. 回答1: I would use JSch (and do). It's not too large to learn quickly. It's used in: Ant(1.6 or later). JSch has been used for Ant's sshexec and scp tasks. Eclipse(3.0). Our Eclipse-CVSSSH2 plug-in has been included in Eclipse SDK 3.0. This plug-in will allow you to get ssh2

Distinguish between user logout and session expired logout (SSH and web console)

馋奶兔 提交于 2019-12-11 05:25:20
问题 we are searching for a solution to log an event (for example into the syslog) when a user logs out of the system. This could be logging out from a shell (bash) or logging out using ssh. We want to distinguish between explicit user logouts via "exit" and users sessions which just expire (timeout). Is that possible? How-to? Which directions to look for a solution? The system is RHEL7/CentOS7 and runs using VMWare (web console logout should also be logged). 回答1: You might need too different

Use SSHTool to convert Putty Private Key to OpenSSH private key

浪子不回头ぞ 提交于 2019-12-11 01:06:07
问题 In my java project I create a SSH tunnel with a server. The tunnel is authenticated currently using a putty private key and plink. Does anybody know how to use the java SSHTool library to either convert a putty key to a openssh key or use SSHTool library to create a ssh tunnel using a putty key? Thank you. 回答1: Jsch only accepts opensh keys, not the format that putty creates the keys in. You would have to convert them. Use puttygen.exe to convert to openssh, then use the openssh keyfile in

Git : The remote end hung up unexpectedly

谁说胖子不能爱 提交于 2019-12-10 19:07:19
问题 I have read through the various posts for this problem and I can verify that using a -t when performing a remote ssh command does indeed force tty allocation and allow for command completion. However, the problem I am having is that twelve hours prior to this point I had trouble free access to this server. Now, with no known changes, I can no longer connect. I can login to this server all day long without a problem. However, when I try to execute a remote command, say ssh servername 'ls /var

Linux下的openssh详解

一世执手 提交于 2019-12-10 17:50:25
前言 SSH(Secure Shell) 是一个提供数据通信安全、远程登录、远程指令执行等功能的安全网络协议,由芬兰赫尔辛基大学研究员 Tatu Ylönen ,于1995年提出,其目的是用于替代非安全的Telnet、rsh、rexec等远程Shell协议。之后SSH发展了两个大版本SSH-1和SSH-2。 通过使用SSH,你可以把所有传输的数据进行加密,这样"中间人"这种攻击方式就不可能实现了,而且也能够防止 DNS欺骗 和 IP欺骗 。使用SSH,还有一个额外的好处就是传输的数据是经过压缩的,所以可以加快传输的速度。SSH有很多功能,它既可以代替Telnet,又可以为FTP、Pop、甚至为PPP提供一个安全的"通道"。 SSH的基本框架 SSH协议框架中最主要的部分是三个协议: 传输层协议(The Transport Layer Protocol) :传输层协议提供服务器认证,数据机密性,信息完整性等的支持。 用户认证协议(The User Authentication Protocol) :用户认证协议为服务器提供客户端的身份鉴别。 连接协议(The Connection Protocol) :连接协议将加密的信息隧道复用成若干个逻辑通道,提供给更高层的应用协议使用。 SSH-AUTH是SSH里面用于验证客户端身份的协议。我们在用ssh命令输入密码的那一步实际上就是在这个阶段

Linux 常用工具openssh之ssh-add

£可爱£侵袭症+ 提交于 2019-12-10 17:10:55
前言 ssh-add命令 是把专用密钥添加到 ssh-agent的高速缓存中,从而提高ssh的认证速度 语法 ssh-add [-cDdLlXx] [-t life] [file ...] 选项 -D:删除ssh-agent中的所有密钥. -d:从ssh-agent中的删除密钥 -e pkcs11:删除PKCS#11共享库pkcs1提供的钥匙。 -s pkcs11:添加PKCS#11共享库pkcs1提供的钥匙。 -L:显示ssh-agent中的公钥 -l:显示ssh-agent中的密钥 -t life:对加载的密钥设置超时时间,超时ssh-agent将自动卸载密钥 -X:对ssh-agent进行解锁 -x:对ssh-agent进行加锁 实例 把专用密钥添加到 ssh-agent 的高速缓存中 ssh-add ~/.ssh/id_dsa 从ssh-agent中删除密钥: ssh-add -d ~/.ssh/id_xxx.pub 查看ssh-agent中的密钥: ssh-add -l 开启ssh-agent # 默认操作系统是不开启ssh-agent的,需要手动打开 eval `ssh-agent -s` 来源: https://www.cnblogs.com/guge-94/p/12017578.html

Linux 常用工具openssh之ssh

丶灬走出姿态 提交于 2019-12-10 16:06:57
前言 ssh是openssh套件中的客户端连接工具,可以给予ssh加密协议实现安全的远程登录服务器 语法 ssh (选项) (参数) 选项 -1:强制使用ssh协议版本1; -2:强制使用ssh协议版本2; -4:强制使用IPv4地址; -6:强制使用IPv6地址; -A:开启认证代理连接转发功能; -a:关闭认证代理连接转发功能; -b:使用本机指定地址作为对应连接的源ip地址; -C:请求压缩所有数据; -F:指定ssh指令的配置文件; -f:后台执行ssh指令; -g:允许远程主机连接主机的转发端口; -i:指定身份文件; -l:指定连接远程服务器登录用户名; -N:不执行远程指令; -o:指定配置选项; -p:指定远程服务器上的端口; -q:静默模式; -X:开启X11转发功能; -x:关闭X11转发功能; -y:开启信任X11转发功能。 参数 远程主机:指定要连接的远程ssh服务器; 指令:要在远程ssh服务器上执行的指令。 实例 使用ssh连接远程主机 最简单的用法只需要指定用户名和主机名参数即可,主机名可以是 IP 地址或者域名。 $ ssh user@hostname ssh连接到其他端口 SSH 默认连接到目标主机的 22 端口上,可以使用-p选项指定端口号 $ ssh -p 10022 user@hostname 使用ssh在远程主机执行一条命令并显示到本地,
订阅 openssh