ssh - Secure Shell Remote Access¶
Umfassende SSH-Befehle für sicheren Fernzugriff, Tunneling und Systemverwaltung auf allen Plattformen.
Basisanschluss
Einfache Verbindung¶
| Command | Description |
|---|---|
| INLINE_CODE_24 | Connect to remote host |
| INLINE_CODE_25 | Connect using IP address |
| INLINE_CODE_26 | Connect to custom port |
| INLINE_CODE_27 | Connect with current username |
Verbindungsoptionen¶
| Command | Description |
|---|---|
| INLINE_CODE_28 | Verbose output for debugging |
| INLINE_CODE_29 | More verbose output |
| INLINE_CODE_30 | Maximum verbosity |
| INLINE_CODE_31 | Quiet mode (suppress warnings) |
Authentication Methoden
Passwort Authentication¶
```bash
Standard password login¶
ssh user@hostname
Force password authentication¶
ssh -o PreferredAuthentications=password user@hostname
Disable password authentication¶
ssh -o PasswordAuthentication=no user@hostname ```_
Schlüsselbasierte Authentifizierung¶
```bash
Generate SSH key pair¶
ssh-keygen -t rsa -b 4096 -C "your_email@example.com" ssh-keygen -t ed25519 -C "your_email@example.com" # Modern, secure
Copy public key to remote server¶
ssh-copy-id user@hostname ssh-copy-id -i ~/.ssh/id_rsa.pub user@hostname
Manual key installation¶
cat ~/.ssh/id_rsa.pub|ssh user@hostname "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys" ```_
Schlüsselverwaltung¶
| Command | Description |
|---|---|
| INLINE_CODE_32 | Generate Ed25519 key (recommended) |
| INLINE_CODE_33 | Generate 4096-bit RSA key |
| INLINE_CODE_34 | Generate key with custom name |
| INLINE_CODE_35 | Add key to SSH agent |
| INLINE_CODE_36 | List loaded keys |
| INLINE_CODE_37 | Remove all keys from agent |
Konfiguration
SSH Client Config (~/.ssh/config)¶
```bash
Global defaults¶
Host * ServerAliveInterval 60 ServerAliveCountMax 3 TCPKeepAlive yes
Specific host configuration¶
Host myserver HostName server.example.com User myusername Port 2222 IdentityFile ~/.ssh/myserver_key ForwardAgent yes
Jump host configuration¶
Host target HostName 192.168.1.100 User admin ProxyJump jumphost
Host jumphost HostName jump.example.com User jumpuser ```_
Common Configuration Optionen¶
| Option | Description | Example |
|---|---|---|
| INLINE_CODE_38 | Real hostname or IP | INLINE_CODE_39 |
| INLINE_CODE_40 | Username for connection | INLINE_CODE_41 |
| INLINE_CODE_42 | SSH port number | INLINE_CODE_43 |
| INLINE_CODE_44 | Private key file | INLINE_CODE_45 |
| INLINE_CODE_46 | Enable agent forwarding | INLINE_CODE_47 |
| INLINE_CODE_48 | Enable compression | INLINE_CODE_49 |
Port Forwarding und Tunneling
Local Port Forwarding¶
```bash
Forward local port to remote service¶
ssh -L 8080:localhost:80 user@hostname
Forward to different remote host¶
ssh -L 3306:database.internal:3306 user@gateway
Multiple port forwards¶
ssh -L 8080:localhost:80 -L 3306:localhost:3306 user@hostname ```_
Remote Port Forwarding¶
```bash
Forward remote port to local service¶
ssh -R 8080:localhost:3000 user@hostname
Allow remote connections to forwarded port¶
ssh -R 0.0.0.0:8080:localhost:3000 user@hostname ```_
Dynamic Port Forwarding (SOCKS Proxy)¶
```bash
Create SOCKS proxy on local port 1080¶
ssh -D 1080 user@hostname
Use with applications¶
Configure browser to use SOCKS proxy: localhost:1080¶
```_
X11 Forwarding¶
```bash
Enable X11 forwarding for GUI applications¶
ssh -X user@hostname
Trusted X11 forwarding¶
ssh -Y user@hostname
Run GUI application¶
ssh -X user@hostname firefox ```_
Integration von Dateitransfers
SCP Integration¶
```bash
Copy file to remote host¶
scp file.txt user@hostname:/path/to/destination/
Copy from remote host¶
scp user@hostname:/path/to/file.txt ./
Recursive copy¶
scp -r directory/ user@hostname:/path/to/destination/ ```_
SFTP Integration¶
```bash
Start SFTP session¶
sftp user@hostname
SFTP with custom port¶
sftp -P 2222 user@hostname ```_
Erweiterte Eigenschaften
Jump Hosts und Bastion Server¶
```bash
Connect through jump host¶
ssh -J jumphost user@target
Multiple jump hosts¶
ssh -J jump1,jump2 user@target
Using ProxyCommand¶
ssh -o ProxyCommand="ssh -W %h:%p jumphost" user@target ```_
SSH Agent und Key Management¶
```bash
Start SSH agent¶
eval $(ssh-agent)
Add key to agent¶
ssh-add ~/.ssh/id_rsa
Add key with timeout (1 hour)¶
ssh-add -t 3600 ~/.ssh/id_rsa
List agent keys¶
ssh-add -l
Remove specific key¶
ssh-add -d ~/.ssh/id_rsa
Remove all keys¶
ssh-add -D ```_
Verbindung Multiplexing¶
```bash
Enable connection sharing in ~/.ssh/config¶
Host * ControlMaster auto ControlPath ~/.ssh/sockets/%r@%h-%p ControlPersist 600
Create socket directory¶
mkdir -p ~/.ssh/sockets ```_
Sicherheit und Härten
Sichere Verbindungsoptionen¶
```bash
Disable password authentication¶
ssh -o PasswordAuthentication=no user@hostname
Use specific key only¶
ssh -o IdentitiesOnly=yes -i ~/.ssh/specific_key user@hostname
Disable host key checking (development only)¶
ssh -o StrictHostKeyChecking=no user@hostname
Use specific cipher¶
ssh -c aes256-ctr user@hostname ```_
Host Key Verifikation¶
```bash
Check host key fingerprint¶
ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub
Remove host key from known_hosts¶
ssh-keygen -R hostname
Add host key manually¶
ssh-keyscan hostname >> ~/.ssh/known_hosts ```_
Zertifikatbasierte Authentifizierung¶
```bash
Generate user certificate¶
ssh-keygen -s ca_key -I user_id -n username user_key.pub
Use certificate for authentication¶
ssh -o CertificateFile=user_key-cert.pub user@hostname ```_
Fehlerbehebung
Verbindungsprobleme¶
```bash
Debug connection problems¶
ssh -vvv user@hostname
Test specific authentication method¶
ssh -o PreferredAuthentications=publickey user@hostname
Check SSH service status¶
systemctl status ssh # Linux service ssh status # Linux (older) ```_
Häufige Probleme und Lösungen_¶
| Problem | Symptoms | Solution |
|---|---|---|
| Permission denied | Authentication fails | Check key permissions (600 for private key) |
| Connection timeout | No response | Check firewall, network connectivity |
| Host key verification failed | Key mismatch warning | Update known_hosts or verify host identity |
| Agent forwarding not working | Keys not available on remote | Enable ForwardAgent in config |
Schlüsselfragen¶
```bash
Fix SSH key permissions¶
chmod 700 ~/.ssh chmod 600 ~/.ssh/id_rsa chmod 644 ~/.ssh/id_rsa.pub chmod 644 ~/.ssh/authorized_keys chmod 644 ~/.ssh/known_hosts chmod 600 ~/.ssh/config ```_
Automatisierung und Schrift
Nicht interaktive SSH¶
```bash
Run single command¶
ssh user@hostname "ls -la /var/log"
Run multiple commands¶
ssh user@hostname "cd /var/log && tail -f syslog"
Execute local script on remote host¶
ssh user@hostname 'bash -s' < local_script.sh
Execute with sudo¶
ssh user@hostname "sudo systemctl restart nginx" ```_
Batch Operationen¶
```bash
!/bin/bash¶
Deploy to multiple servers¶
servers=("web1.example.com" "web2.example.com" "web3.example.com")
for server in "\(\\\\{servers[@]\\\\}"; do echo "Deploying to \(server" ssh user@\)server "cd /var/www && git pull origin main" ssh user@\)server "sudo systemctl restart nginx" done ```_
SSH with Expect (Password Automation)¶
```bash
!/usr/bin/expect¶
spawn ssh user@hostname expect "password:" send "your_password\r" interact ```_
 Leistungsoptimierung
Kompression und Geschwindigkeit¶
```bash
Enable compression¶
ssh -C user@hostname
Disable compression for fast networks¶
ssh -o Compression=no user@hostname
Use faster cipher for trusted networks¶
ssh -c arcfour user@hostname ```_
Verbindung Persistence¶
```bash
Keep connection alive¶
ssh -o ServerAliveInterval=60 user@hostname
Persistent connection in background¶
ssh -f -N -L 8080:localhost:80 user@hostname ```_
plattformspezifische Überlegungen
Windows (OpenSSH)¶
```powershell
Windows OpenSSH client¶
ssh user@hostname
Windows SSH config location¶
%USERPROFILE%.ssh\config
Start SSH agent on Windows¶
Start-Service ssh-agent ssh-add ~/.ssh/id_rsa ```_
macOS Keychain Integration ```bash
Add key to macOS keychain¶
ssh-add --apple-use-keychain ~/.ssh/id_rsa
Configure automatic keychain loading¶
Host * AddKeysToAgent yes UseKeychain yes ```_
oder Best Practices
Sicherheit¶
ANHANG Benutze Key Authentication*: Kennwort-Authentifizierung deaktivieren 2. **Strong Keys*: Verwenden Sie Ed25519 oder 4096-bit RSA Schlüssel 3. **Key Rotation: Regelmäßig drehen SSH-Tasten 4. Principle of Least Privilege*: Benutzerzugriff beschränken 5. **Monitor Access: SSH-Verbindungen protokollieren und überwachen
Konfigurationsmanagement¶
ANHANG Centralized Config*: Verwenden Sie ~/.ssh/config für gemeinsame Einstellungen 2. **Host Aliases*: Erstellen sinnvoller Host-Aliases 3. **Könnungsmultiplikation: Reuse-Verbindungen für Effizienz 4. ** Agent Forwarding*: Verwenden Sie vorsichtig, nur wenn nötig 5. Dokumentation: Dokument benutzerdefinierte Konfigurationen
Operational¶
ANHANG Backup Keys*: Sichere Sicherung privater Schlüssel 2. **Test Connections*: Regelmäßig testen Sie SSH-Zugang 3. **Update Software: SSH-Client/Server aktualisieren 4. Monitor Logs*: Uhr für verdächtige Aktivität 5. **Emergency Access: Alternativen Zugang erhalten