beginner
cli-tool
cross-platform
networking
remote-access
Ssh
_# ssh - Acceso remoto a cascos seguros
__HTML_TAG_51_ Todos los comandos
Generar PDF
Comandos SSH completos para el acceso remoto seguro, el túnel y la administración del sistema en todas las plataformas.
Basic Connection
Conexión simple
Command
Description
INLINE_CODE_24 Connect to remote host
INLINE_CODE_25 Connect using IP address
INLINE_CODE_26 Connect to custom port
INLINE_CODE_27 Connect with current username
_
#### Connection Options
Command
Description
---------
-------------
INLINE_CODE_28 Verbose output for debugging
INLINE_CODE_29 More verbose output
INLINE_CODE_30 Maximum verbosity
INLINE_CODE_31 Quiet mode (suppress warnings)
_
## Métodos de autenticación
Password Authentication
# Standard password login
user@hostname
# Force password authentication
-o PreferredAuthentications = password user@hostname
# Disable password authentication
-o PasswordAuthentication = no user@hostname
Key-Based Authentication
# Generate SSH key pair
-t rsa -b 4096 -C "your_email@example.com"
-t ed25519 -C "your_email@example.com" # Modern, secure
# Copy public key to remote server
user@hostname
-i ~/.ssh/id_rsa.pub user@hostname
# Manual key installation
~/.ssh/id_rsa.pub| ssh user@hostname "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"
Key Management
Command
Description
INLINE_CODE_32 Generate Ed25519 key (recommended)
INLINE_CODE_33 Generate 4096-bit RSA key
INLINE_CODE_34 Generate key with custom name
INLINE_CODE_35 Add key to SSH agent
INLINE_CODE_36 List loaded keys
INLINE_CODE_37 Remove all keys from agent
_
## Configuración
SSH Client Config (~/.ssh/config)
# Global defaults
*
ServerAliveInterval 60
ServerAliveCountMax 3
TCPKeepAlive yes
# Specific host configuration
myserver
HostName server.example.com
User myusername
Port 2222
IdentityFile ~/.ssh/myserver_key
ForwardAgent yes
# Jump host configuration
target
HostName 192 .168.1.100
User admin
ProxyJump jumphost
jumphost
HostName jump.example.com
User jumpuser
Opciones de configuración comunes
Option
Description
Example
INLINE_CODE_38 Real hostname or IP
INLINE_CODE_39
INLINE_CODE_40 Username for connection
INLINE_CODE_41
INLINE_CODE_42 SSH port number
INLINE_CODE_43
INLINE_CODE_44 Private key file
INLINE_CODE_45
INLINE_CODE_46 Enable agent forwarding
INLINE_CODE_47
INLINE_CODE_48 Enable compression
INLINE_CODE_49
_
## Port Forwarding and Tunneling
Local Port Forwarding
# Forward local port to remote service
-L 8080 :localhost:80 user@hostname
# Forward to different remote host
-L 3306 :database.internal:3306 user@gateway
# Multiple port forwards
-L 8080 :localhost:80 -L 3306 :localhost:3306 user@hostname
Remote Port Forwarding
# Forward remote port to local service
-R 8080 :localhost:3000 user@hostname
# Allow remote connections to forwarded port
-R 0 .0.0.0:8080:localhost:3000 user@hostname
Dynamic Port Forwarding (SOCKS Proxy)
# Create SOCKS proxy on local port 1080
-D 1080 user@hostname
# Use with applications
# Configure browser to use SOCKS proxy: localhost:1080
X11 Forwarding
# Enable X11 forwarding for GUI applications
-X user@hostname
# Trusted X11 forwarding
-Y user@hostname
# Run GUI application
-X user@hostname firefox
File Transfer Integration
SCP Integration
# Copy file to remote host
file.txt user@hostname:/path/to/destination/
# Copy from remote host
user@hostname:/path/to/file.txt ./
# Recursive copy
-r directory/ user@hostname:/path/to/destination/
SFTP Integration
# Start SFTP session
user@hostname
# SFTP with custom port
-P 2222 user@hostname
Características avanzadas
Jump Hosts and Bastion Servers
# Connect through jump host
-J jumphost user@target
# Multiple jump hosts
-J jump1,jump2 user@target
# Using ProxyCommand
-o ProxyCommand = "ssh -W %h:%p jumphost" user@target
SSH Agent and Key Management
# Start SSH agent
eval $( ssh-agent)
# Add key to agent
~/.ssh/id_rsa
# Add key with timeout (1 hour)
-t 3600 ~/.ssh/id_rsa
# List agent keys
-l
# Remove specific key
-d ~/.ssh/id_rsa
# Remove all keys
-D
Connection Multiplexxing
# Enable connection sharing in ~/.ssh/config
*
ControlMaster auto
ControlPath ~/.ssh/sockets/%r@%h-%p
ControlPersist 600
# Create socket directory
-p ~/.ssh/sockets
Seguridad y endurecimiento
Opciones de conexión segura
# Disable password authentication
-o PasswordAuthentication = no user@hostname
# Use specific key only
-o IdentitiesOnly = yes -i ~/.ssh/specific_key user@hostname
# Disable host key checking (development only)
-o StrictHostKeyChecking = no user@hostname
# Use specific cipher
-c aes256-ctr user@hostname
Host Key Verification
# Check host key fingerprint
-l -f /etc/ssh/ssh_host_rsa_key.pub
# Remove host key from known_hosts
-R hostname
# Add host key manually
hostname >> ~/.ssh/known_hosts
Certificado de autenticación
# Generate user certificate
-s ca_key -I user_id -n username user_key.pub
# Use certificate for authentication
-o CertificateFile = user_key-cert.pub user@hostname
Troubleshooting
Connection Issues
# Debug connection problems
-vvv user@hostname
# Test specific authentication method
-o PreferredAuthentications = publickey user@hostname
# Check SSH service status
status ssh # Linux
ssh status # Linux (older)
Problemas y soluciones comunes
Problem
Symptoms
Solution
Permission denied
Authentication fails
Check key permissions (600 for private key)
Connection timeout
No response
Check firewall, network connectivity
Host key verification failed
Key mismatch warning
Update known_hosts or verify host identity
Agent forwarding not working
Keys not available on remote
Enable ForwardAgent in config
Key Permission Issues
# Fix SSH key permissions
700 ~/.ssh
600 ~/.ssh/id_rsa
644 ~/.ssh/id_rsa.pub
644 ~/.ssh/authorized_keys
644 ~/.ssh/known_hosts
600 ~/.ssh/config
Automatización y scripting
Non-Interactive SSH
# Run single command
user@hostname "ls -la /var/log"
# Run multiple commands
user@hostname "cd /var/log && tail -f syslog"
# Execute local script on remote host
user@hostname 'bash -s' < local_script.sh
# Execute with sudo
user@hostname "sudo systemctl restart nginx"
Batch Operations
#!/bin/bash
# Deploy to multiple servers
servers =( "web1.example.com" "web2.example.com" "web3.example.com" )
for server in " $\\\\{servers[@]\\\\}" ; do
echo "Deploying to $server "
ssh user@$server "cd /var/www && git pull origin main"
ssh user@$server "sudo systemctl restart nginx"
done
SSH with Expect (Password Automation)
#!/usr/bin/expect
ssh user@hostname
"password:"
"your_password\r"
Compresión y velocidad
# Enable compression
-C user@hostname
# Disable compression for fast networks
-o Compression = no user@hostname
# Use faster cipher for trusted networks
-c arcfour user@hostname
Connection Persistence
# Keep connection alive
-o ServerAliveInterval = 60 user@hostname
# Persistent connection in background
-f -N -L 8080 :localhost:80 user@hostname
Windows (OpenSSH)
# Windows OpenSSH client
ssh user @hostname
# Windows SSH config location
% USERPROFILE %\. ssh \ config
# Start SSH agent on Windows
Start-Service ssh-agent
ssh-add ~/. ssh / id_rsa
MacOS Keychain Integration
# Add key to macOS keychain
--apple-use-keychain ~/.ssh/id_rsa
# Configure automatic keychain loading
*
AddKeysToAgent yes
UseKeychain yes
Buenas prácticas
Security
Use Key Authentication : Deshabilitar la autenticación de contraseñaLlaves de soporte : Use Ed25519 o 4096-bit RSA llaves** Rotación clave**: Rotación regular
Principio del Privilege Menos : Limitar el acceso del usuarioMonitor Access : Lograr y monitorear conexiones SSH
Configuration Management
Centralized Config : Use ~/.ssh/config for common settingsLos Aliases Host : Crear alias de host significativosMúltiplo de Connección : Reutilizar las conexiones para la eficienciaAgente Forwarding : Use cuidadosamente, sólo cuando sea necesarioDocumentación : Configuraciones personalizadas de documentos
Operational
Backup Keys : Copia de seguridad de las llaves privadasTest Connections : Probando regularmente el acceso SSHActualizar software : Mantenga al cliente/servidor SSH actualizadoMonitor Logs : Cuidado con la actividad sospechosaEmergency Access : Maintain alternative access methods