LocalForward/Dynamic tunnels & SFTP jumphost connection examples (commandline):
>ssh -L 1522:remote.hostname:1522 user@tunnel.hostname
>ssh -D 8080 user@tunnel.hostname
>sftp -o ProxyJump=user@jump.hostname:22 [-b ./batch.scr] user@dest.host.internalLocalForward/Dynamic tunnels & SFTP jumphost connection examples (commandline and config):
>ssh dsthst
~/.ssh/config:
Host prxjmp
Hostname jump.hostname
Port 22
User user
LocalForward 7080 10.0.0.9:7080
DynamicForward 8080
Host dsthst
HostName dest.host.internal
Port 22
User user
ProxyJump prxjmp
IdentityFile ~/.ssh/other_key_locationGenerate a SSH Key Pair:
>ssh-keygen -m PEM -t ecdsa -b 521
>ssh-keygen -m PEM -t ecdsa -b 521 -C "tim" -f /home/tim/tmp/id_ecdsaOther algorithms:
>ssh-keygen -t ed25519
>ssh-keygen -t dsa
>ssh-keygen -t rsa -b 4096Convert SSH2 Public Key to OpenSSH Public Key
>ssh-keygen -i -f id_ssh2.pub [-m PKCS8]Convert OpenSSH Public Key to SSH2 Public Key
>ssh-keygen -e -f id_openssh.pubGet Key Fingerprint MD5
ssh-keyscan -p [port] [hostname] > [hostkeyfpfile]
ssh-keygen -l -f [hostkeyfpfile] -E md5
Start session with alternate key
sftp -o IdentityFile=/home/tim/.ssh/id_rsa_2 tim@server1 Implement group restrictions in /etc/ssh/sshd_config
# Group restrictions
AllowGroups sshaccess
Match Group sshpubkeyonly
PasswordAuthentication no
Match group sftpusers
X11Forwarding no
ChrootDirectory %h
AllowTcpForwarding no
ForceCommand internal-sftp