-
Things I've found useful » Blog Archive » Bash SSH known_hosts tab completion
26 mai 2014 à 10:06:39 UTC+2 - permalink -This morning a discussion with a friend about various shells lead me to think it would be nice if my bash shell could tab complete hostnames from .ssh/known_hosts when I type ‘ssh <tab>’. I soon found this blog post which nicely documents how to do it. I made a directory in $HOME called .bash.completion and then added this to my .profile, which loops round any files in there, sourcing them individually:
if [ -d ${HOME}/.bash.completion ]; then
for file in ${HOME}/.bash.completion/* ; do
source $file
done
fiAll sorted. However, it wasn’t long before I discovered that ‘ssh user@<tab>’ doesnt work, I tend to use this quite a lot so wanted to see if I could fix up the bash function to support that use case. Bit of hacking around and I’ve got it working, the replacement ssh-completion file is shown below:
Add bash completion for ssh: it tries to complete the host to which you
want to connect from the list of the ones contained in ~/.ssh/known_hosts
__ssh_known_hosts() {
if [[ -f ~/.ssh/known_hosts ]]; then
cut -d " " -f1 ~/.ssh/known_hosts | cut -d "," -f1
fi
}
_ssh() {
local cur known_hosts
COMPREPLY=()
cur="${COMP_WORDS[COMP_CWORD]}"
known_hosts="$(__ssh_known_hosts)"
if [[ ! ${cur} == - ]] ; then
if [[ ${cur} == @ ]] ; then
COMPREPLY=( $(compgen -W "${known_hosts}" -P ${cur/@/}@ -- ${cur/*@/}) )
else
COMPREPLY=( $(compgen -W "${known_hosts}" -- ${cur}) )
fi
fi
return 0
}
complete -o bashdefault -o default -o nospace -F _ssh ssh 2>/dev/null \
|| complete -o default -o nospace -F _ssh ssh
-
http://usefulthings.org.uk/2013/04/bash-ssh-known_hosts-tab-completion/
-
How to log history and logins from multiple ssh-keys under one user account | Screenage
14 mai 2014 à 17:22:59 UTC+2 - permalink -Une astuce utile pour faire un audit des connexions par clé sur un compte (quand on a plusieurs personnes avec des clés différentes qui accèdent au meme user)
Implémentation rapide :
!/bin/bash
#On convertit le authorized_keys pour ajouter la variable d'env
cp ~/.ssh/authorized_keyz ~/.ssh/authorized_keyz.ORIGINAL
IFS=$'\n'
for line in $(cat .ssh/authorized_keys)
do
comment=$(echo $line|cut -d' ' -f3)
echo "environment=\"SSH_USER=$comment\" $line" >> ~/.ssh/authorized_keyz.COMMENT
donecp ~/.ssh/authorized_keyz.COMMENT ~/.ssh/authorized_keyz
Puis dans le bashrc de l'user, ajouter ça :
if [ "$SSHUSER" != "" ]; then
now=$(date +%Y-%m-%d%H-%M-%S)
echo $now : User $SSH_USER logged in >> ~/ssh-audit.log
fi
-
http://www.screenage.de/blog/2012/02/10/how-to-log-history-and-logins-from-multiple-ssh-keys-under-one-user-account-with-puppet/
-
Twitter / climagic: Confuse people SSHing to your host with a redirect back to theirs - @jeekajoo ~/µblog https://fralef.me/links/?eGhuHQ
8 avril 2014 à 22:32:44 UTC+2 - permalink -Ahah a tester
-
http://Twitter / climagic: Confuse people SSHing to your host with a redirect back to theirs - @jeekajoo ~/µblog https://fralef.me/links/?eGhuHQ
-
AuthorizedKeysCommand : quand OpenSSH devient CloudSSH. Nan j'déconne. / GLMF-161 / GNU/Linux Magazine / Connect - Edition Diamond
31 mars 2014 à 11:19:48 UTC+2 - permalink -alternatives à authorized_keys
via Skunnyk
-
http://connect.ed-diamond.com/GNU-Linux-Magazine/GLMF-161/AuthorizedKeysCommand-quand-OpenSSH-devient-CloudSSH.-Nan-j-deconne
-
Execute local script remotly and get ouput into a local log file
31 janvier 2014 à 15:53:51 UTC+1 - permalink -Cool stuff :
ssh user@server 'bash -s' < local_script.sh > local_script.log 2>&1
-
https://links.infomee.fr/?ORnmyQ
-
OpenSSH Tip: Check Syntax Errors before Restarting Server
8 janvier 2014 à 16:14:58 UTC+1 - permalink -not bad
$ sudo /usr/sbin/sshd -t
$ echo $?
-
http://www.cyberciti.biz/tips/checking-openssh-sshd-configuration-syntax-errors.html
-
How to tunnel everything through SSH - fooninja.net
20 octobre 2013 à 20:16:44 UTC+2 - permalink -In Firefox, the solution is easy. Simply type about:config in the address bar and set network.proxy.socks_remote_dns to true. This will have the remote end (i.e., the machine you are SSH’ing to) handle the DNS lookups.
-
http://fooninja.net/2010/09/06/how-to-tunnel-everything-through-ssh/
-
Portknocking in bash
15 octobre 2013 à 10:32:22 UTC+2 - permalink -Un serveur, mais surtout un client pour faire du port knocking
-
http://www.prometheus-group.com/labs/unbounded/46-web-security/135-bash-pk.html
-
ssh config file : proxy
10 octobre 2013 à 11:36:42 UTC+2 - permalink -Pour utiliser machinerebond pour accéder aux *.vm automatiquement :
$ cat .ssh/config
Host=machinerebond
Hostname=machinerebond.fqdn.com
User=rootHost=*.distant
User=root
ProxyCommand=ssh -W %h:22 machinerebondAlternative :
D'abord se co sur la machine rebond avec un -A pour ramener sa key dans l'agent distant
Ensuite on peut se co sur les autres machines, mais plus long.Autres directives possibles :
ServerAliveInterval 30
ServerAliveCountMax 120Port 22000
User fooey
IdentityFile ~/.ssh/github.key
LocalForward 9906 127.0.0.1:3306
more : http://www.openbsd.org/cgi-bin/man.cgi?query=ssh_config&apropos=0&sektion=0&manpath=OpenBSD+Current&arch=i386&format=html
-
https://links.infomee.fr/?0hyAJQ