https://github.com/FiloSottile/whosthere

Voir

• http://en.wikibooks.org/wiki/OpenSSH/Pattern_Matching_in_OpenSSH_Configuration
• https://raymii.org/s/tutorials/Limit_access_to_openssh_features_with_the_Match_keyword.html
• https://git-annex.branchable.com/tips/using_git_annex_with_no_fixed_hostname_and_optimising_ssh/
• http://william.shallum.net/random-notes/random-ssh-agent-tricks

Voir man ssh_config

~/.ssh/config ou /etc/ssh/ssh_config

~/.ssh/config

Host *
    ServerAliveInterval 300
    ServerAliveCountMax 3
    ControlMaster auto
    ControlPath ~/.ssh/master-%r@%h:%p
    ControlPersist 4h
    EscapeChar ~
 
Host srvlnxvm1
    User root
    HostName srvlnxvm1
    ProxyCommand ssh -W %h:%p srvlnxrbd
 
Host srvlnxdir1
    HostName srvlnxdir1
    LocalForward 1389 127.0.0.1:389
    LocalForward 1636 127.0.0.1:636
 
Host srvlnxvm2 192.168.22.42
    Hostname srvlnxvm2
    ProxyCommand ssh -W %h:%p srvlnxrbd
 
Host *
    User root
 
Host gtw
    Hostname 192.168.22.78
    PubkeyAuthentication=no
    Port 6322
    #lftp sftp://user:pass@gtw
 
Host 192.168.22.63
    Hostname 192.168.22.63
    ProxyCommand ssh -W %h:%p srvlnxrbd
    ForwardAgent yes
    #ProxyCommand ssh srvlnxrbd nc %h %p
 
Host test1
    User root
    Hostname 192.168.2.41
    IdentityFile ~/.ssh/clefs/id_rsa_test1

Pour débugger ssh_config :

ssh -G user@somehost.example.com

/etc/ssh/sshd_not_to_be_run

-

Réutiliser la connexion existante au lieu de refaire une nouvelle connexion. Accélère

Source http://www.linuxjournal.com/content/speed-multiple-ssh-connections-same-server

~/.ssh/config

Host *
   ControlMaster auto
   ControlPath ~/.ssh/master-%r@%h:%p
   ControlPersist 4h

Pour cette connexion (temporairement) ne pas utiliser l'authentification par clef

ssh -o "PreferredAuthentications keyboard-interactive,password" user@192.168.1.18

~/.ssh/config

Host *
        EscapeChar ~

Supported escape sequences:
 ~.   - terminate connection (and any multiplexed sessions)
 ~B   - send a BREAK to the remote system
 ~C   - open a command line
 ~R   - request rekey
 ~V/v - decrease/increase verbosity (LogLevel)
 ~^Z  - suspend ssh
 ~#   - list forwarded connections
 ~&   - background ssh (when waiting for connections to terminate)
 ~?   - this message
 ~~   - send the escape character by typing it twice
(Note that escapes are only recognized immediately after newline.

ssh-keygen -G moduli-3072.candidates -b 3072

Voir : https://entropux.net/article/openssh-moduli/

/etc/ssh/moduli

Déconnexion SSH au bout de 30 secondes avec Write Failed: broken pipe

Doublon d'adresses IP

ssh force password / Ne pas utiliser la clef mais demander le mot de passe

ssh -o PreferredAuthentications=password -o PubkeyAuthentication=no 192.168.1.22

A l'inverse, options SSH sans mot de passe, pour script

ssh -o PasswordAuthentication=no -o ChallengeResponseAuthentication=no -o PreferredAuthentications=publickey -o StrictHostKeyChecking=no -o ConnectTimeout=2 -o BatchMode=yes 192.168.1.22