ssh cheat sheet
2014-07-28 00:52
691 查看
SSH
速查表
参考链接: http://pentestmonkey.net/cheat-sheet/ssh-cheat-sheet
速查表
SSH有些特性在渗透和审计过程中很实用。该文章的目的就是,提醒我们记住最常用的特性。 注意:此文章并不能取代官网的手册页面,只是为了介绍一些SSH相关的例子。 |
SOCKS Proxy-D [bind_address:]portSpecifies a local “dynamic” application-level port forwarding. This works by allocating a socket to listen to port on the local side, optionally bound to the specified bind_address. Whenever a connection is made to this port, the connection is forwarded over the secure channel, and the appli‐ cation protocol is then used to determine where to connect to from the remote machine. Currently the SOCKS4 and SOCKS5 protocols are supported, and ssh will act as a SOCKS server. Only root can forward privileged ports. Dynamic port forwardings can also be specified in the configuration file. IPv6 addresses can be specified by enclosing the address in square brackets. Only the superuser can forward privileged ports. By default, the local port is bound in accordance with the GatewayPorts setting. However, an explicit bind_address may be used to bind the connection to a specific address. The bind_address of “localhost” indicates that the listening port be bound for local use only, while an empty address or ‘*’ indicates that the port should be available from all interfaces. 本地(127.0.0.1:1080)开一个socks代理,通过代理可以将数据中转到远程主机(192.168.1.110) 命令: ssh -D 127.0.0.1:1080 192.168.1.110 ~/.ssh/config: Host 192.168.1.110 DynamicForward 127.0.0.1:1080 使用tsocks或类似的工具,可访问192.168.1.110相关的网络资源。 tsocks rdesktop 192.168.1.111 3389 |
Local Forwarding-L [bind_address:]port:host:hostportSpecifies that the given port on the local (client) host is to be forwarded to the given host and port on the remote side. This works by allocating a socket to listen to port on the local side, optionally bound to the specified bind_address. Whenever a connection is made to this port, the con‐ nection is forwarded over the secure channel, and a connection is made to host port hostport from the remote machine. Port forwardings can also be specified in the configuration file. IPv6 addresses can be specified by enclosing the address in square brackets. Only the superuser can forward privileged ports. By default, the local port is bound in accordance with the GatewayPorts setting. However, an explicit bind_address may be used to bind the connection to a specific address. The bind_address of “localhost” indicates that the listening port be bound for local use only, while an empty address or ‘*’ indicates that the port should be available from all interfaces. 让远程主机上的服务,能够访问本地主机监听的端口. 例子1:远程主机TCP 1521端口对应的服务,可通过SSH客户端访问10521得到.命令: ssh -L 127.0.0.1:10521:127.0.0.1:1521 user@192.168.1.110 ~/.ssh/config LocalForward 127.0.0.1:10521 127.0.0.1:1521 例子2:如果想要SSH客户端所在同一环境的主机,也可以访问该服务.命令: ssh -L 0.0.0.0:10521:127.0.0.1:1521 192.168.1.110 ~/.ssh/config LocalForward 0.0.0.0:10521 127.0.0.1:1521 例子3:访问本地10521端口,可连至192.168.1.111:1521 192.168.1.110命令: ssh -L 127.0.0.1:10521:192.168.1.111:1521 192.168.1.110 ~/.ssh/config LocalForward 127.0.0.1:10521 192.168.1.111:1521 |
Remote Forwarding-R [bind_address:]port:host:hostportSpecifies that the given port on the remote (server) host is to be forwarded to the given host and port on the local side. This works by allocating a socket to listen to port on the remote side, and whenever a connection is made to this port, the connection is forwarded over the secure channel, and a connection is made to host port hostport from the local machine. Port forwardings can also be specified in the configuration file. Privileged ports can be forwarded only when logging in as root on the remote machine. IPv6 addresses can be specified by enclosing the address in square braces. By default, the listening socket on the server will be bound to the loopback interface only. This may be overridden by specifying a bind_address. An empty bind_address, or the address ‘*’, indicates that the remote socket should listen on all interfaces. Specifying a remote bind_address will only succeed if the server's GatewayPorts option is enabled (see sshd_config(5)). If the port argument is ‘0’, the listen port will be dynamically allocated on the server and reported to the client at run time. When used together with -O forward the allocated port will be printed to the standard output. 通过本地监听的端口,可访问远程服务. 例子1:连接8000端口,可访问80端口对应的资源.命令行: ssh -R 127.0.0.1:8000:127.0.0.1:80 192.168.1.110 ~/.ssh/config RemoteForward 127.0.0.1:8000 127.0.0.1:80 例子2:连接8000端口,可访问主机192.168.1.111的80端口对应的资源.命令: ssh -R 127.0.0.1:8000:192.168.1.111:80 192.168.1.110 ~/.ssh/config RemoteForward 127.0.0.1:8000 192.168.1.111:80 例子3:命令:ssh -R 0.0.0.0:8000:192.168.1.111:80 192.168.1.110 # we need a new port to 127.0.0.1:8080 ssh -L 4444:127.0.0.1:8080 192.168.1.110 ~/.ssh/config RemoteForward 0.0.0.0:8000 192.168.1.111:80 |
Configuration Files~/.ssh/config有时候使用配置文件~/.ssh/config会非常方便,这样可以避免每次都输入一长串的命令.使用其他SSH工具时(例如:scp和rsync),配置文件会提供便利。
在渗和审计过程中,你可以在服务器上添加一个authorized_keys文件,这样你可以使用SSHkey文件登录。 生成公钥/私钥,方法如下: ssh-keygen -f mykey cat mykey.pub # youcan copy this to authorized_keys ssh-keygen -f mykey-t rsa -b 768 cat mykey.pub # copyto authorized_key. ssh -i mykeyuser@192.168.1.110 |
相关文章推荐
- ssh Cheatsheet
- Shell Cheatsheet
- C Cheat Sheet
- Sublime 快捷键列表(Shortcuts Cheatsheet)
- HTML5 Security Cheatsheet
- OpenStack command-line interface cheat sheet
- Graphical vi-vim Cheat Sheet and Tutorial
- C# and VB.NET Comparison Cheat Sheet
- vim cheat sheet for programmers
- C++ Containers Cheat Sheet
- A Stargazer Cheatsheet
- XSS Filter Evasion Cheat Sheet
- Git Cheat Sheet
- SQLi filter evasion cheat sheet (MySQL)
- Ubuntu Cheatsheet
- XenDesktop 7.6 powershell commands cheat sheet
- The iOS Design Cheat Sheet 界面设计速参
- WinDbg / SOS Cheat Sheet
- [Emacs] Spacemacs cheatsheet
- SQLi filter evasion cheat sheet (MySQL)