SSH
server configuration
# disable password authentication
PasswordAuthentication no
# disable root login
PermitRootLogin no
Create key
ssh-keygen -t ecdsa -b 521
# specif an file
ssh-keygen -t ecdsa -b 521 -f ~/.ssh/key-ecdsa
Copy public key
ssh-add ~/.ssh/id_ed25519
ssh-copy-id -i ~/.ssh/y-ecdsa.pub example_user@192.0.2.4
Add existing Key
ssh-add ~/.ssh/key-ecdsa
Alias
Host srv01
HostName srv01.lan
User john
RemoteCommand cd ~/; exec bash --login
RequestTTY yes
Port Binding
Bind local port 8001 to target-server port 80 using jump-machine.local.
(local machine without direct access to target-server)
ssh -f -N -L localhost:8001:target-server:80 usr@jump-machine.local
ssh-client
podman
podman container run \
-v $HOME/.ssh:/root/.ssh:ro,Z \
git.limbosolutions.com/kb/ssh-client:latest
kubernetes
kind: Pod
metadata:
name: ssh-client
labels:
app: ssh-client
spec:
containers:
- name: ssh-client
image: git.limbosolutions.com/kb/ssh-client:latest
tty: true
command: ["bash", "-c"]
args:
- |
set -e
eval `ssh-agent`
ssh-keyscan -p ${SRV_PORT} -H ${SRV_HOST} > ~/.ssh/known_hosts
ssh ${SRV_HOST}@${SRV_USER} -p ${SRV_PORT} "ls -lah" && \
echo "INFO:Remote command executed!"
env:
- name: SRV_HOST
valueFrom:
secretKeyRef:
name: backup-secrets
key: SRV_HOST
- name: SRV_PORT
valueFrom:
secretKeyRef:
name: backup-secrets
key: SRV_PORT
- name: SRV_USER
valueFrom:
secretKeyRef:
name: backup-secrets
key: SRV_USER
volumeMounts:
- name: backup-secrets
subPath: SSH_PRIVATE_KEY
mountPath: /root/.ssh/id_ed25519
volumes:
- name: backup-secrets
secret:
secretName: backup-secrets
defaultMode: 0600
items:
- key: SSH_PRIVATE_KEY
path: SSH_PRIVATE_KEY
Local Build and Development
podman build docker/ssh-client \
--build-context ssh-client=docker/ssh-client \
-t git.limbosolutions.com/kb/ssh-client:local-dev
podman container run -it \
-v $HOME/.ssh:/root/.ssh:ro,Z \
git.limbosolutions.com/kb/ssh-client:local-dev \
/bin/bash