ssh cheat sheet
来源:互联网 发布:专业修图软件 编辑:程序博客网 时间:2024/05/10 00:37
SSH 速查表
SSH有些特性在渗透和审计过程中很实用。该文章的目的就是,提醒我们记住最常用的特性。
注意:此文章并不能取代官网的手册页面,只是为了介绍一些SSH相关的例子。
SOCKS Proxy
-D [bind_address:]port
Specifies a local “dynamic” application-level port forwarding. This works by allocating a socket to listen to port on the local side, optionally
bound to the specified bind_address. Whenever a connection is made to this port, the connection is forwarded over the secure channel, and the appli‐
cation protocol is then used to determine where to connect to from the remote machine. Currently the SOCKS4 and SOCKS5 protocols are supported, and
ssh will act as a SOCKS server. Only root can forward privileged ports. Dynamic port forwardings can also be specified in the configuration file.
IPv6 addresses can be specified by enclosing the address in square brackets. Only the superuser can forward privileged ports. By default, the local
port is bound in accordance with the GatewayPorts setting. However, an explicit bind_address may be used to bind the connection to a specific
address. The bind_address of “localhost” indicates that the listening port be bound for local use only, while an empty address or ‘*’ indicates that
the port should be available from all interfaces.
本地(127.0.0.1:1080)开一个socks代理,通过代理可以将数据中转到远程主机(192.168.1.110)
命令:
ssh -D 127.0.0.1:1080 192.168.1.110
~/.ssh/config:
Host 192.168.1.110
DynamicForward 127.0.0.1:1080
使用tsocks或类似的工具,可访问192.168.1.110相关的网络资源。
tsocks rdesktop 192.168.1.111 3389
Local Forwarding
-L [bind_address:]port:host:hostport
Specifies that the given port on the local (client) host is to be forwarded to the given host and port on the remote side. This works by allocating
a socket to listen to port on the local side, optionally bound to the specified bind_address. Whenever a connection is made to this port, the con‐
nection is forwarded over the secure channel, and a connection is made to host port hostport from the remote machine. Port forwardings can also be
specified in the configuration file. IPv6 addresses can be specified by enclosing the address in square brackets. Only the superuser can forward
privileged ports. By default, the local port is bound in accordance with the GatewayPorts setting. However, an explicit bind_address may be used to
bind the connection to a specific address. The bind_address of “localhost” indicates that the listening port be bound for local use only, while an
empty address or ‘*’ indicates that the port should be available from all interfaces.
让远程主机上的服务,能够访问本地主机监听的端口.
例子1:
远程主机TCP 1521端口对应的服务,可通过SSH客户端访问10521得到.命令:
ssh -L 127.0.0.1:10521:127.0.0.1:1521 user@192.168.1.110
~/.ssh/config
LocalForward 127.0.0.1:10521 127.0.0.1:1521
例子2:
如果想要SSH客户端所在同一环境的主机,也可以访问该服务.命令:
ssh -L 0.0.0.0:10521:127.0.0.1:1521 192.168.1.110
~/.ssh/config
LocalForward 0.0.0.0:10521 127.0.0.1:1521
例子3:
访问本地10521端口,可连至192.168.1.111:1521 192.168.1.110命令:
ssh -L 127.0.0.1:10521:192.168.1.111:1521 192.168.1.110
~/.ssh/config
LocalForward 127.0.0.1:10521 192.168.1.111:1521
Remote Forwarding
-R [bind_address:]port:host:hostport
Specifies that the given port on the remote (server) host is to be forwarded to the given host and port on the local side. This works by allocating
a socket to listen to port on the remote side, and whenever a connection is made to this port, the connection is forwarded over the secure channel,
and a connection is made to host port hostport from the local machine.
Port forwardings can also be specified in the configuration file. Privileged ports can be forwarded only when logging in as root on the remote
machine. IPv6 addresses can be specified by enclosing the address in square braces.
By default, the listening socket on the server will be bound to the loopback interface only. This may be overridden by specifying a bind_address.
An empty bind_address, or the address ‘*’, indicates that the remote socket should listen on all interfaces. Specifying a remote bind_address will
only succeed if the server's GatewayPorts option is enabled (see sshd_config(5)).
If the port argument is ‘0’, the listen port will be dynamically allocated on the server and reported to the client at run time. When used together
with -O forward the allocated port will be printed to the standard output.
通过本地监听的端口,可访问远程服务.
例子1:
连接8000端口,可访问80端口对应的资源.命令行:
ssh -R 127.0.0.1:8000:127.0.0.1:80 192.168.1.110
~/.ssh/config
RemoteForward 127.0.0.1:8000 127.0.0.1:80
例子2:
连接8000端口,可访问主机192.168.1.111的80端口对应的资源.命令:
ssh -R 127.0.0.1:8000:192.168.1.111:80 192.168.1.110
~/.ssh/config
RemoteForward 127.0.0.1:8000 192.168.1.111:80
例子3:
命令:ssh -R 0.0.0.0:8000:192.168.1.111:80 192.168.1.110 # we need a new port to 127.0.0.1:8080
ssh -L 4444:127.0.0.1:8080 192.168.1.110
~/.ssh/config
RemoteForward 0.0.0.0:8000 192.168.1.111:80
Configuration Files
~/.ssh/config
有时候使用配置文件~/.ssh/config会非常方便,这样可以避免每次都输入一长串的命令.使用其他SSH工具时(例如:scp和rsync),配置文件会提供便利。
Host192.168.1.110
Port 2222
User ptm
ForwardX11 yes
DynamicForward127.0.0.1:1080
RemoteForward 80127.0.0.1:8000
LocalForward 1521192.168.1.111:1521
~/.ssh/authozied_keys
在渗和审计过程中,你可以在服务器上添加一个authorized_keys文件,这样你可以使用SSHkey文件登录。
生成公钥/私钥,方法如下:
ssh-keygen -f mykey
cat mykey.pub # youcan copy this to authorized_keys
ssh-keygen -f mykey-t rsa -b 768
cat mykey.pub # copyto authorized_key.
ssh -i mykeyuser@192.168.1.110
参考链接: http://pentestmonkey.net/cheat-sheet/ssh-cheat-sheet
- ssh cheat sheet
- Cheat Sheet
- Cheat Sheet
- 关于“cheat sheet”
- regular expressions cheat sheet
- Vim Cheat Sheet
- vi vim cheat sheet
- Rails Migration Cheat Sheet
- Watir Cheat Sheet
- WinDbg / SOS Cheat Sheet
- PHP Cheat Sheet
- SQL Injection Cheat Sheet
- sql injection cheat sheet
- Input Validation Cheat Sheet
- Git Cheat Sheet
- DBA cheat sheet
- Mdadm Cheat Sheet
- Cheat Sheet of Nmap
- oracle Concept
- Android开发框架SmartAndroid2.0 强劲框架
- 活动方式挂号费单身公害付款了好看
- [编程之美] PSet1.16 24点游戏
- 活动方式挂号费单身公害付款了好看
- ssh cheat sheet
- 算法学习 - 栈的链表实现(C++)
- 怎么破解微信密码,查看微信记录
- nginx + php 的配置
- 内存中原码,反码,补码,查看数值范围,&,或,异或,取反,左右移位操作
- hibernate一对多外键双向关联
- 如果把微信记录删除了,请问如何能将聊天记录恢复..
- 设置java.net.URL请求方式post get
- hibernate多对多双向关联