09-22-2010
ssh decipher a tunnel [resolved]
Two question here, but it's only one on the protocol point of view.
If two persons use the same key to connect to a SSH server is there a risk they can decipher the other tunnel. In other terms is that less safe than if they have two separate keys.
Same question if two persons use the same user account (with password connection way this time no key).
Thanks in advance for your replies
Last edited by moi; 09-22-2010 at 11:47 AM..
Reason: resolved
10 More Discussions You Might Find Interesting
1. Programming
hi everybody and thank you for this wondefrul forum
this is my first thread posted here and i hope that i could find some help from your part (i am even sure) :D
here is the situation: i am to develop an application of remote desktop access such as vnc, vpn and especially nx
i want to develop... (0 Replies)
Discussion started by: bolboln01
0 Replies
2. UNIX for Advanced & Expert Users
I have initiated a tunnel for vncserver. now i want to stop it. is there any way except sleep option? (2 Replies)
Discussion started by: majid.merkava
2 Replies
3. Cybersecurity
Hi all,
I'm trying have an alternative way of connecting into a Corporate network. Mostly in case the VPN down as I cannot also change the security policy.
I want to expose windows RDP over ssh tunnel.
I have 3 hosts in my scenario
1- Host a : Windows 2k8 has no internet access just only an... (3 Replies)
Discussion started by: h@foorsa.biz
3 Replies
4. UNIX for Dummies Questions & Answers
I'm trying to setup a link between my home pc (work-machine) and a server at work (tar-machine) that is behind a gateway (hop-machine) and not directly accessible.
my actions:
work-machine$ ssh -L 1234:tar-machine:22 hop-machine
work-machine$ ssh -p 1234 user@127.0.0.1
- shh access on... (1 Reply)
Discussion started by: Vathau
1 Replies
5. IP Networking
I have a Java web app on machine (X) that needs to talk to an LDAP server (Y) on :636, but the LDAP server is only accessible on a particular network.
I can login to a machine (Z) on that network from X, and this machine can talk to the LDAP server on :636.
How can I tunnel so that X can... (2 Replies)
Discussion started by: spacegoose
2 Replies
6. UNIX for Advanced & Expert Users
Hi all
I have a suite of scripts that ssh to remote servers within a cluster and run some tests. This is done from a central server so that all of the test results can be captured in one location.
Problem is I now have 509 tests and the number is growing. The scripts work by establishing a... (2 Replies)
Discussion started by: steadyonabix
2 Replies
7. Proxy Server
Hello,
I have a video streaming application that utilizes a WebSocket for the server <-> client communication. My goal is to make the video streaming service available over the internet in the cases where neither the server nor client have public IPs.
One way to do this is over a VPN... (8 Replies)
Discussion started by: Vladislav
8 Replies
8. UNIX for Dummies Questions & Answers
Hello Community,
We have Installed a LDAP Directory behind a Firewall with redirectory port on an Ubuntu virtual machine. The virtual machine is installed on an Ubuntu physical server, that hosts many other virtual machine. All the virtual machine are only joinable from the intern network.
My... (11 Replies)
Discussion started by: tessa226
11 Replies
9. Solaris
Hello Solaris experts:
Trying to bring the 11.3 gdm screen over ssh to a Linux Box:
I did the following:
1. made chanes to /etc/ssh/sshd_config & bounced ssh daemon:
# X11 tunneling options
X11Forwarding yes
X11DisplayOffset 10
X11UseLocalhost yes
2. From the remote Linux box:
... (6 Replies)
Discussion started by: delphys
6 Replies
10. UNIX for Advanced & Expert Users
I am not clear with the part of concept of Tunneling using ssh.
ssh -f -N -L 1029 192.168.1.47:25 james@192.168.1.47
I found out that above code works for me . but didn't quite well understood how ti works and need to ask you guys some questions.
since we are using tunnel through ssh ... (2 Replies)
Discussion started by: lobsang
2 Replies
LEARN ABOUT X11R4
ssh-keyscan
SSH-KEYSCAN(1) BSD General Commands Manual SSH-KEYSCAN(1)
NAME
ssh-keyscan -- gather ssh public keys
SYNOPSIS
ssh-keyscan [-46cHv] [-f file] [-p port] [-T timeout] [-t type] [host | addrlist namelist] ...
DESCRIPTION
ssh-keyscan is a utility for gathering the public ssh host keys of a number of hosts. It was designed to aid in building and verifying
ssh_known_hosts files. ssh-keyscan provides a minimal interface suitable for use by shell and perl scripts.
ssh-keyscan uses non-blocking socket I/O to contact as many hosts as possible in parallel, so it is very efficient. The keys from a domain
of 1,000 hosts can be collected in tens of seconds, even when some of those hosts are down or do not run ssh. For scanning, one does not
need login access to the machines that are being scanned, nor does the scanning process involve any encryption.
The options are as follows:
-4 Forces ssh-keyscan to use IPv4 addresses only.
-6 Forces ssh-keyscan to use IPv6 addresses only.
-c Request certificates from target hosts instead of plain keys.
-f file
Read hosts or ``addrlist namelist'' pairs from file, one per line. If - is supplied instead of a filename, ssh-keyscan will read
hosts or ``addrlist namelist'' pairs from the standard input.
-H Hash all hostnames and addresses in the output. Hashed names may be used normally by ssh and sshd, but they do not reveal identify-
ing information should the file's contents be disclosed.
-p port
Port to connect to on the remote host.
-T timeout
Set the timeout for connection attempts. If timeout seconds have elapsed since a connection was initiated to a host or since the
last time anything was read from that host, then the connection is closed and the host in question considered unavailable. Default
is 5 seconds.
-t type
Specifies the type of the key to fetch from the scanned hosts. The possible values are ``dsa'', ``ecdsa'', ``ed25519'', or ``rsa''.
Multiple values may be specified by separating them with commas. The default is to fetch ``rsa'', ``ecdsa'', and ``ed25519'' keys.
-v Verbose mode. Causes ssh-keyscan to print debugging messages about its progress.
SECURITY
If an ssh_known_hosts file is constructed using ssh-keyscan without verifying the keys, users will be vulnerable to man in the middle
attacks. On the other hand, if the security model allows such a risk, ssh-keyscan can help in the detection of tampered keyfiles or man in
the middle attacks which have begun after the ssh_known_hosts file was created.
FILES
Input format:
1.2.3.4,1.2.4.4 name.my.domain,name,n.my.domain,n,1.2.3.4,1.2.4.4
Output format for RSA, DSA, ECDSA, and Ed25519 keys:
host-or-namelist keytype base64-encoded-key
Where keytype is either ``ecdsa-sha2-nistp256'', ``ecdsa-sha2-nistp384'', ``ecdsa-sha2-nistp521'', ``ssh-ed25519'', ``ssh-dss'' or
``ssh-rsa''.
/etc/ssh/ssh_known_hosts
EXAMPLES
Print the rsa host key for machine hostname:
$ ssh-keyscan hostname
Find all hosts from the file ssh_hosts which have new or different keys from those in the sorted file ssh_known_hosts:
$ ssh-keyscan -t rsa,dsa,ecdsa,ed25519 -f ssh_hosts |
sort -u - ssh_known_hosts | diff ssh_known_hosts -
SEE ALSO
ssh(1), sshd(8)
AUTHORS
David Mazieres <dm@lcs.mit.edu> wrote the initial version, and Wayne Davison <wayned@users.sourceforge.net> added support for protocol ver-
sion 2.
BUGS
It generates "Connection closed by remote host" messages on the consoles of all the machines it scans if the server is older than version
2.9. This is because it opens a connection to the ssh port, reads the public key, and drops the connection as soon as it gets the key.
BSD May 2, 2017 BSD