Difference between revisions of "OpenSSH/Config"
< OpenSSH
Jump to navigation
Jump to search
(Created page with "Below the <code>restrict</code> option is a future proof (according to the documentation) method to disable additional features like port forwarding, pty allocation, etc., sto...") |
|||
Line 1: | Line 1: | ||
= generate ssh key = | |||
<source lang=bash> | |||
ssh-keygen -t ecdsa -b 521 # -> ~/.ssh/id_ecdsa and ~/.ssh/id_ecdsa.pub | |||
# -t </path/mykey> | |||
</source> | |||
= authorized_keys = | |||
Below the <code>restrict</code> option is a future proof (according to the documentation) method to disable additional features like port forwarding, pty allocation, etc., stopping any attackers from using the key for pivoting or any other malicious activity. The <code>command</code> option forces the command given to be run when this key is used, stopping an attacker from gaining command execution on the machine. | Below the <code>restrict</code> option is a future proof (according to the documentation) method to disable additional features like port forwarding, pty allocation, etc., stopping any attackers from using the key for pivoting or any other malicious activity. The <code>command</code> option forces the command given to be run when this key is used, stopping an attacker from gaining command execution on the machine. | ||
<source> | <source> |
Revision as of 11:36, 1 November 2021
generate ssh key
ssh-keygen -t ecdsa -b 521 # -> ~/.ssh/id_ecdsa and ~/.ssh/id_ecdsa.pub # -t </path/mykey>
authorized_keys
Below the restrict
option is a future proof (according to the documentation) method to disable additional features like port forwarding, pty allocation, etc., stopping any attackers from using the key for pivoting or any other malicious activity. The command
option forces the command given to be run when this key is used, stopping an attacker from gaining command execution on the machine.
vi ~/.ssh/authorized_keys command="/usr/local/bin/honeykey admin@honeypot",restrict ssh-rsa AAAAB3Nz******6iakD admin@honeypot