How does Jow Forums handle ssh connections? I have a bunch of servers that I have to connect...

How does Jow Forums handle ssh connections? I have a bunch of servers that I have to connect, and keeping them all in a sticky note seems stupid, any alternative?

Attached: ssh-big.png (900x560, 4K)

Other urls found in this thread:

wiki.archlinux.org/index.php/OpenSSH#Configuration
github.com/mmeyer724/sshmenu
cyberciti.biz/faq/create-ssh-config-file-on-linux-unix/
pastebin.com/eTZL5C1p
twitter.com/NSFWRedditImage

tmux and/or aliases

Single sign on with active directory (biometric) to all my enterprise equipment

Attached: shitop.png (500x500, 27K)

>aliases
how do you do that? can you type something like ssh server_x1 and then have the username@ip stored somewhere?

Aliases in ~/.ssh/config

Or mobaxterm on Windows at work.

Yah. In your . profile, .bashrc, etc.

here you go, fren
wiki.archlinux.org/index.php/OpenSSH#Configuration

Thanks for not treating me like a retard, seems like pretty obvious stuff, but I didn't knew, thanks again!

Everyone who knows something understands that every knowledge starts from the lack of knowledge.
You got to start somewere ;)

There's a python script called sshmenu which is decent. I don't think it parses the ssh config yet, but I find it handy.

github.com/mmeyer724/sshmenu

>I don't think it parses the ssh config yet
looks like a nice project to add to my github

If you are administrating servers you should know how to solve this.

Here are just a few solutions I can think of, I use a combination of them myself...
1) write an ssh config with easy names for all your connections, then synchronize that config over any systems you use as ssh clients
2) setup a VPN that has all servers on it (and disable outbound traffic ofc) give the servers memorable names within the VPN
3) similar to 2, have an entry point server that either uses hosts to alias your servers, and/or have servers on a VPN, this entry point server can then potentially act as the only allowed client to other servers, and you can easily write ssh config rules to transparently hop through this server to the target servers (this is a common way of keeping database or vcs servers "offline" but still available to the web server)
4) use *sh aliases, such as alias mysqlserver="ssh 123.45.6.7" I personally only use this for my personal computers because I like to keep all security sensitive info separate from things like personal she'll config
5) use /etc/hosts to give a memorable name to all servers. warning: if they have a changing up this won't work, but if they have a stable domain you shouldn't need any form of alias anyway
6) setup something like terminal profiles or desktop shortcuts.
7) use reverse connections from the servers to create a specific local port you ssh to

Final note, I do recommend avoiding using a consolidated list of ssh targets, as this is something hackers look for. A physical note is the most secure. If you use key based auth and someone gets into your PC that has 20 ssh connections a click away, you are gonna piss off a lotta people. Keep that in mind.

Also, note about #3: DO NOT allow key based connections from the entry point server. If using key auth, always forward your key and accept that key on the servers behind the entry point. Otherwise you just created a single point of security failure for every server

I'd say a VPN is the best solution though because it allows you to configure the servers names from those servers themselves, then all you store locally is your private key. As I mentioned, it's dangerous to consolidate info about your servers on your PC because you are giving away way too much info to anyone that compromises your PC. If there is a security breach, you just take the whole VPN down until each server has had it's authorized keys wiped and passwords reset

Jow Forums is known throughout the web for being helpful and positive. This shouldn't have surprised you.

That's why i have my ssh key on a yubikey which requires a physical key press for every connection.

you dont need aliases in ur bashrc for ssh connections, the config file in .ssh folder does that for you when you type example ssh aws in terminal it looks in ur config file for aws entry and you can specify port user name and what what private key file to load up when making connection.

This. Don't use fucking bash aliases for your ssh connections when ssh supports actual its own aliases that also work with scp, rsync, etc

Has anyone in this thread heard of this thing called DNS? I hear it does these alias things pretty well.

DNS lets me alias a username, host, and port to a simple 2-5 character name?

Administrating servers like this is stupid, you want to use a private key for auth and remove completly password auth.
You will be reciving brute attacks most of the time, using crap like fail2ban assure you lots of headaches.
On my datacenter, all internal ports are authorized via https api with user certificate, that allows the ip for some time to access the servers ssh ports and other internal stuff.
As a funny note, ive put a honeypot on usual ssh port that literally rickrolls the botnets and hang them.

Attached: putty_2018-10-03_20-08-56.png (741x466, 56K)

Will I get an angry letter from your legal team if I were to confirm that?

you don't need to setup aliases, just use the ssh config and setup hostnames
cyberciti.biz/faq/create-ssh-config-file-on-linux-unix/

DNS wont pair your keys with your hosts, because you shouldn't use the same key for every host.

Just blocking port 22 and using a port over 10000 is enough to stop most of it, or just block everything and only allows connections from an internal network like a VPN.
Also, having a large ass banner is good enough to keep most bruteforce attacks busy.

hosts file

>Administrating servers like this is stupid, you want to use a private key for auth and remove completly password auth.
Nothing in the post you replied to indicated the use of password auth

> Just blocking port 22 and using a port over 10000 is enough to stop most of it
Thats maybe some years ago, now spammers have much more sophisticated ways to find targets with fingerprinting, so they use tools like shodan to find them (and many others) Once your ip:port is on the list, youre again fucked up. The VPN is always good idea if you have many servers.

id better share the source of basic rickroll ssh server, i stripped out a lot of stuff and just made it works, its compiled video with ffmpeg and libcaca, i have another version that you put some youtube id on the username and it plays the video.
pastebin.com/eTZL5C1p

Attached: vlc_2019-07-01_22-57-57.png (1316x750, 1.45M)

Using SSH in 2019 is a sign of failure. No one should be accessing the console of a server.

this desu senpai

what else should I be using? I bet you are zoomers

I bet those faggots run Kali linux as a daily driver

containers
docker
there's no reason to ssh anymore post setup

>no DNS priority based solution
pleb

remote desktop

what's that?

.ssh/config and keys

Retard with zero real life experience

That's even worse, although sometimes required.

>containers
>docker
>there's no reason to ssh anymore post setup
what did he mean by this?

Attached: hmm.gif (500x209, 151K)

t. retards who have never worked a day in their life. You make an updated image and deploy it. Never ssh.

use putty
putty is your friend

So you'll be telling me driving a diesel truck is not allowed in 2019.
Using SSH with a key is fast secure, and very effective if you can remember the 50 most used commands... Clicking and pointing like using a MAC is fine when all you are doing is WageCucking and just being another brick in the wall

do you run database in a fucking docker?
r u mad?
you sound like a typical heroku kid.

Any user on a system is a threat. I've seen plenty of sysadmins fuck up a working system by doing dumb shit without consulting the application team. Not to mention as millennial hit the market it's going to get worse.

After a server is built with an image it should never be touched unless it needs to be reimaged with updates.

ok faggot, how do propose I login to my HPC server?

You don't retard, that's the point. You deploy the software and set it up to run and you should never have access again.

lmao youre just telling youre so dumb you are self blocking yourself from being competent sysadmin because you will break the thing. Pathethic is short term to describe that

Attached: chrome_2018-03-13_20-10-18.png (567x506, 672K)

Very nice

Don't use putty
Use KiTTY.
The putty fork that is Actually Better.

Boomer detected
I guess you think I should never have to sftp either too.
Just ssh the server and use keys and not passwords.

>minecraft server
>server software updated
>"JUST MAKE A NEW IMAGE AND THROW THE WHOLE SERVER OUT BRO YOU SHOULD NEVER HAVE TO SSH, DELETE THE MAP AND EVEVERYTNING NO SFTP ALLOWED"

Host entries in ~/.ssh/config

Use SaltStack or Ansible to manage your servers.

t. DevSecOps pro

Attached: 1561591253438.jpg (1024x614, 128K)

Check mobaxterm instead if you want a good console on windows.