quarto publish gh-pages document.qmd

那么，如何让发起请求的时候，使用我们小号的私钥呢？我们先来看一下执行 clone 代码时候，仓库源那个以 git 开头的链接是什么意思：

Use ssh -f -N -L to run the port-forwarding session in the background.

如何在 SSH 下远程使用 IDE 编译和调试？

The version of OpenSSH included in 16.04 disables ssh-dss. There's a neat page with legacy information that includes this issue: http://www.openssh.com/legacy.html In a nutshell, you should add the option -oHostKeyAlgorithms=+ssh-dss to the SSH command: ssh -oHostKeyAlgorithms=+ssh-dss root@192.168.8.109

However, if the test file is in fact 0 bytes, then your shell is behaving, but it is possible that you just have a very old version of rsync. You can tell the client end (assuming it is the newer end) to not advertise such a high version that the old rysnc server version doesn't recognize it. You can do this using the --protocol= option. In my case, using --protocol=30 did the trick. If you are still having trouble, try ssh in as the user rsysnc is connecting with and try running rsync --version to see if the shell can find rsync. If you get something that says command not found, then rsync might not be installed on the machine you are connecting to or it might not be in the path. Rsync does have options for specifying the path of the remote end, read the man page(s). ShareShare a link to this answer Copy linkCC BY-SA 3.0 Improve this answer Follow Follow this answer to receive notifications answered Jul 16, 2014 at 20:28 AzendaleAzendale 1,50522 gold badges1111 silver badges1414 bronze badges 2 +1 for the hint about --protocol which solved my problem with a 2.5.6 server (protocol version 26) and a 3.1.0 client (protocol version 31) – MattBianco

If testfile is NOT 0 bytes, then the trouble is that your shell is outputting something. Check /etc/profile, .profile, .bashrc, .cshrc, etc. If it is, you can change it to check if your terminal is interactive and only output text by using the following code in a bashrc. Something equivalent exists for other shells as well: if shopt -q login_shell; then [any code that outputs text here] fi or alternatively, like this, since the special parameter - contains i when the shell is interactive: if echo "$-" | grep i > /dev/null; then [any code that outputs text here] fi

Use SSH and connect:

HostName Specifies the real host name to log into. This can be used to specify nicknames or abbreviations for hosts. The default is the name given on the command line. Numeric IP addresses are also permitted (both on the command line and in HostName specifications).

两个远程系统之间的复制

awk '{print $2}' /etc/ssh/ssh_host_ed25519_key.pub | base64 -d | sha256sum -b | sed 's/ .*$//' | xxd -r -p | base64 | sed 's/.//44g' | awk '{print "SHA256:"$1}'

You want to execute SSH commands from the build environment to a remote server You want to rsync files from the build environment to a remote server If anything of the above rings a bell, then you most likely need an SSH key.

Available documentation suggests that ED25519 is more secure.

There is a serious weakness in DSA (which extends to ECDSA) that has been exploited in several real world systems (including Android Bitcoin wallets and the PS3); the signature algorithm relies on quality randomness (bits that are indistinguishable from random); once the PRNG enters a predictable state, signatures may leak private keys. Systems that use ECDSA must be aware of this issue, and pay particular attention to their PRNG.

Configure a remote Python interpreter via SSH credentials

ssh doesn't let you specify a command precisely, as you have done, as a series of arguments to be passed to execvp on the remote host. Instead it concatenates all the arguments into a string and runs them through a remote shell. This stands out as a major design flaw in ssh in my opinion... it's a well-behaved unix tool in most ways, but when it comes time to specify a command it chose to use a single monolithic string instead of an argv, like it was designed for MSDOS or something!

git -c core.sshCommand="ssh -vvv" pull

Once the number of unauthenticated connections goes over the sshd:MaxStartUps parameter, sshd starts rejecting those connections. So preferably increase the MaxStartups in sshd_config

maybe the server is getting brute-forced some way. so the ssh connections are in use this way. In this case MaxStartups would only lead to more bandwith usage and higher server load. You should think about a non default port in high port range and something like fail2ban

I discovered that remote shells are treated differently. While non-interactive Bash shells don’t normally run ~/.bashrc commands at start-up, a special case is made when the shell is Invoked by remote shell daemon:

An ssh public key in a ~/.ssh/authorized_keys file can have a command="" option which forces a particular command to be executed when the key is used to authenticate an ssh connection. This is a security control that mitigates against private key compromise. This is great when you only need to execute a single command. But if you need to perform multiple tasks, you would normally need to create and install a separate key pair for each command, or just not bother making use of forced commands and allow the key to be used to execute any command.

from="<ip>",command="/usr/local/sbin/validate-rsync" ssh-dss AAAAZ5Hbl......

The IdentitiesOnly yes is required to prevent the SSH default behavior of sending the identity file matching the default filename for each protocol. If you have a file named ~/.ssh/id_rsa that will get tried BEFORE your ~/.ssh/id_rsa.github without this option.

Try overriding this behaviour with this at the bottom of your .ssh/config file: Host * IdentitiesOnly yes

Basically, specifying IdentityFiles just adds keys to a current list the SSH agent already presented to the client.

Add a ProxyJump option and corresponding -J command-line flag to allow simplified indirection through a one or more SSH bastions or "jump hosts".

echo "from="${MYIP%% *}",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty,command="rsync ${SSH_ORIGINAL_COMMAND#* }" $(ssh-keygen -yf ~/.ssh/rsync_rsa)" | ssh targetserver "cat - >>~/.ssh/authorized_keys" Note that the ‘command=’ restriction (http://larstobi.blogspot.ch/2011/01/restrict-ssh-access-to-one-command-but.html) will not apply if ‘/etc/sshd_config’ has already a ‘ForceCommand’ directive.

Just for the record newer versions of ssh support the -W option, you can do something like ProxyCommand ssh -W %h:%p gateway instead of depending on nc

In today's cruel networked world, we're too often hampered behind (evil) company proxies that restricts how we can use the internet while at work, at a customers' place or even in some cases while at home or at friends'. Not only do proxies restrict what you can do, what protocols that are accepted, what sites you can visit and what TCP ports that are let through, it also allows your company or friend to log and supervise you.

Hashicorp Vault: One-Time Password para SSH

rsync -azvvP /home/path/folder1/ /home/path/folder2

PDSH_SSH_ARGS_APPEND="-p900"

A couple of tricks with the secure shell

Client Configuration Set up ~/.ssh/config

Linux cluster sysadmin -- OS metric monitoring with colmux

Just use SSH’s support for SOCKS5 proxy.