home › Internet › SSH, OPENSSH-SERVER, SCP, encryption keys. SSH, OPENSSH-SERVER, SCP, encryption keys Tunneling - Creating a secure SSH tunnel

SSH, OPENSSH-SERVER, SCP, encryption keys. SSH, OPENSSH-SERVER, SCP, encryption keys Tunneling - Creating a secure SSH tunnel

SSH (English Secure SHell - “safe shell”) - network protocol session level, allowing remote control operating system and tunneling TCP connections (for example, for file transfers). It is similar in functionality to the Telnet and rlogin protocols, but, unlike them, it encrypts all traffic, including transmitted passwords.

OpenSSH (open secure shell) is a set of programs that provide encryption of communication sessions over computer networks using the SSH protocol.

There are no difficulties in installation:

sudo apt-get install openssh-server

and you can connect to the server:

ssh 10.10.10.4

Enter your login and password account, available on the server, and we are inside.

to disconnect:

exit

scp is a utility for transferring files via ssh.

Copy the file to server 10.10.10.4 via port 22:

scp -P 22 /home/virtdiver/test.txt This e-mail address is being protected from spambots. You need JavaScript enabled to view it .4:/home/it/test.txt

Copy the file from server 10.10.10.4 via port 22:

scp -P 22 This e-mail address is being protected from spambots. You need JavaScript enabled to view it .4:/home/it/test.txt /home/virtdiver/test.txt

copy the test folder to server 10.10.10.4 via port 22:

scp -P 22 -r /home/virtdiver/test This e-mail address is being protected from spambots. You need JavaScript enabled to view it .4:/home/it

Copy the test folder from server 10.10.10.4 via port 22:

scp -P 22 -r This e-mail address is being protected from spambots. You need JavaScript enabled to view it .4:/home/it/test /home/virtdiver

If there is a need to transfer a file containing spaces in the name, then the path must be placed in quotes and the spaces must be escaped with a slash (\). The example below transfers a file named "filename with space.txt" (Thanks for this information zbl):

scp -P 22 " This e-mail address is being protected from spambots. You need JavaScript enabled to view it .4:/home/it/filename\ with\ space.txt" " /home/virtdiver/ filename\ with\ space.txt"

Generating SSH keys

First of all, you need to create a key pair if you don’t already have one. By default, the keys are stored in the user's home directory, /home/username/.ssh/id_rsa and id_rsa.pub. The keys must be generated on the client in the exact account from which you will log into the server via ssh. Change the user to the desired one (if necessary):

sudo su postgres

Generating keys:

ssh-keygen

the path can be left as default, just press Enter;

enter the password if necessary, if not necessary, press Enter.

A pair of keys is ready. I needed authorization using keys to automatically download a database backup from two servers to a third using scp, for a specially created postgres user, so I left the password blank.

scp ~/.ssh/id_rsa.pub This e-mail address is being protected from spambots. You need JavaScript enabled to view it .4:.ssh/authorized_keys2

We check:

ssh 10.10.10.4

We observe that the password was not requested.

For others, keys are generated in the same way, but now the key does not need to be copied to the server; you need to add the existing one on the ssh server with data from the generated one:

cat ~/.ssh/id_rsa.pub | ssh This e-mail address is being protected from spambots. You need JavaScript enabled to view it .4 "cat >> .ssh/authorized_keys2"

As a result, we have password-free access to 10.10.10.4 with authorization using encryption keys for the postgres user from both servers.

And now about what made me kill an hour. If we generate a key for Windows using PuTTYgen and add it to the server in the same way, then through putty with this key we will log into the server, but from Linux with the same key we will not, since putty and openssh have different formats. If the key file was created in putty and needs to be converted to openssh format, then set:

sudo apt-get install putty-tools

And convert:

puttygen -O private-openssh /home/virtdiver/putty/priv_key.ppk -o /home/virtdiver/putty/priv_key

where priv_key.ppk is a file in putty format, priv_key is the resulting key file in openssh format.

And the reverse procedure, from openssh format to putty format:

puttygen /home/virtdiver/putty/priv_key-o /home/virtdiver/putty/priv_key.ppk

WARNING: SCP-370 is a highly contagious memetic infection. There have not yet been any documented cases of employees becoming infected while reading this article, but as a precaution, this document is allowed to be read only in a controlled room with established mechanisms for destroying the reader at the first symptoms. Verbal dissemination of any information regarding SCP-370 is grounds for immediate destruction.

Special containment conditions: SCP-370 itself is embedded in a small block of solid lead and is stored inside a durable steel box with walls half a meter thick and without the ability to open it. Under no circumstances should an object be removed from the box or lead bar. If SCP-370 is recovered in whole or in part, blinded personnel will be tasked with searching for it using a metal detector, after which an electromagnet will be used to move the object into a small mold filled with molten lead. Once the lead has hardened, the resulting timber will be returned to the steel box and the box to the containment vault.

The said box is contained in a specially equipped storage facility at Site ██. SCP-370 does not require any maintenance, and all research on it is prohibited. The desire to open the vault to investigate the object or for any other reason is a symptom of SCP-370 infection. Any personnel exhibiting this or any other symptoms must be immediately isolated and, if symptoms continue, terminated.

SCP-370's destructibility has not been determined. No studies have been conducted in this direction, and future studies are prohibited due to the high risk of infection of the personnel involved.

D-Class personnel with strong sadistic or violent tendencies are preferred in all interactions with SCP-370 or potentially contagious data about the object.

Any Foundation Site showing signs of SCP-370 infection is to have all direct contact terminated. They must be reinstated one (1) year after the last instance of SCP-370 infection.

Any personnel assigned to SCP-370 who exhibit a sudden improvement in their general condition are to be isolated and sleep deprived. If any employee continues to show symptoms of "happiness" despite this measure, he must be terminated.

Description: SCP-370 is the key. The material, shape, size and general appearance of the object are unknown. Knowledge of these parameters is the main spreader of the SCP-370 infection, therefore all reports that could contain such information were destroyed without review.

The disease caused by SCP-370 has three distinct sets of symptoms, designated SCP-370-a, b, and c. The form of infection that an infected subject exhibits appears to be determined by their personality type.

SCP-370-a manifests most often in individuals who are characterized by their environment as selfish or cowardly. This is the most common manifestation. Subjects afflicted with SCP-370-a show no symptoms of infection. However, these individuals will commit suicide immediately when given the chance to do so with the least amount of suffering (for example, victims of SCP-370-a jumped from heights or shot themselves in the head with a firearm, but did not cut their wrists or hang themselves).

The moment the subject's heart stops beating, the infected body begins to glow brightly and undergo an unknown transformation. Detailed knowledge of the transformation is a spreader of infection, as is direct eye contact with the emitted light. No traces or body parts of the subject were ever found after the transformation.

Most SCP-370-b subjects can generally be described as extroverted altruists, however, similar manifestations of SCP-370-b have been observed in individuals with strong sadistic or violent tendencies. Infected individuals of SCP-370-b will initially become very calm. This stage lasts a few seconds, followed by a sudden, unprovoked attack on the closest person to the infected person, resulting in a series of indiscriminate killings. People killed by an infected subject will begin to glow brightly and undergo an unknown transformation, apparently the same or similar to that of suicides.

Initially, the infected is no more dangerous than a normal violent person, however, after he has killed approximately two (2) or three (3) people, his body will begin to emit a yellow light. Apparently, this light causes a sympathetic nervous response in victims of the infected, preventing them from resisting the attack. After approximately five (5) or six (6) successful kills, the intensity of the light triples and any direct skin contact with the infected becomes fatal. Also, from this moment on, any eye contact with the subject becomes a factor of infection.

After killing an average of twelve (12) individuals (subjects exhibiting violent tendencies prior to infection may require at least fifty (50) victims to reach this stage), the infected will abruptly cease displaying hostility and enter the final stage of SCP-370-b infection. Subject will raise his hands to the sky and, in a slightly amplified voice, shout "████, take me home!" This scream seems to pass through soundproof walls and headphones, but is only slightly muffled. Infection is guaranteed for all people who hear this scream, with the exception of cases of sensory deafness. After screaming, a glow in the visible spectrum forms around the infected person, and the infected person rises a couple of meters above the ground, after which [REDACTED] and disappears. As with SCP-370-a, no trace of the missing subjects has been found.

SCP-370-c manifests itself in individuals with a high level of intelligence and an analytical or contemplative personality, and is the most dangerous of the three manifestations. Unfortunately, most Foundation research personnel are predisposed to SCP-370-c. Immediately after infection, subjects close their eyes and spend an average of 30 seconds in silence. If asked what they are doing, the infected will answer that they are “praying.” Any infected with these symptoms must be immediately destroyed by any available means.

Subjects will then behave as usual, but with a significantly increased "sense of well-being". This condition persists even if the infected person is placed in unpleasant conditions. Subjects appear to have a contagious knowledge of the appearance and true nature of SCP-370, regardless of whether they have known any such knowledge before. Infected individuals will actively attempt to covertly spread the SCP-370 infection, especially attempting to cause manifestations of SCP-370-a or SCP-370-c. Distribution methods most commonly include, but are not limited to:
- Mentioning contaminating information about SCP-370 in casual conversation.
- Attempts to remove SCP-370 from containment under the guise of research or disposal.
- Adding carriers of SCP-370 infection to Foundation researchers' notes or other documents, including this page.
- Attempts to spread infectious material on a large scale.

After approximately fifty (50) successful infections, SCP-370-c enters its final stage. During this, the air around the infected person emits a small amount of light in the visible spectrum, forming a dull yellow glow around the subject. This glow produces a "calming" parasympathetic response in observers and has a █% chance of infecting the observer for every minute of eye contact. Regardless of successful infections, for approximately a day after the onset of this radiation, a blazing [DATA EXPUNGED] will burn marks onto or pass through any surfaces it touches, leaving no trace of the infected person. After this event, an invisible piece of infectious space remains, which infects anyone passing through it. The patches disappear in about seven (7) days, but precautions should be avoided for two (2) full weeks.

It has become known that the SCP-370-c infection is being used by some personnel to justify the murder and torture of other Foundation personnel. Those responsible are to be reclassified to Class D, however due to the severe threat posed by SCP-370-c, the above containment protocols will not be revised.– Dr. ███████

Appendix 370-a:

The circumstances surrounding SCP-370's initial acquisition are unknown. The object was discovered in the ruins of Site-█, a remote Foundation base in eastern ████. The original containment protocols and the steel box containing SCP-370 were found in a sealed vault, along with a corpse identified as Dr. █████, an open practitioner of Satanism, and the doctor's personal journal, who was found to be an SCP carrier. -370. The rest of the Zone was abandoned, no other dead bodies were found, although signs of struggle were visible everywhere. Other information about SCP-370 in the Site's data storage was erased or destroyed, although several useful notes were found about other recovered objects, especially SCP-███.

Several cases of contamination occurred during removal procedures. They were eliminated with the utmost precaution and it was decided that the infection had stopped. SCP-370 was briefly designated "Safe". However, in light of the recent [DATA EXPUNGED], the Keter designation has been reinstated and anti-memetic security has been increased at all Foundation Sites.

Appendix 370-b:

Dr. █████'s journal has been successfully cleared of memetic infection and is now accessible to authorized personnel. The precautions taken when reading this article also apply to the diary.

scp is a console utility that allows you to securely copy files via ssh protocol between Linux, Mac and Windows.

Introduction

The name scp is derived from secure cp(copy). With this utility you can copy files via ssh protocol. This protocol supports encryption, so using scp is a secure way to copy files.

I usually use scp to copy files to remote server or vice versa. You can also copy files from server to server, without additional traffic through your local computer.

scp is available for Linux, Mac and Windows (WinSCP)

Description of SCP and main parameters

scp [[ user @ ] from - host : ] source - file [[ user @ ] to - host : ][ destination - file ]

from-host- name or IP address of the host on which the file is located (source host). Can be skipped if the host is the local computer on which this command is executed.

user- a user who has rights to access the file and directory that will be copied from the source host. Or a user who has write permissions on the destination host.

source-file- the file or files that will be copied from the source host to the destination host. This can be a directory; for this you need to specify the -r switch when copying to copy the contents of the directory.

destination-file- the name that the file will receive when copied on the destination host. If the parameter is not specified, all files will be copied with the original names.

SCP keys

-q- do not display progress status

-r- recursively copy the contents of a directory if a directory is specified in the source file

-v- show debug messages

-P- non-standard SSH port on the host

SCP Examples

$scp*. txt user@remote. server. com:/home/user/

all files with the extension .txt will be copied to the /home/use folder on the remote host remote.server.com

$ scp - r user @ 192.168.0.2 :/ home / user / user @ 192.168.0.3 : / home / user /

will copy all files from the user's home directory on host 192.168.0.2 to the user's home directory on host 192.168.0.3 recursively

There are three options for copying files in ssh:

From local host to remote:

$scp somefile username@server:/home/username/

From remote host to local:

$ scp username @ server :/ home / username / file_name / home / local - username / file - name

From remote host to another host:

It is very practical and interesting feature scp, because files are copied from one server to another without getting to the computer on which the copying process is running. All traffic goes directly from server to server directly.

$ scp user_name1@server1 :/home/user_name1/file_name user_name2@server2 :/home/user_name2/

SCP tricks

Transfer rate limit

scp - l limit username @ server :/ home / uername /* .

limit indicated in Kbit/s.

Increase transfer speed

scp by default uses the AES-128 algorithm to encrypt data, it is very secure but slow. If speed is important, then you can use the Blowfish or RC4 algorithms.

Changing the encryption algorithm from AES-128 to Blowfish

$ scp - c blowfish user @ server :/ home / user / file .

Using RC4 encryption algorithm, which is the fastest possible

SCP-860

Object No.: SCP-860

Special containment conditions: SCP-860 is to be kept in a small wooden box in a vault in Sector ██. The object itself is not dangerous, so no special procedures are required.

Description: SCP-860 is a dark blue key with a regular shape. At seemingly random intervals, a set of numbers appears on the key blade, which are coordinates in UTM format. During the time SCP-860 was in Foundation custody, the numbers were changed three times, resulting in coordinates in ██████ (Germany), ██████ (England), and coordinates for Site ██.

SCP-860 can enter any keyed door lock located in the area indicated by these coordinates, and will act like a key that fits that lock. SCP-860 only works if inserted into a door lock, and only if the lock is embedded into the door; it will not work with other locking devices.

If a door is unlocked and opened using SCP-860, the door will not lead to the direction it normally opens. Instead, it opens into a small forest, down the middle of which runs a clearing approximately 80 cm wide, designated SCP-860-1. During each observation of this grove, the presence of a blue fog was noted.

SCP-860-1

Once any person steps into SCP-860-1, the door will automatically close. From the inside of SCP-860-1, the door will be set into an endless concrete wall and locked. Attempts by personnel outside SCP-860-1 to break down the door were unsuccessful. Attempts to break down the door from inside SCP-860-1 resulted in [DATA EXPUNGED]. See Document 860-III for additional details.

The path inside SCP-860-1 usually leads to another door set into another endless concrete wall. This second door opens into the room where the door to which SCP-860 was applied would normally lead.

Personnel conducting research within SCP-860-1 have reported various anomalies. These are described in more detail in Documents 860-I-IV.

Following the events of Study IV (described in Document 860-IV), research with SCP-860 may only be conducted by Level 4 personnel.

Incident 860-██-12: On ██/██/████, ██ days after Study IV, SCP-860 was found on Dr. ███'s desk, ████ m from its location. The locker in which the object was located was not open. Security footage from ██:██ morning showed the key suddenly materializing on the table. It is currently unknown how or why SCP-860 was transferred. The incident had a profound impact on Dr. ███. A psychological evaluation is recommended.

SCP-370's destructibility has not been determined. No studies have been conducted in this direction, and future studies are prohibited due to the high risk of infection of the personnel involved.

D-Class personnel with strong sadistic or violent tendencies are preferred in all interactions with SCP-370 or potentially contagious data about the object.

Any Foundation Site showing signs of SCP-370 infection is to have all direct contact terminated. They must be reinstated one (1) year after the last instance of SCP-370 infection.