HOME
art gallery Linkedin Donations Our Recommendations
Login
Hashcat Cold storage ch341a Premium SSH Proxy Jump
Info
Vuln Fact Check Server Managment Links
SSH
Auth.log Debug DNS key share Cheatpapper
Encryption
fido2 Twofish serpent .ssh/config cipher set sshd set cipher
Firewall
IP block list Fail2ban fail2ban Config SELinux
Tools
Mpiexec Rsync Mosh Glances SSHFS Tmate autossh XQuartz
VPN
SSH Tunneling Cloudflare Onion Network/Tor sshuttle SSH Proxy Reverse Tunnel SSH Tunnel ssh socksv5 proxy
Keys
CA Info Generate Ed25519 key Certificates keys CA & Host auth Backup Key OTP Hardware key SCP Trezor Ledger Nano X
Tweaks
DNS BASH Zsh ssh client env sshd env config X11
Configfiles
sshd, Single Node. sshd, Firewall Single Node. sshd, Cloud Firewall Single Node. sshd, Firewall X11. Win 11 OpenSSH Server VMware ESXi Hardening.

Useful Commands


You can use the tail command along with the /var/log/auth.log file to see real-time logs of SSH login attempts on your server. Here's how to do it:

  1. Open a terminal on your server.
  2. Type the following command to start monitoring the auth.log file:
    3. sudo tail -f /var/log/auth.log
  3. This will display the last few lines of the auth.log file and continuously update the output as new log entries are added.
  4. Watch the output for any login attempts to your SSH server. Each successful or failed SSH login attempt will be logged to the auth.log file, along with the username and IP address of the user.

You can use this information to identify any unauthorized login attempts to your SSH server and take appropriate action to secure your system. Note that the auth.log file may be located in a different path depending on your distribution.



To check the SELinux status for OpenSSH, you can use the sestatus command. Here's how to do it:

    1. Open a terminal on your server.
    2. Type the following command to check the SELinux status:
      3. sestatus
    3. This will display the current status of SELinux on your server, including whether it is enabled or disabled.
    4. Look for the Current mode line in the output. If SELinux is enabled, the mode should be set to enforcing. If disabled, it will say disabled.
    5. Look for any lines in the output related to OpenSSH. If SELinux is enabled and enforcing, OpenSSH should be allowed to operate normally, but you may need to configure SELinux policies to allow custom use cases.


    Here's a cheat paper for using SSH commands to query SSH keys, ciphers, and FIDO2 hardware tokens:

    1. Open a terminal on your server.
    2. Type the following command to query SSH keys:
      3. ssh -Q key

      This will display the list of supported SSH key types on your system, including sk-ssh-ed25519@openssh.com, which represents the Ed25519 key type used for FIDO2 hardware tokens. SSH key types on your system, including sk-ssh-ed25519@openssh.com, which represents the Ed25519 key type used for FIDO2 hardware tokens.



    3. Type the following command to query SSH ciphers:
      4. ssh -Q cipher

      This will display the list of supported SSH ciphers on your system, which are used for encryption and decryption of SSH communications.

    4. If you have a FIDO2 hardware token, you can use the -sk option to specify it for SSH operations.

      5. The -sk option allows you to use a FIDO2 hardware token as a security key for SSH authentication.

    5. There are two types of Ed25519 keys used with FIDO2 hardware tokens: sk-ssh-ed25519@openssh.com and sk-ssh-ed25519-cert-v01@openssh.com.

      6. sk-ssh-ed25519@openssh.com represents the standard Ed25519 key type used for FIDO2 hardware token-based user authentication, while sk-ssh-ed25519-cert-v01@openssh.com is a certificate-based key used for host authentication.


      The sk-ssh-ed25519-cert-v01@openssh.com key type is a certificate-based key used for FIDO2 hardware token-based host authentication. This key type is tied to a specific target/SSH server, identified by its hostname and user. In other words, the key pair can only be used for a single target/SSH server with the correct hostname and user — providing an added layer of security.