In this article I will write how to configure SSH on Cisco.
Connect to the device via telnet or console cable and switch to the privileged mode:
Continue reading “How to configure SSH on Cisco”Tag Archives: SSH
How to solve on MacOS “REMOTE HOST IDENTIFICATION HAS CHANGED”
Once I transferred the IP address to another server and after connecting to it via SSH from MacOS I saw a warning and therefore failed to connect:
Continue reading “How to solve on MacOS “REMOTE HOST IDENTIFICATION HAS CHANGED””File Transfer Script over SFTP in Windows
I will give an example of a file transfer script via SFTP in Windows.
Continue reading “File Transfer Script over SFTP in Windows”Configuring SSH session timeout
To configure the timeout for SSH sessions, let’s see where the SSH server configuration file is located:
sudo find / -name sshd_config
Open it in any text editor, for example nano:
sudo nano /etc/ssh/sshd_config
How to disconnect SSH user
Let’s say that several users are connected through SSH.
First look at the list of online users:
w
Suppose the following information is displayed (where test is the user’s login):
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT test tty1 11:20 1:07 0.03s 0.03s -bash test pts/0 192.168.1.5 11:21 13.00s 0.02s 0.02s -bash test pts/1 192.168.1.3 11:21 0.00s 0.02s 0.00s w
tty1 – it is a client logged in locally, that is, it is located near the computer.
pts/1 – judging for example on IP and WHAT, let’s assume that it’s us, accordingly pts/0 is the client of which we want to disconnect.
See the list of processes and their PID:
ps faux |grep sshd
At me it was displayed:
root 946 0.0 0.5 65508 5368 ? Ss 12:00 0:00 /usr/sbin/sshd -D root 1147 0.0 0.6 92828 6920 ? Ss 12:01 0:00 \_ sshd: test [priv] test 1178 0.0 0.3 92828 3384 ? S 12:01 0:00 | \_ sshd: test@pts/0 root 1192 0.0 0.6 92828 6592 ? Ss 12:02 0:00 \_ sshd: test [priv] test 1223 0.0 0.3 92828 3532 ? S 12:02 0:00 \_ sshd: test@pts/1 test 1248 0.0 0.0 15468 956 pts/1 S+ 12:25 0:00 \_ grep --color=auto sshd
We find test@pts/0 and accordingly 1178 is the required PID.
We terminate the process by specifying its ID, after which the user will immediately disconnect:
sudo kill -9 1178
See also my articles:
Configuring SSH session timeout
Installing and Configuring SSH
Email notification about each SSH connection
Here are a few ways to receive e-mail notifications about someone connecting to the server via SSH.
FIRST METHOD:
With a text editor, for example nano, open the file /etc/ssh/sshrc (in the nano editor CTRL+X to exit, y/n and Enter to save or discard changes):
sudo nano /etc/ssh/sshrc
And add the following code to it:
ip=`echo $SSH_CONNECTION | cut -d " " -f 1` logger -t ssh-wrapper $USER login from $ip (echo "Subject:login($ip) on server"; echo "User $USER just logged in from $ip";) | sendmail -f server@example.com -t your-email@example.com &
You do not need to restart SSH, the notifications should already come in when connecting.
SECOND METHOD:
Add the specified lines to the config /etc/rsyslog.conf (before each line commented the essence, this code will send messages about failed connections):
# Connect the messaging module $ModLoad ommail # Specify the address of the mail server $ActionMailSMTPServer mail.domain.com # Specify the email from which messages will be sent $ActionMailFrom rsyslog@domain.com # Specify the email to which messages will be sent $ActionMailTo test@domain.com # Specify the subject of the message $template mailSubject,"SSH Invalid User %hostname%" # Specify the content of the message $template mailBody,"RSYSLOG\r\nmsg='%msg%'" $ActionMailSubject mailSubject # Specify in seconds how often messages can be sent $ActionExecOnlyOnceEveryInterval 10 # If the log contains the characters in parentheses, then we send a message if $msg contains 'Invalid user' then :ommail:;mailBody
The same way of sending via rsyslog, but notifications of successful connections are sent (code without comments as above):
$ActionMailSMTPServer mail.domain.com $ActionMailFrom rsyslog@domain.com $ActionMailTo test@domain.com $template mailSubject,"SSH Accepted pass %hostname%" $template mailBody,"RSYSLOG\r\nmsg='%msg%'" $ActionMailSubject mailSubject $ActionExecOnlyOnceEveryInterval 10 if $msg contains 'Accepted password' then :ommail:;mailBody
As a result, if the connection to the SSH server is successful or not successful, messages will be sent to the e-mail. In a similar way, you can announce to email and other events that are logged via rsyslog.
Monitoring the number of Ubiquiti sector clients by SSH from Zabbix
On the test I’ll give an example of getting the number of clients connected to the usual sectoral antenna Ubiquiti AirMax Rocket M5.
We will receive the data via SSH.
To test once we connect to the device (the first time when connecting, type yes and press enter):
sudo -u zabbix ssh -p 22 admin@192.168.0.55
Now in Zabbix we add the data element to the template or host, for example with the name “Template Ubiquiti Rocket M5 Sector”:
Name: any Type: SSH agent Key: ssh.run[clients,,22,utf8] Authentication method: Password Username: NAME Password: PASSWORD Executed script: the command executed on the device (see below)
Example of the command displayed the number of connected clients:
wstalist |grep "mac" |wc -l
Accordingly, we create a graph for the data element, as well as the trigger:
Name: On the sector antenna {HOST.NAME} > 40 clients
Expression: {Template Ubiquiti Rocket M5 Sector:ssh.run[clients,,22,utff8].last(#1)}>40
See also:
Configuring SSH checks in Zabbix
How to change the SSH port in Ubuntu
On the test, I change the SSH port in Ubuntu Server 14.0.4 LTS and Ubuntu Server 16.0.4 LTS.
Open the SSH configuration for example in the nano text editor (in nano, press Ctrl+X to exit, y/n to save or cancel changes):
sudo nano /etc/ssh/sshd_config
Find the line “Port 22” and change it for example to “Port 58222“.
To apply the changes, restart ssh (on different systems it can reboot in different ways, so here is a list of possible commands):
sudo service ssh restart sudo /etc/init.d/ssh restart sudo /etc/init.d/sshd restart
After restarting SSH, it will be available on the new port, and the current session on the old one will remain active, so without disconnecting for testing, we will try to connect to the new port, if not, then the firewall is working in the system and you need to allow it in the system, for example in iptables this is done this way (where 58222 is our new port):
sudo iptables -A INPUT -p tcp --dport 58222 -j ACCEPT
You can allow iptables to connect to SSH only from the specified range of IP addresses:
sudo iptables -A INPUT -d 192.168.0.0/24 -p tcp --dport 58222 -j ACCEPT
If everything is ok, we connect through a new port and can delete the old iptables rule, for example:
sudo iptables -D INPUT -p tcp --dport 22 -j ACCEPT
An example of a command to connect from Linux to SSH on a non-standard port:
ssh -p 58222 user@192.168.0.2
View the system on which port and on what network interfaces SSH works like this:
netstat -tulpan | grep ssh
Configuring SSH checks in Zabbix
It took somehow some Linux servers to configure SSH checks to not install Zabbix-agent on them.
Zabbix-server itself is installed on Ubuntu Server.
Below in order I will describe how to configure SSH checks in Zabbix.
Authorization for SSH will be configured by key instead of password, for this we stop zabbix-agent and zabbix-server:
sudo service zabbix-agent stop sudo service zabbix-server stop
Create a Zabbix user home directory (for storing ssh keys):
sudo usermod -m -d /home/zabbix zabbix sudo chown zabbix:zabbix /home/zabbix sudo chmod 700 /home/zabbix
Run back zabbix-agent and zabbix-server:
sudo service zabbix-agent start sudo service zabbix-server start
Open the configuration file /etc/zabbix/zabbix_server.conf (in the nano editor, press Ctrl+O and Enter means save, Ctrl+X to exit):
sudo nano /etc/zabbix/zabbix_server.conf
Uncomment the string SSHKeyLocation and specify the path to the directory with the keys:
SSHKeyLocation=/home/zabbix/.ssh
Restart zabbix-server:
sudo service zabbix-server restart
Generate the ssh key:
sudo -u zabbix ssh-keygen -t rsa
Press Enter if the path is /home/zabbix/.ssh/id_rsa
On the offer to encrypt the key file, press Enter to not encrypt it or enter twice any password (it will encrypt the key file and you will have to specify it when connecting it)
Copy the generated key to the server we will be watching:
sudo -u zabbix ssh-copy-id -i /home/zabbix/.ssh/id_rsa.pub -p 22 root@192.168.0.55
If an error occurs while copying the key, you can manually copy the line from id_rsa.pub to the remote server in the authorized_keys file.
And we will try to connect to the remote server without entering the password with the command:
sudo -u zabbix ssh -p 22 root@192.168.0.55
Now in Zabbix we add the data element to the template or host:
Name: any
Type: SSH agent
Key: ssh.run[description,ip,port,encoding] (eg ssh.run[cpu,192.168.0.55,22,utf8]
Authentication method: Public key
User name (on remote host): root
Public key file: id_rsa.pub
Private key file: id_rsa
Phrase key password: leave blank if you did not encrypt the key with a password
Executed script: command running on a remote server, examples below
Below is an example of commands for Linux that you can execute and get various information.
CPU load for 1min / 5min / 15min:
cat /proc/loadavg |cut -d " " -f1 cat /proc/loadavg |cut -d " " -f2 cat /proc/loadavg |cut -d " " -f3
Number of currently running processes of the specified program:
pgrep apache2|wc -l pgrep -c sshd
Free space at the mount point “/” (in megabytes):
df -m|grep "/$"|awk '{print $4}'
Occupied space at the mount point “/” (in percent):
df|grep "/$"|awk '{print $5}'|tr -d "%"
Received byte on the network interface eth0:
cat /proc/net/dev|grep eth0|awk '{print $2}'
Bytes sent to the network interface eth0:
cat /proc/net/dev|grep eth0|awk '{print $10}'
Amount of free RAM:
free |grep "Memory:"|awk '{print $4}'
free |grep "Mem:"|awk '{print $4}'
See also:
Connect to SSH using the keys