ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 192.168.1.100
firewall-cmd --permanent --add-port=22/tcp
/usr/sbin/sshd -ddd -p 2222
Control socket connect: Connection refused
sshd -T | grep "\(ciphers\)"
ciphers [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc
arcfour is disabled on Centos 7, its weak, but you can enable it to speed rsync or rnaspshopt
Ciphers [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc,arcfour,arcfour128,arcfour256
Warning: the ECDSA host key for ‘xxx.xxx.com’ differs from the key for the IP address 192.168.111.1
Are you sure you want to continue connecting (yes/no)
ssh-keygen -R 192.168.111.1
This will increase rsync speed.
controlpath /tmp/ssh-controlmaster-%[email protected]%h:%p
In other terminal:
ssh -O check [email protected]
Master running (pid=444444)
rsync -avz -e ssh /some/path [email protected]:/some/path
If you still can get access to server without password after logout it means you have SSH ControlMaster session on your ~/.ssh/cm_socket/
ls -la ~/.ssh/cm_socket/ | grep 188.8.131.52
rm -rf ~/.ssh/cm_socket/[email protected]:22
Another way: ssh -O stop 184.108.40.206
start-stop-daemon –start –pidfile /var/run/sshd.pid –exec /usr/sbin/sshd — -p 22
If error like missing privilege separation directory: /var/run/sshd
chmod 0755 /var/run/sshd
If ssh-copy-id hangs, you can use this:
cat ~/.ssh/*.pub | ssh [email protected] '[[ ! -d .ssh ]] && mkdir .ssh && chmod 700 .ssh || cat >> .ssh/authorized_keys && echo "Key copied"
rm -rf /etc/ssh/ssh*key
systemctl restart sshd
for Debian OS:
rm -rf /etc/ssh/ssh*key
It means there are some restrictions from server side, like some SSH wrapper rules are blocking access to this server. You should contact the server administrator, if you suddenly lost ability to access the server.
sshd(8): Added support for multiple required authentication in SSH
protocol 2 via an AuthenticationMethods option. This option lists
one or more comma-separated lists of authentication method names.
Successful completion of all the methods in any list is required for
authentication to complete. This allows, for example, requiring a
user having to authenticate via public key or GSSAPI before they
are offered password authentication.
I found interesting article about Google authentication http://www.heitorlessa.com/ssh-two-factor-authentication/
Why multi factor authentication important? For example it is very easy to require both an ssh public key and a password to login. If you don’t have the public key, you will never see the password prompt window.