Quick Info about SSH and SSH KEYGEN?

What is ssh-keygen? Ssh meaning?

Ssh keygen is a tool for creating new authentication key pairs for SSH. Such key pairs are used for automating logins, single sign-on, and for authenticating hosts.

SSH Keys and Public Key Authentication

The SSH protocol uses public-key cryptography for authenticating hosts and users. The authentication keys, called SSH keys, are created using the keygen program. SSH introduced public key authentication as a more secure alternative to the older .rhosts authentication. It improved security by avoiding the need to have the password stored in files, and eliminated the possibility of a compromised server stealing the user's password.

Creating an SSH Key Pair for User Authentication

The simplest way to generate a key pair is to run ssh-keygen without arguments. In this case, it will prompt for the file in which to store keys. Here's an example: ssh-keygen The result is: Generating public/private rsa key pair. Enter file in which to save the key (/home/user/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/user/.ssh/id_rsa. Your public key has been saved in /home/user/.ssh/id_rsa.pub. The key fingerprint is: SHA256:Up6KjbnEV4Hgfo75YM393QdQsK3Z0aTNBz0DoirrW+c user@host The key's randomart image is: +-------+ | . ..oo..| | . . . . .o.X.| | . . o. ..+ B| | . o.o .+ ..| | ..o.S o.. | | . %o= . | | @.B… . | | o.=. o. . . .| | .oo E. . .. | +---------+ First, the tool asked where to save the file. SSH keys for user authentication are usually stored in the user's .ssh directory under the home directory. However, in enterprise environments, the location is often different. The default key file name depends on the algorithm, in this case, id_rsa when using the default RSA algorithm. It could also be, for example, id_dsa or id_ecdsa. Then it asks to enter a passphrase. The passphrase is used for encrypting the key so that it cannot be used even if someone obtains the private key file. The passphrase should be cryptographically strong. You can add this to your ssh agent. You can also use ssh port. You can follow manual pages to ssh a command to a remote server.

Choosing an Algorithm and Key Size

SSH supports several public key algorithms for authentication keys. These include: rsa - an old algorithm based on the difficulty of factoring large numbers. A key size of at least 2048 bits is recommended for RSA; 4096 bits is better. RSA is getting old and significant advances are being made in factoring. Choosing a different algorithm may be advisable. It is quite possible the RSA algorithm will become practically breakable in the foreseeable future. All SSH clients support this algorithm. dsa - an old US Government Digital Signature Algorithm. It is based on the difficulty of computing discrete logarithms. A key size of 1024 would normally be used with it. DSA in its original form is no longer recommended. ecdsa - a new Digital Signature Algorithm standardized by the US government, using elliptic curves. This is probably a good algorithm for current applications. Only three key sizes are supported: 256, 384, and 521 (sic!) bits. We would recommend always using it with 521 bits since the keys are still small and probably more secure than the smaller keys (even though they should be safe as well). Most SSH clients now support this algorithm. ed25519 - this is a new algorithm added in OpenSSH. Support for it in clients is not yet universal. Thus its use in general purpose applications may not yet be advisable. The algorithm is selected using the -t option and key size using the -b option. The following commands illustrate: ssh-keygen -t rsa -b 4096 ssh-keygen -t dsa ssh-keygen -t ecdsa -b 521 ssh-keygen -t ed25519

Copying the Public Key to the Server ( ssh tunnel )

To use public-key authentication, the public key must be copied to a server and installed in an authorized_keys file. This can be conveniently done using the ssh-copy-id tool. Like this: ssh-copy-id -i ~/.ssh/tatu-key-ecdsa user@host Once the public key has been configured on the server, the server will allow any connecting user that has the private key to log in. During the login process, the client proves possession of the private key by digitally signing the key exchange.

Command and Option Summary

Here's a summary of commonly used ssh options to the keygen tool: -b “Bits” This option specifies the number of bits in the key. The regulations that govern the use case for SSH may require a specific key length to be used. In general, 2048 bits is considered to be sufficient for RSA keys. -e “Export” This option allows reformatting of existing keys between the OpenSSH key file format and the format documented in RFC 4716, “SSH Public Key File Format”. -p “Change the passphrase” This option allows changing the passphrase of a private key file with and , . -t “Type” This option specifies the type of key to be created. Commonly used values are: - rsa for RSA keys - dsa for DSA keys - ecdsa for elliptic curve DSA keys -i "Input" When ssh-keygen is required to access an existing key, this option designates the file. -f "File" Specifies the name of the file in which to store the created key. -N "New" Provides a new passphrase for the key. -P "Passphrase" Provides the (old) passphrase when reading a key. -c "Comment" Changes the comment for a key file. -p Change the passphrase of a private key file. -q Silence ssh-keygen. -v Verbose mode. -l "Fingerprint" Print the fingerprint of the specified public key. -B "Bubble babble" Shows a "bubble babble" (Tectia format) fingerprint of a key file. -F Search for a specified hostname in a known_hosts file. -R Remove all keys belonging to a hostname from a known_hosts file. -y Read a private OpenSSH format file and print an OpenSSH public key to stdout. Read the full article

scp で送る方法

scp -i {秘密鍵} -P {sshPort} {送りたいファイル} {user}@{host}:{送信先のpath}

MySQL Connector/NET 8.0.24 has been released

Dear MySQL users, MySQL Connector/NET 8.0.24 is the latest General Availability releaseof the MySQL Connector/NET 8.0 series. This version supports .NET 5.0and the X DevAPI, which enables application developers to write codethat combines the strengths of the relational and document modelsusing a modern, NoSQL-like syntax that does not assume previousexperience writing traditional SQL. To learn more about how to write applications using the X DevAPI, see http://dev.mysql.com/doc/x-devapi-userguide/en/ For more information about how the X DevAPI is implemented inConnector/NET, see http://dev.mysql.com/doc/dev/connector-net NuGet packages provide functionality at a project level. To get thefull set of features available in Connector/NET such as availabilityin the GAC, integration with Visual Studio’s Entity Framework Designerand integration with MySQL for Visual Studio, installation through theMySQL Installer or the stand-alone MSI is required. Please note that the X DevAPI requires at least MySQL Server version8.0 or higher with the X Plugin enabled. For general documentationabout how to get started using MySQL as a document store, see http://dev.mysql.com/doc/refman/8.0/en/document-store.html To download MySQL Connector/NET 8.0.24, see http://dev.mysql.com/downloads/connector/net/ Installation instructions can be found at https://dev.mysql.com/doc/connector-net/en/connector-net-installation.html Changes in MySQL Connector/NET 8.0.24 (2021-04-20, GeneralAvailability) Functionality Added or Changed    * The IgnorePrepare connection-string option was deprecated     in the Connector/NET 8.0.23 release and removed in the     Connector/NET 8.0.24 release.     The removed option instructed Connector/NET to ignore all     calls to MySqlCommand.Prepare() that were made using the     classic MySQL protocol. (Bug #31872906)    * Improved server disconnection handling of X Protocol     connections now creates a log entry and returns an error     message, as needed, after Connector/NET receives a     connection-close notice from the server. Connector/NET     detects three new types of warning notices.      Connection idle notice.  This notice applies to a server     connection that remains idle for longer than the relevant     timeout setting. Connector/NET closes the connection when     it receives the notice in an active session or while a     new session is being created. An attempt to use the     invalid session returns the “Connection closed. Reason:     connection idle too long” error message.      Server shutdown notice.  If a connection-close notice is     received in a session as a result of a server shutdown,     Connector/NET terminates the session with the “Connection     closed. Reason: server shutdown” error message. All other     sessions that are connected to the same endpoint are     removed from the pool, if connection pooling is used.      Connection killed notice.  If the connection being killed     from another client session, Connector/NET closes the     connection when it receives the notice in an active     session or while a new session is being created. An     attempt to use the invalid session returns the     “Connection closed. Reason: connection killed by a     different session” error message.    * If a classic MySQL protocol connection experiences a     server timeout, Connector/NET now reports more precise     disconnection information to affected .NET applications     when the server provides improved error messages.    * Previously, Connector/NET added client support for the     MySQL Enterprise Edition SASL LDAP authentication plugin     with SCRAM-SHA-1 and SCRAM-SHA-256 as authentication     methods. Connector/NET now also supports GSSAPI/Kerberos     as an alternative authentication method for classic MySQL     protocol connections. SASL-based LDAP authentication does     not apply to clients running macOS.    * The SSH Tunneling (port forwarding) feature, which was     added to support MySQL products in making secure     connections on Windows, is no longer needed by other     products. Now, using an alternative such as OCI or     SSH.NET to create a tunnel is preferred. The related     connection options (SshHostName, SshKeyFile,     SshPassPhrase, SshPassword, SshPort, and SshUserName) are     no longer valid when making Connector/NET connections,     starting with this release. Bugs Fixed    * Pound symbols in JSON columns were interpreted improperly     when using accent-sensitive collation. (Bug #32429236)    * Several data types could not be mapped by running     Scaffold-DbContext on valid MySQL tables. This fix     upgrades Microsoft Entity Framework libraries to the     latest and also adds all previously excluded mappings to     the EFCore and EFCore5 projects. (Bug #32424742, Bug     #102381)    * Constructing a regular expression for each read     diminished the performance of Connector/NET. This fix     limits the construction to one instance, which now is     reused. (Bug #32386454, Bug #101714)    * A data table declared using valid database.table syntax     within an Entity Framework model could have extra     database names in the generated query (for example,     database.database.table). (Bug #32358174, Bug #101236)    * Incomplete GUID mapping in the Entity Framework Core     implementation caused an error when the Contains method     was used to filter records. (Bug #32173133, Bug #93398)    * Additional error codes now prevent unexpected exceptions     after a query. Thanks to Stanislav Revin for the patch.     (Bug #32150115, Bug #101592)    * An exception was thrown if any CHAR(36) columns     containing a NULL value were referenced in a query. New     validation now checks for NULL values when the     MySqlDbType member is Guid. (Bug #32049837, Bug #101252) On Behalf of Oracle/MySQL Engineering Team,Tvarita Jain https://insidemysql.com/mysql-connector-net-8-0-24/

scpコマンド

忘れまくるのでメモ

$ scp -i {秘密鍵} -P {sshPort} {送りたいファイル} {user}@{host}:{送信先のpath}

ディレクトリを送るなら-rで。

Forget SSH port

  If you not rememeber your ssh port in whm/cpanel server

you can reset it

https://www.webanchor.net/billing/index.php?rp=/knowledgebase/63/Forget-SSH-port.html

Sabes como Tutorial para configurar un servidor SFTP en Windows

Rebex Tiny SFTP es un servidor SFTP muy simple y sencillo que no necesita ningún tipo de instalación y es compatible con claves DSA y RSA, ideal para autenticarnos contra el servidor SFTP con secreto pública. Está enfocado sobre todo para aquellos usuarios que necesitan configurar rápidamente un servidor SFTP, es compatible con sistemas operativos Microsoft desde Windows XP hasta la última interpretación de Windows 10.

Cómo instalar Rebex Tiny SFTP

Para poder instalar este servidor, lo primero que debemos hacer es ir a la web de oficial de Rebex Tiny SFTP, y descargarnos el archivo comprimido del software. Una vez descargado simplemente debemos descomprimir el archivo.

Cómo configurar el servidor SFTP con Rebex Tiny SFTP

Aunque es opcional, recomendamos que se edite el fichero llamado «RebexTinySftpServer.exe.config» con por ejemplo el software bloc de notas, aunque es recomendable utilizar el software Notepad++. Los t��tulos que podemos modificar en este fichero son los siguientes:

sshPort: Es el puerto TCP con el que se comunica el servidor. El valía predeterminado es 22.

userName: El nombre del becario para iniciar la conexión.

userPassword: La contraseña del becario para iniciar la conexión.

userPublicKeyDir: La carpeta con las claves públicas del becario utilizadas para la autenticación de secreto privada / pública.

userRootDir: La carpeta raíz.

showUserDetailsOnStartup: Si se usa el valía “true”, el nombre de becario y la contraseña se muestran en el servidor.

rsaPrivateKeyFile: Es la ruta al archivo de la secreto privada RSA del servidor.

rsaPrivateKeyPassword: Es la contraseña para el archivo de la secreto privada RSA.

dssPrivateKeyFile: Es la ruta al archivo de la secreto privada DSA del servidor.

dssPrivateKeyPassword: Es la contraseña para el archivo de la secreto privada DSA

autoStart: Si se pone el valía en “true” el servidor se arrancará automáticamente al ejecutar la aplicación.

Y estas serían todas las opciones que podemos configurar en el archivo de configuración.

Puesta en marcha de Rebex Tiny SFTP Server

La primera vez que ejecutamos Rebex Tiny SFTP Server, si no hemos configurado el archivo de configuración veremos la ulterior pantalla.

Vamos a dividir las ventanas en diferentes vistas para detallarlo mejor todo.

Parte derecha

En la parte superior derecha podemos ver los siguientes datos:

Server IP: Nos muestra la IP interna de nuestro servidor.

Server port: Nos muestra el puerto que estamos utilizando en el servidor.

User: Aquí nos muestra el nombre de becario para poder iniciar sesión en el servidor mediante un cliente SFTP.

Password: Aquí nos muestra la contraseña del becario para poder iniciar sesión en el servidor mediante un cliente SFTP.

User public keys: Aquí nos mostraría la ruta donde está sito el archivo de claves públicas.

User root dir: Aquí nos muestra la ruta alrededor de el directorio del becario root del servidor.

Configuration file: Aquí nos muestra la ruta alrededor de el directorio del archivo de configuración del servidor.

Parte izquierda

En la parte superior izquierda podemos ver el nivel de registro (log) que queremos mostrar en el servidor SFTP, o directamente desactivarlo. En esta zona todavía podremos ver un llamador de «Start» si está el servidor SFTP parado, o de «Stop» si tenemos el servidor SFTP funcionando.

Parte inferior

En la parte inferior nos mostrará todo el log de todo lo que ocurre en el servidor, y podemos filtrarlo mediante la selección de «log level» de la ventana superior.

Conclusiones

Estamos frente a un servidor gratis SFTP, muy simple y minimalista. Ideal para uso esporádico o de emergencia, donde podríamos llevarlo en un pendrive y ejecutarlo desde cualquier ordenador. Si buscas un servidor SFTP para emergencias, esta debe ser tu opción sin espacio a dudas.

La entrada Sabes como Tutorial para configurar un servidor SFTP en Windows se publicó primero en El rincon de diego.

Por El rincon de diego