======SSH======
=====Install SSH Server=====
In Ubuntu 16.04, you can install SSH server with
<code>sudo apt-get install openssh-server</code>
You can ensure it starts at boot with
<code>systemctl enable ssh.socketv</code>
=====SSH Key Generation=====
To generate an RSA key pair to work with version 2 of the protocol, type the following command at a shell prompt. Accept the default file location of ~/.ssh/id_rsa. Good security practice dictates that you should enter a password that is unique.
<code>ssh-keygen -t rsa</code>
The public key is written to ~/.ssh/id_rsa.pub. The private key is written to ~/.ssh/id_rsa. Never distribute your private key to anyone.

Change the permissions of the .ssh directory using the following command:
<code>chmod 755 ~/.ssh</code>
Copy the contents of ~/.ssh/id_rsa.pub into the file ~/.ssh/authorized_keys on the machine to which you want to connect. If the file ~/.ssh/authorized_keys exist, append the contents of the file ~/.ssh/id_rsa.pub to the file ~/.ssh/authorized_keys on the other machine. An easy way to do this is by using the <code>ssh-copy-id</code> command as follows
<code>ssh-copy-id -i ~/.ssh/id_rsa.pub username@target.example.com</code>
Change the permissions of the authorized_keys file using the following command:
<code>ssh username@target.example.com 'chmod 644 ~/.ssh/authorized_keys'</code>

=====Run Single Command Remotely=====
<code>ssh username@target.example.com 'ls -l'</code>
=====Run Multiple Commands Remotely=====
<code>ssh username@target.example.com 'ls -l; ps -aux; whoami'</code>
=====Run Single Command Remotely and Interactively=====
Note the -t flag. That tells SSH that you'll be interacting with remote shell. Without the -t flag, <code>top</code> will return results after which SSH will log you out of the remote host immediately. With the -t flag, SSH keeps you logged in until you exit the interactive command. The -t flag can be used with most interactive commands, including text editors like pico and vi. 
<code>ssh -t username@target.example.com 'top'</code>
=Run Command With Single Quotes=
When running remote SSH commands, you may need to escape quotes. Replace ' with '"'"'
<code>'s/%//g'</code>
With
<code>sed '"'"'s/%//g'"'"'</code>

=====Connect to Host Without Checking Keys=====
While this is dangerous, it can be useful when running some data gathering scripts on a trusted network.
<code>ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no username@target.example.com 'ls -l'</code>
=====List SSH Fingerprint=====
If you want to see the fingerprint that you see first time you connect to a server, run this command
<code>ssh-keygen -lf /etc/ssh/ssh_host_rsa_key.pub</code>
You may also need the following command (but probably not)
<code>ssh-keygen -lf /etc/ssh/ssh_host_key.pub</code>
To list the key in the format shown by PuTTY, use
<code>ssh-keygen -l -E md5 -f /etc/ssh/ssh_host_rsa_key.pub</code>
Show all
<code>for file in /etc/ssh/*_key.pub; do ssh-keygen -lf $file; done</code>

Determine the fingerprint of the RSA host key
<code>ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub</code>

Determine the fingerprint of the ED25519 host key
<code>ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub</code>

Determine the fingerprint of the ECDSA host key
<code>ssh-keygen -l -f /etc/ssh/ssh_host_ecdsa_key.pub</code>

=====Fix SSH Key Generation Problem in CentOS 6=====
By default, CentOS 6.0 and some later releases of 6.x, SELinux interferes with the root user's ability to generate SSH keys. To fix the problem, run the following commands as the root user.
<code>chcon -t ssh_home_t ~/.ssh</code>
=====Fix Remote Root Login on CentOS 6=====
By default, CentOS 6.0 and some later releases of 6.x, SELinux prevents the root user from logging into a system using SSH. This is because of SELinux attributes on the <code>/root/.ssh/authroized_keys</code> file. I believe this is due to the policy in <code>/etc/selinux/targeted/contexts/users/root</code>. To fix this, we just run the following command.
<code>restorecon -R -v /root/.ssh</code>
=====Restrict Users and Groups from Login=====
To only allow a specific list of users and groups to login, add the following to <code>/etc/ssh/sshd_config</code>
<code>AllowUsers user1 user2</code>
<code>AllowGroups group1 group2</code>
=====Block Users and Groups from Login=====
To allow all users to login except for a specific list, add the following to <code>/etc/ssh/sshd_config</code>
<code>DenyUsers user1 user2</code>
<code>DenyGroups group1 group2</code>
=====Fix Logon Delay=====
You may find that when connecting to a SSH server, the password prompt takes a long time to appear. Try setting the following line at the bottom of <code>/etc/ssh/sshd_config</code>
<code>GSSAPIAuthentication no</code>
Then restart the sshd server with the following command
<code>service sshd restart</code>
If that doesn't work, try adding the following the bottom of <code>/etc/ssh/sshd_config</code>
<code>UseDNS no</code>
=====Extract Public Key=====
<code>chmod 600 private.pem</code>
<code>ssh-keygen -f private.pem -y > public.pub</code>

===== Copy over Public Key =====
To enable passwordless login, you must copy over your public key to the other sever
<code>ssh-copy-id remote_username@server_ip_address</code>
===== Ignore Warning =====
<code>ssh -q -o "StrictHostKeyChecking no" admin@192.168.1.1</code>
===== ByPass Legacy Ciphers =====
I had to do this to access a Cisco switch.

Add the following to the SSH command.

<code>-oKexAlgorithms=+diffie-hellman-group1-sha1</code>

You can also add the following to ''.ssh/config''
<code>Host x.x.x.x
    KexAlgorithms +diffie-hellman-group1-sha1</code>
    
=====Unable to Negotiate  =====
I found the following when trying to SSH from Ubuntu 22.04.4 to Palo Alto Networks Firewall running PAN-OS 11.0.0
<code>Unable to negotiate with <IP> port 22: no matching host key type found. Their offer: ssh-rsa,ssh-rsa,ssh-rsa</code>

To make it work, I had to add the following at the end of the SSH command in Ubuntu
<code>-o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedAlgorithms=+ssh-rsa</code>