vaporup / ssh-tools Goto Github PK

Making SSH more convenient

License: GNU General Public License v3.0

Shell 51.96% Perl 48.04%

ssh-tools's Introduction

Moved  : https://codeberg.org/vaporup/ssh-tools
Reason : https://github.blog/2023-03-09-raising-the-bar-for-software-security-github-2fa-begins-march-13/

`ssh-tools`

Making SSH more convenient

ssh-ping

Check if host is reachable using ssh_config

Outputs Reply from when server is reachable but login failed
Outputs Pong from when server is reachable and login was successful

$ ssh-ping -c 3 kim

SSHPING kim
Reply from kim: ssh_seq=1 time=109 ms
Reply from kim: ssh_seq=2 time=136 ms
Reply from kim: ssh_seq=3 time=141 ms

--- kim ping statistics ---
3 requests transmitted, 3 requests received, 0% request loss

TAB Completions

Ubuntu (and maybe other distros) ship completions for ssh which can be re-used:

Bash

complete -F _known_hosts ssh-ping

Zsh

compdef _ssh_hosts ssh-ping

Fish

complete -c ssh-ping -a "(__fish_print_hostnames)"

ssh-last

Like last but for SSH sessions

# ssh-last

LOGIN            LOGOUT           DURATION   USER   HOST         PORT   AUTH_ID
Aug 14 03:45:34  Aug 14 03:48:06  00:02:32   swick  JumpHost     40548  (C) swick@company
Aug 26 22:20:02  Aug 26 22:20:02  00:00:00   swick  192.168.1.5  48856  (?) password
Oct 14 13:43:49  Oct 14 13:44:29  00:00:40   root   192.168.1.5  45828  (K) [email protected]
Nov 02 12:16:58  still logged in  241:22:12  swick  192.168.1.5  59198  (K) SSHFS Mount

More info at the docs

ssh-certinfo

Shows validity and information of SSH certificates

$ ssh-certinfo ~/.ssh/*.pub

/home/vaporup/.ssh/id_rsa-cert.pub  SSH_CERT_VALID    forever              ->  forever
/home/vaporup/.ssh/test1-cert.pub   SSH_CERT_INVALID  2038-01-19T04:14:07  ->  2038-01-19T04:14:07
/home/vaporup/.ssh/test2-cert.pub   SSH_CERT_EXPIRED  1988-11-14T13:36:40  ->  1991-08-11T14:36:40

$ ssh-certinfo -v ~/.ssh/*.pub

/home/vaporup/.ssh/id_rsa-cert.pub:
        Type: [email protected] user certificate
        Public key: RSA-CERT SHA256:Mm7o312345YEaWetVshTBslX48h0XJceLWzxx3RugDg
        Signing CA: RSA SHA256:4fcOpOm/Xk12345mYnihk0cr6SdjghPgONxriMJex+A
        Key ID: "vaporup"
        Serial: 0
        Valid: forever
        Principals: (none)
        Critical Options: (none)
        Extensions:
                permit-X11-forwarding
                permit-agent-forwarding
                permit-port-forwarding
                permit-pty
                permit-user-rc

ssh-force-password

Enforces password authentication (as long as the server allows it).
It became quite annoying googling the SSH options for this every time.
e.g. used to skip key-based login for password testing.

$ ssh-force-password kim

vaporup@kim's password:

ssh-keyinfo

Prints keys in several formats

$ ssh-keyinfo ~/.ssh/*.pub

(RSA)  2048     MD5 40:52:aa:14:a5:9a:fe:b5:96:c0:d2:dc:99:f1:a5:77  /home/vaporup/.ssh/id_rsa.pub
(RSA)  2048  SHA256 V4F6ipY4gG83sQGM0eRk0+g1RWE9K4asDUj1jFpCa48      /home/vaporup/.ssh/id_rsa.pub

ssh-hostkeys

Prints server host keys in several formats

$ ssh-hostkeys kim

  (ECDSA)   256     MD5 3d:8e:49:6e:40:34:c6:e4:c8:5f:60:d9:ad:bf:1f:b9
  (ECDSA)   256  SHA256 txYpmPENBWolKBaA5EkCM/y1Hm2DP81jtABFrWUBf/c
(ED25519)   256     MD5 a8:93:71:f9:13:d0:32:02:c0:e5:1e:f6:b9:db:8c:b0
(ED25519)   256  SHA256 JZMLzNS2ifdGYv2SrqDodz7+/qaRCTBPukaCnMQqbX8
    (RSA)  2048     MD5 8b:37:63:cd:58:fd:9c:18:93:08:3a:4c:84:64:87:91
    (RSA)  2048  SHA256 WkOzD8BaeljejgTTAwECkByyb4kHdI0pnJB2/gcS1Lk

ssh-facts

Get some facts about the remote system

$ ssh-facts kim

OS=ubuntu
OS_VERSION=16.04
UPTIME=7 days, 22 hours, 25 minutes
LAST_REBOOT=Dec 20 19:34:27 2018
CPU_CORES=2
CPU_SOCKETS=2
HOSTNAME=kim
KERNEL_NAME=Linux
MACHINE=x86_64
MACHINE_TYPE=virtual_by_kvm
MEMORY=4045996
INIT=systemd
LSB_CODENAME=xenial
LSB_DESCRIPTION=Ubuntu 16.04.5 LTS
LSB_ID=Ubuntu
LSB_RELEASE=16.04

ssh-diff

Diff a file over SSH

$ ssh-diff /etc/hosts kim

Comparing kim:/etc/hosts (<) with /etc/hosts (>)

1,2c1,2
< 127.0.0.1 localhost
< 127.0.1.1 kim
---
> 127.0.0.1 localhost
> 127.0.1.1 blinky

ssh-version

Shows version of the SSH server you are connecting to

$ ssh-version kim

Remote protocol version 2.0, remote software version OpenSSH_7.2p2 Ubuntu-4ubuntu2.6

Packages

ssh-tools's People

Contributors

Stargazers

Watchers

ssh-tools's Issues

wish: print server host keys in several formats

ssh-hostkeys foo.tld

output

RSA 2048  40:12:ab:be:ef
RSA 2048 Azqerq
ECDSA 256 13:24:ca:fe
ECDSA 256 Rwosw

So check for several hostkeys, print them in various formats.

Use case:
Having hostkey in one format and being able to verify with other format upon first connection with SSH-client that shows other format.

ssh-ping mit Autovervollständigung

Hallo Verdampfen,

Kann du bitte in SSH-Ping von den SSH-Config die Hosts Eintrage nehmen wie auch von der known_hosts Datei?
War mega, wenn dies gehen würde.

Update explorers in ssh-facts

https://code.ungleich.ch/ungleich-public/cdist/tree/master/cdist/conf/explorer

ssh-ping works fine between two linux boxes, but attempting to use it with Dell iDRACs (and various other IoT sorts of devices) it fails. This is because IoT level devices often do not provide a full environment, and ssh-ping expects to login and echo "pong" ... so while connectivity is available (ssh works) the ssh-ping fails.

idrac9 for example provides ping and trace route, but no echo. So

ssh -o BatchMode=yes -o CheckHostIP=no -o StrictHostKeyChecking=no -o HashKnownHosts=no -o ConnectTimeout=16 idrac40 echo pong that is, it attempts to login to the idrac (which works) and execute echo which can't.

So reworking how ssh-ping works, to extract the names from .ssh/config and actually using ping would be much more generally useful than using ssh to execute "echo pong".

Use ANSI Escape Codes instead of tput

The colors don't work on some BSD systems when using tput

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=210858

Replace tput with ANSI Escape Codes for the colors:

https://stackoverflow.com/questions/5947742/how-to-change-the-output-color-of-echo-in-linux
https://www.shellhacks.com/bash-colors/

https://misc.flogisoft.com/bash/tip_colors_and_formatting

    RED='\033[0;91m'
  GREEN='\033[0;92m'
 YELLOW='\033[0;93m'
   BLUE='\033[0;94m'
MAGENTA='\033[0;95m'
   CYAN='\033[0;96m'
  WHITE='\033[0;97m'
   BOLD='\033[1m'
  RESET='\033[0m'

Feature proposal: ssh-ping command should have an option to turn off output colors.

Currently ssh-ping command has no switch to turn off colors.

ssh-ping --help

Usage: ssh-ping [OPTIONS] [user@]hostname

OPTIONS:

    -4             Use IPv4 only
    -6             Use IPv6 only
    -c count       Stop after sending <count> request packets
    -F configfile  Specifies an alternative per-user configuration file.
                   If a configuration file is given on the command line,
                   the system-wide configuration file ( /etc/ssh/ssh_config ) will be ignored.
                   The default for the per-user configuration file is ~/.ssh/config.
    -h             Show this message
    -i interval    Wait <interval> seconds between sending each request.
                   The default is 1 second.
    -l user        Try login with <user> as username. The default is $USER.
    -D             Print timestamp (unix time + microseconds as in gettimeofday) before each line
    -H             Print timestamp (human readable) before each line
    -W timeout     Time to wait for a response, in seconds
    -p port        Port to connect to on the remote host.
                   This can be specified on a per-host basis in the configuration file.
    -q             Quiet output.
                   Nothing is displayed except the summary lines at startup time and when finished
    -v             Verbose output

Please add new option to turn off all colors etc ansi-escape codes.

Light colors e.g. yellow are difficult to distinguish when using light terminal background
Parsing of the command output is easier

ssh-ping Timout (-W) not working on ssh-tools (tested with 1.6 and 1.7)

Dear Developer(s),
thanks for the ssh tools, it was almost exactly what I am searching for.
Unfortunately the ssh-ping timeout option -W does not work for me:

$ ssh-ping -v -W 1 duck.com
SSHPING duck.com
SSH_FLAGS:
SSH_OPTS: -o BatchMode=yes -o CheckHostIP=no -o StrictHostKeyChecking=no -o HashKnownHosts=no -o ConnectTimeout=1

Then its stuck forewer, since duck.com is not responding
Also happening to non existent hosts:

~$ ssh-ping -v -W 1 xxxx
SSHPING xxxx
SSH_FLAGS:
SSH_OPTS: -o BatchMode=yes -o CheckHostIP=no -o StrictHostKeyChecking=no -o HashKnownHosts=no -o ConnectTimeout=1

Tested with:

1.6 from my linux installation,
1.7 freshly downloaded from this repository.

May be I will have time to investigate little bit further. Just wanted to share this with you.

thanks,

redd