SSH: Difference between revisions

From FyshyWyky
Jump to navigationJump to search
(→‎ssh.fysh.org: pond -> lake)
(→‎Fysh.Org SSH Host Key(s): ECDSA key no longer in service)
 
(13 intermediate revisions by the same user not shown)
Line 2: Line 2:
The primary means of logging into a Fysh.Org [[Shell Accounts|shell account]] is to use a '''[[wikipedia:Secure shell|SSH]]''' client.  This has the advantages of providing an encrypted connection, so no passwords, email etc can be casually snooped by 3rd parties between you and us, and also provides a variety of authentication methods.
The primary means of logging into a Fysh.Org [[Shell Accounts|shell account]] is to use a '''[[wikipedia:Secure shell|SSH]]''' client.  This has the advantages of providing an encrypted connection, so no passwords, email etc can be casually snooped by 3rd parties between you and us, and also provides a variety of authentication methods.


We run the current version in Debian 'stable' of OpenSSH as the server software on [[lake.fysh.org]].  Note that version 1 of the SSH protocol is disabled, so you'll need a client that supports version 2.
We run the current version in Debian 'stable' of OpenSSH as the server software on [[river.fysh.org]].  Note that version 1 of the SSH protocol is disabled, so you'll need a client that supports version 2.


We also have [[wikipedia:SSH file transfer protocol|SFTP]] enabled should you wish to securely copy files to or from [[lake.fysh.org]].
We also have [[wikipedia:SSH file transfer protocol|SFTP]] enabled should you wish to securely copy files to or from [[river.fysh.org]].


= ssh.fysh.org =
= ssh.fysh.org =
Some [[lake.fysh.org]] account holders find themselves behind firewalls that won't allow them to connect directly to external hosts on port 22 which is the default port on which we run SSH.  To work around this problem some Fysh.Org users provide a service where you can connect to ssh.fysh.org on port 443 (normally SSL-encrypted HTTP traffic, and thus allowed by many firewalls) and be forwarded to [[lake.fysh.org]]'s port 22.
Some [[river.fysh.org]] account holders find themselves behind firewalls that won't allow them to connect directly to external hosts on port 22 which is the default port on which we run SSH.  Unfortunately due to the current set-up (only one public IPv4 address) we can't offer to also run SSH on port 443 (https), which offers one way around firewalls.


Simply use the hostname ssh.fysh.org in your SSH client, along with the port 443.
However if you have full IPv6 access we ''do'' offer the SSH service on port 443, along with the default port 22 and additional port 2222.


= Fysh.Org SSH Host Key(s) =
= Fysh.Org SSH Host Key(s) =
Line 19: Line 19:
|-
|-
!Host
!Host
!Key Fingerprint
!Key Type
!MD5 Key Fingerprint
!SHA256 Key Fingerprint
!Comment
!Comment
|-
|-
|pond.fysh.org
|river.fysh.org
|RSA key fingerprint is 20:6e:ff:d9:e1:ec:d5:e7:b1:55:7e:22:78:9a:20:24.
|ed25519
|Last changed 2008-05-13
|eb:cf:67:1c:c6:f5:6f:98:3a:65:49:18:e0:81:38:a6
|uFhV9BxFo83RDGC/0P6aP7GO3yKHlMgQHnsrknVXck8
|In service from Mon 12 Feb 09:44:29 GMT 2018
|-
|-
|lake.fysh.org
|river.fysh.org
|RSA key fingerprint is 61:57:1f:58:7d:c5:f0:ac:38:2e:b9:8f:17:a1:91:6e.
|RSA
|Last changed 2010-03-06
|6c:c8:c7:f3:de:c8:01:c2:d5:5d:82:70:fc:2b:54:85
|}
|N2Q8yXLZWWloRiq1bsuPkpex0laLoXN/EEtZ2Nr3XYk
|New due to 'Heartbleed' bug - In service from 2014-04-12 12:21:00 BST to
|-
|river.fysh.org
|ECDSA
|73:cb:e4:46:49:6f:c6:34:7b:4f:e0:8c:07:4a:4c:ff
|1q2sm3WjvxgJ5ugwhRhcyNjQygq+hdP1UC4AXR7mCj0
|NO LONGER IN SERVICE - as we no longer offer a matching HostKeyAlgorithm.  Was new due to 'Heartbleed' bug - In service from 2014-04-12 12:21:00 BST to 2018-02-13 ~11:20 UTC
|-
|river.fysh.org
|DSA
|9c:f8:b9:07:a8:0e:db:90:21:7e:63:67:38:45:29:d9
|c3/TQP4okhunjKyGtdBZ9ggqr9Yaf7lgID80cjr32Jg
|NO LONGER IN SERVICE. Was new due to 'Heartbleed' bug - In service from 2014-04-12 12:21:00 BST to Mon 12 Feb 09:40:51 GMT 2018 (when it was removed because this key format long since fell out of favour).
|-
|river.fysh.org
|RSA
|77:fe:45:57:27:33:b5:98:ce:9b:dd:74:4b:83:4d:9e
|<not relevant when in use>
|Pre-'Heartbleed' bug - NO LONGER in service from 2014-04-12 12:21:00 BST
|-
|river.fysh.org
|DSA
|b4:6d:27:bc:35:10:48:e2:ea:2e:54:11:73:78:ec:77
|<not relevant when in use>
|Pre-'Heartbleed' bug - NO LONGER in service from 2014-04-12 12:21:00 BST
|-
|river.fysh.org
|ECDSA
|c5:28:32:66:db:86:cd:1a:c3:f9:22:16:8c:12:01:14
|<not relevant when in use>
|Pre-'Heartbleed' bug - NO LONGER in service from 2014-04-12 12:21:00 BST
|-}
 
[[Category:Services]]

Latest revision as of 11:44, 13 February 2018

Introduction

The primary means of logging into a Fysh.Org shell account is to use a SSH client. This has the advantages of providing an encrypted connection, so no passwords, email etc can be casually snooped by 3rd parties between you and us, and also provides a variety of authentication methods.

We run the current version in Debian 'stable' of OpenSSH as the server software on river.fysh.org. Note that version 1 of the SSH protocol is disabled, so you'll need a client that supports version 2.

We also have SFTP enabled should you wish to securely copy files to or from river.fysh.org.

ssh.fysh.org

Some river.fysh.org account holders find themselves behind firewalls that won't allow them to connect directly to external hosts on port 22 which is the default port on which we run SSH. Unfortunately due to the current set-up (only one public IPv4 address) we can't offer to also run SSH on port 443 (https), which offers one way around firewalls.

However if you have full IPv6 access we do offer the SSH service on port 443, along with the default port 22 and additional port 2222.

Fysh.Org SSH Host Key(s)

For reference the fingerprint of keys for hosts you may connect to are:

Fysh.Org SSH Host Keys
Host Key Type MD5 Key Fingerprint SHA256 Key Fingerprint Comment
river.fysh.org ed25519 eb:cf:67:1c:c6:f5:6f:98:3a:65:49:18:e0:81:38:a6 uFhV9BxFo83RDGC/0P6aP7GO3yKHlMgQHnsrknVXck8 In service from Mon 12 Feb 09:44:29 GMT 2018
river.fysh.org RSA 6c:c8:c7:f3:de:c8:01:c2:d5:5d:82:70:fc:2b:54:85 N2Q8yXLZWWloRiq1bsuPkpex0laLoXN/EEtZ2Nr3XYk New due to 'Heartbleed' bug - In service from 2014-04-12 12:21:00 BST to
river.fysh.org ECDSA 73:cb:e4:46:49:6f:c6:34:7b:4f:e0:8c:07:4a:4c:ff 1q2sm3WjvxgJ5ugwhRhcyNjQygq+hdP1UC4AXR7mCj0 NO LONGER IN SERVICE - as we no longer offer a matching HostKeyAlgorithm. Was new due to 'Heartbleed' bug - In service from 2014-04-12 12:21:00 BST to 2018-02-13 ~11:20 UTC
river.fysh.org DSA 9c:f8:b9:07:a8:0e:db:90:21:7e:63:67:38:45:29:d9 c3/TQP4okhunjKyGtdBZ9ggqr9Yaf7lgID80cjr32Jg NO LONGER IN SERVICE. Was new due to 'Heartbleed' bug - In service from 2014-04-12 12:21:00 BST to Mon 12 Feb 09:40:51 GMT 2018 (when it was removed because this key format long since fell out of favour).
river.fysh.org RSA 77:fe:45:57:27:33:b5:98:ce:9b:dd:74:4b:83:4d:9e <not relevant when in use> Pre-'Heartbleed' bug - NO LONGER in service from 2014-04-12 12:21:00 BST
river.fysh.org DSA b4:6d:27:bc:35:10:48:e2:ea:2e:54:11:73:78:ec:77 <not relevant when in use> Pre-'Heartbleed' bug - NO LONGER in service from 2014-04-12 12:21:00 BST
river.fysh.org ECDSA c5:28:32:66:db:86:cd:1a:c3:f9:22:16:8c:12:01:14 <not relevant when in use> Pre-'Heartbleed' bug - NO LONGER in service from 2014-04-12 12:21:00 BST