ssh -Q key not listing all key types?

I am having some problems with understanding which types of host keys my SSH daemon actually provides or supports (stock debian buster, sshd 7.9.p1). From the manual (man sshd_config):

 HostKeyAlgorithms
         Specifies the host key algorithms that the server offers.  The default for this option is:

            ecdsa-sha2-nistp256-cert-v01@openssh.com,
            ecdsa-sha2-nistp384-cert-v01@openssh.com,
            ecdsa-sha2-nistp521-cert-v01@openssh.com,
            ssh-ed25519-cert-v01@openssh.com,
            rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,
            ssh-rsa-cert-v01@openssh.com,
            ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
            ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa

         The list of available key types may also be obtained using "ssh -Q key".

Please note the last line. When following the advice given there:

root@odysseus /var/log # ssh -Q key
ssh-ed25519
ssh-ed25519-cert-v01@openssh.com
ssh-rsa
ssh-dss
ecdsa-sha2-nistp256
ecdsa-sha2-nistp384
ecdsa-sha2-nistp521
ssh-rsa-cert-v01@openssh.com
ssh-dss-cert-v01@openssh.com
ecdsa-sha2-nistp256-cert-v01@openssh.com
ecdsa-sha2-nistp384-cert-v01@openssh.com
ecdsa-sha2-nistp521-cert-v01@openssh.com

I’ve got two questions:

  1. As an example, the man page states that rsa-sha2-256 is part of the default for HostKeyAlgorithms. But this string does not appear in the output of ssh -Q key.

    How does this fit together? How can something be a default which even doesn’t exist?

    The above example implies that ssh-rsa might be insecure, because it doesn’t have sha2 in its name, and thus might be sha1 or even md5 based (of course, my host keys are actually created by ssh-keygen with sha2-256 fingerprint, so that actually can’t be a problem, but I’d like to understand those key type names nevertheless).

  2. What does the string -cert-v01@openssh.com in some of the algorithm type names mean? Are these the types for certificate-based authentication?

linux – GUI access possible for subscription website with only ssh access to a NAS in this IP range?

I need access to some data on a website X.
This website contains data as downloadable files and also as browsable pages.

My university pays for access to this website, I do not. This allows access to both downloadable data files and the browser pages.

I work remote, and do not have this university based access.
However, I do have access to a NAS at my university research group.

Using this access to the NAS, I am able to connect, on the terminal, from my local machine to my university NAS via ssh, and then using my university’s subscription, have successfully download files from website X simply using wget. And then transfer these, in turn, from the NAS to my local machine, using scp. No problem thus far.

Here is the help I seek:
Is it possible to browse webpages of site X, from my local machine, as I would on my local machine’s browser, just via ssh on terminal? Perhaps using X terminal? Or via some other way that allows GUI despite my remote and bridged (i.e. via intermediate NAS) connection?

Sorry if some of my terminologies are wrong – cuz I’m not a network person, I hope you’ll pardon these. And please feel free to really dumb down your answer 🙂

Thanks in advance!

SSH into raspberry pi on WAN side of router

can anyone help me figure out how to SSH into my raspberry pi in the following situation? I have an android phone using easytether connected via usb to the pi, then I connected the pi via ethernet to my wireless router’s WAN port. I am unable to figure out how to SSH into the pi on the WAN side of the router from a PC on the LAN side. Do I need to setup a reverse tunnel or port forwarding? I cannot get it to work.

enter image description here

ssh – Cannot enter password automatically in Terminal PuTTY plink command to connect CentOS 7 in Windows

I want to connect CentOS 7 in Windows Terminal, when I use command:

ssh root@192.168.50.160

The arrow keys works well, but ssh command can’t enter password automatically.

So, I use PuTTY plink command like this:

plink -ssh 192.168.50.160 -l root -pw password

But the arrow keys are not working.

How to fix this? Or is there another way to connect to Linux can enter password automatically in Windows Terminal?

SSH tunnel attempt. Unable to establish SSH connection without actual shell. (Arch Linux)

So I’m trying to figure out how to establish a tunnel, but nothing else. I don’t want the user to have shell access.

I found this ssh tunneling only access

Is this information outdated or something? Everytime I try to login through ssh where I’ve set the shell of the user to /usr/(s)bin/nologin, or /bin/false, bin/true, etc.,

instead of saying:

This account is currently not available.

it says:

Permission denied, please try again.

Password is correct. I know this with absolute certainty because I typed it out and then pasted it into the console to make sure there were no mistakes. Changing the user’s shell back to nologin and trying to reconnect with the same password that worked with an actual shell still in the clipboard it said Permission denied.

I’ve tried putting ForcedCommand internal-sftp in the config file, but that didn’t do anything either.

I’ve tried using one those scripts I found from searching to make a fakesh and set the user’s shell to that, but ssh doesn’t accept that either. The only way to make it work is to set the user to an actual shell. What is going on here?

ssh – kex_exchange_identification: Connection closed by remote host

Trying to connect to web servers running on Centos 7 via jump server, earlier this connection used to work fine without any problems, but not sure now what went wrong.

Following is the status

$ ssh -vvv abc@JUMP_SERVER_IP -J 10.10.0.5 -i .ssh/id_rsa_iit
OpenSSH_8.2p1 Ubuntu-4ubuntu0.2, OpenSSL 1.1.1f  31 Mar 2020
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug2: resolve_canonicalize: hostname JUMP_SERVER_IP is address
debug1: Setting implicit ProxyCommand from ProxyJump: ssh -vvv -W '[%h]:%p' 10.10.0.5
debug1: Executing proxy command: exec ssh -vvv -W '[JUMP_SERVER_IP]:22' 10.10.0.5
debug1: identity file .ssh/id_rsa_iit type 0
debug1: identity file .ssh/id_rsa_iit-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.2
OpenSSH_8.2p1 Ubuntu-4ubuntu0.2, OpenSSL 1.1.1f  31 Mar 2020
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug2: resolve_canonicalize: hostname 10.10.0.5 is address
debug2: ssh_connect_direct
debug1: Connecting to 10.10.0.5 [10.10.0.5] port 22.
debug1: connect to address 10.10.0.5 port 22: Connection timed out
ssh: connect to host 10.10.0.5 port 22: Connection timed out
kex_exchange_identification: Connection closed by remote host

tunneling – SSH reverse tunnels: can the intermediate server eavesdrop on an SSH session?

Suppose there are three computers: (1) my laptop, (2) a server that has a public static IP address, and (3) a Raspberry Pi behind a NAT. I connect from (1) to (3) via (2) as explained below.

On the server (2), I add GatewayPorts yes to /etc/ssh/sshd-config, and restart the SSH daemon: sudo systemctl reload sshd.service.

On the Raspberry Pi, I create a reverse SSH tunnel to the server:

rpi$ ssh -R 2222:localhost:22 username-on-server@server-ip-address

On my laptop, I am now able to connect to the Raspberry Pi using:

laptop$ ssh -p 2222 username-on-pi@server-ip-address

The question is: is the server able to see the data sent between my laptop and the Raspberry Pi? Can the server eavesdrop on the SSH session between my laptop and the Raspberry Pi?

Is it possible to run a command (like “code ./foldername) on my ssh connection and have that command do something on the host (e.g. open vscode)?

When I ssh into my remote server and want to open something in vscode, I cannot do so from the command line. Obviously that makes sense because the code command runs on the remote server which has no idea about the host.

When running code from a vscode integrated terminal using the ssh plugin will however open another vscode window for that remote folder.

It would be great if I could find a way to launch vscode from a normal terminal window over ssh. Does such a thing exist?

DreamProxies - Cheapest USA Elite Private Proxies 100 Private Proxies 200 Private Proxies 400 Private Proxies 1000 Private Proxies 2000 Private Proxies ExtraProxies.com - Buy Cheap Private Proxies Buy 50 Private Proxies Buy 100 Private Proxies Buy 200 Private Proxies Buy 500 Private Proxies Buy 1000 Private Proxies Buy 2000 Private Proxies ProxiesLive Proxies-free.com New Proxy Lists Every Day Proxies123