SSHD: Effective Values of Keywords

By default, the sshd service uses the configuration file /etc/ssh/sshd_config. There the service can be configured in detail using keyword/value pairs. There are around 80 such keywords (depending on the SSH version). If a keyword is not listed in the configuration file, then a default value applies. However, this can depend on the version of SSH used. Then it is not always clear what value a certain keyword has. But that can be found out very easily with the help of sshd itself! There is an “extended test mode” for this, which can be started with the “-T” option. Sshd then checks the validity of the current configuration, prints the effective configuration, and then exits:

# sshd -T
port 22
addressfamily inet
listenaddress 0.0.0.0:22
usepam yes
logingracetime 120
x11displayoffset 10
x11maxdisplays 1000
maxauthtries 6
maxsessions 1024
clientaliveinterval 60
clientalivecountmax 3
streamlocalbindmask 0177
permitrootlogin forced-commands-only
…
#

Root privileges are required.

This makes it very easy to determine the effective value of any keyword.

History Expansion bash

Drawing Shell

Many AIX and UNIX users use bash as their preferred shell. Navigating in the history with the cursor keys is certainly used countless times a day by all users. As long as the interesting commands are only a short time ago, this works very well. However, for commands longer in the past, access using the cursor keys is relatively time-consuming. Who wants to press the cursor keys 50 times to access a command?

The bash history expansion mechanism offers a much more efficient option here. Previous commands can be accessed using the history expansion character “!“. The commands can be specified in different ways:

    • The number of the command: !31
    • The nth previous command: !-n (e.g. !-3 for the third last command)
    • The last command that begins with a specific character string: !ca
    • The last command that has a specific character string anywhere: !?ca

However, the possibilities of the bash are far from exhausted. You can specifically access individual arguments of a previous command and even make changes.

Here are a few of those options:

    • !! (run the last command again)
    • ^op^art (run the last command again, but replace “op” with “art“)
    • cat !?sam?:% (run the cat command on the last argument containing the string “sam“)
    • vi !$ (Run vi on the last argument of the last command)

A description of these and other bash options can be found here:

The bash History Expansion

Removal of Host-Key from ~/.ssh/known_hosts

Occasionally, a host key is changed on a host, either manually or possibly automatically through an update of OpenSSH. When you log in via ssh to the host in question you will get the following message:

$ ssh aix01
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
SHA256:xYglDF3cuHCCrxtbFUbpofpmhNs9MiO114vAT4qVX2M.
Please contact your system administrator.
Add correct host key in /home/as/.ssh/known_hosts to get rid of this message.
Offending RSA key in /home/as/.ssh/known_hosts:2
RSA host key for aix01 has changed and you have requested strict checking.
Host key verification failed.
$

Now many administrators use vi (or another editor) to remove the entry with the old host key from the known_hosts file. The line number of the corresponding entry is given in the output above, /home/as/.ssh/known_hosts:2 means the entry is in line 2 of the file.

It is much easier to remove the obsolete host key using the ssh-keygen command and the “-R” (remove) option:

$ ssh-keygen -R aix01
# Host aix01 found: line 2
/home/as/.ssh/known_hosts updated.
Original contents retained as /home/as/.ssh/known_hosts.old
$ 

The command creates a copy of the file, with the extension “.old” and removes the desired entry. This is much easier than using an editor!

If you want to know if a host key for a system already exists in the known_hosts, there is the option “-F” (find) for this purpose:

$ ssh-keygen -F aix02
# Host aix02 found: line 49 
aix02,192.168.178.49 ssh-rsa AAAAB3NzaC1yc2E...
$

The public host key and the line for the system are shown.