SlideShare une entreprise Scribd logo

OpenSSH tricks

Assem CHELLI
Assem CHELLI

Some useful tricks using OpenSSH

Technologie
1  sur  55
Télécharger pour lire hors ligne
. . OpenSSH tricks Assem Chelli assem.ch@gmail.com (@assem_ch) Hacknowledge Contest Algeria 2013 . Assem Chelli OpenSSH tricks . . . . .
. What is SSH? SSH: Secure SHell, a Network protocol Created by Tatu Ylonen (1995) Secure logging into remote computer Public key authentication (!Password), Authentication of the server (!MAN-IN-THE-MIDDLE ) Encryption, Integrity more features: Stream Compression Port forwarding X11 sessions forwarding File transfer . Assem Chelli OpenSSH tricks . . . . .
. WHY SSH IS SO IMPORTANT? IP spoofing IP source routing DNS spoofing Password sniffing Manipulation of transfer data Atack on X11 (sniffing on authorization) . Assem Chelli OpenSSH tricks . . . . .
. Install Open SSH SSH is so resricted , OPEN SSH is free! openssh-client , openssh-server sudo apt-get install openssh-client openssh-server sudo yum install openssh-client openssh-server WINDOWS: download & install PuTTY http://www.chiark.greenend.org.uk/ sgtatham/putty/ . Assem Chelli OpenSSH tricks . . . . .
. Basic SSH usage Remote login ssh hostname ssh -l user hostname ssh user@hostname cd:41:70:30:48:07:16:81:e5:30:34:66:f1:56:ef:db RSA key fingerprint —> yes / no (Public Key authentification) host’s password: _______ (Password authentification) known hosts ~/.ssh/known_hosts . Assem Chelli OpenSSH tricks . . . . .
. Basic SSH usage Remote login ssh hostname ssh -l user hostname ssh user@hostname cd:41:70:30:48:07:16:81:e5:30:34:66:f1:56:ef:db RSA key fingerprint —> yes / no (Public Key authentification) host’s password: _______ (Password authentification) known hosts ~/.ssh/known_hosts . Assem Chelli OpenSSH tricks . . . . .
. Omar in the middle! let’s play SERVER role! We put Server offline Someone fix his IP as the same IP of server Now try login again ssh host @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that the RSA host key has just been changed. . Assem Chelli OpenSSH tricks . . . . .
. Omar in the middle! let’s play SERVER role! We put Server offline Someone fix his IP as the same IP of server Now try login again ssh host @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that the RSA host key has just been changed. . Assem Chelli OpenSSH tricks . . . . .
. SSH replaces telnet. ssh host.domena.pl ssh user@host.domena.pl ssh -l user host.domena.pl . Assem Chelli OpenSSH tricks . . . . .
. SSH replaces FTP. sftp host.domena.pl sftp> dir . Assem Chelli OpenSSH tricks . . . . .
. SSH replaces r-command . rexec ssh host "cat /etc/passwd" rlogin ssh user@host rcp scp file host.domena.pl . Assem Chelli OpenSSH tricks . . . . .
. Executing commands remotely ssh host netstat ssh host "ls -C /bin" ssh host “cat /etc/passwd” ssh host “vi /tmp/foo ” ssh -t host vi /tmp/foo . Assem Chelli OpenSSH tricks . . . . .
. Executing commands remotely ssh host netstat ssh host "ls -C /bin" ssh host “cat /etc/passwd” ssh host “vi /tmp/foo ” ssh -t host vi /tmp/foo . Assem Chelli OpenSSH tricks . . . . .
. Redirecting commands input and output ssh host "ls /bin | grep -i rm" ssh host "ls /bin" | grep -i rm ssh host "cat /etc/passwd" > remote_passwd ssh host "psql billing" < billing.sql | grep -v ^INFO . Assem Chelli OpenSSH tricks . . . . .
. Redirecting commands input and output ssh host "ls /bin | grep -i rm" ssh host "ls /bin" | grep -i rm ssh host "cat /etc/passwd" > remote_passwd ssh host "psql billing" < billing.sql | grep -v ^INFO . Assem Chelli OpenSSH tricks . . . . .
. File transfer scp scp [user1@]host1:/path/to/source/file [user2@]host2:/path/to/destination/file scp -r sftp sftp host sftp> cd /usr/share/games sftp> ls sftp> lcd /tmp get c* quit tar-over-ssh ssh host "cd /usr/share/games ; tar cf - ./a*" | > (cd /tmp ; tar xpvf -) rsync rsync -ve ssh host:/bin/c* /tmp . Assem Chelli OpenSSH tricks . . . . .
. Public Keys Generate a public key ssh-keygen -t rsa cat ~/.ssh/id_rsa.pub Authentification ssh-add -l Restrictions cat ~/.ssh/authorized_keys . Assem Chelli OpenSSH tricks . . . . .
. Default Config Files and SSH Port /etc/ssh/sshd_config - OpenSSH server configuration file. /etc/ssh/ssh_config - OpenSSH client configuration file. ~/.ssh/ - Users ssh configuration directory. ~/.ssh/authorized_keys - Lists the public keys (RSA or DSA) that can be used to log into the users account /etc/nologin - If this file exists, sshd refuses to let anyone except root log in. /etc/hosts.allow and /etc/hosts.deny : Access controls lists that should be enforced by tcp-wrappers are defined here. SSH default port : TCP ?? . Assem Chelli OpenSSH tricks . . . . .
. Default Config Files and SSH Port /etc/ssh/sshd_config - OpenSSH server configuration file. /etc/ssh/ssh_config - OpenSSH client configuration file. ~/.ssh/ - Users ssh configuration directory. ~/.ssh/authorized_keys - Lists the public keys (RSA or DSA) that can be used to log into the users account /etc/nologin - If this file exists, sshd refuses to let anyone except root log in. /etc/hosts.allow and /etc/hosts.deny : Access controls lists that should be enforced by tcp-wrappers are defined here. SSH default port : TCP ?? . Assem Chelli OpenSSH tricks . . . . .
. Default Config Files and SSH Port /etc/ssh/sshd_config - OpenSSH server configuration file. /etc/ssh/ssh_config - OpenSSH client configuration file. ~/.ssh/ - Users ssh configuration directory. ~/.ssh/authorized_keys - Lists the public keys (RSA or DSA) that can be used to log into the users account /etc/nologin - If this file exists, sshd refuses to let anyone except root log in. /etc/hosts.allow and /etc/hosts.deny : Access controls lists that should be enforced by tcp-wrappers are defined here. SSH default port : TCP ?? . Assem Chelli OpenSSH tricks . . . . .
. Default Config Files and SSH Port /etc/ssh/sshd_config - OpenSSH server configuration file. /etc/ssh/ssh_config - OpenSSH client configuration file. ~/.ssh/ - Users ssh configuration directory. ~/.ssh/authorized_keys - Lists the public keys (RSA or DSA) that can be used to log into the users account /etc/nologin - If this file exists, sshd refuses to let anyone except root log in. /etc/hosts.allow and /etc/hosts.deny : Access controls lists that should be enforced by tcp-wrappers are defined here. SSH default port : TCP ?? . Assem Chelli OpenSSH tricks . . . . .
. Default Config Files and SSH Port /etc/ssh/sshd_config - OpenSSH server configuration file. /etc/ssh/ssh_config - OpenSSH client configuration file. ~/.ssh/ - Users ssh configuration directory. ~/.ssh/authorized_keys - Lists the public keys (RSA or DSA) that can be used to log into the users account /etc/nologin - If this file exists, sshd refuses to let anyone except root log in. /etc/hosts.allow and /etc/hosts.deny : Access controls lists that should be enforced by tcp-wrappers are defined here. SSH default port : TCP ?? . Assem Chelli OpenSSH tricks . . . . .
. Default Config Files and SSH Port /etc/ssh/sshd_config - OpenSSH server configuration file. /etc/ssh/ssh_config - OpenSSH client configuration file. ~/.ssh/ - Users ssh configuration directory. ~/.ssh/authorized_keys - Lists the public keys (RSA or DSA) that can be used to log into the users account /etc/nologin - If this file exists, sshd refuses to let anyone except root log in. /etc/hosts.allow and /etc/hosts.deny : Access controls lists that should be enforced by tcp-wrappers are defined here. SSH default port : TCP ?? . Assem Chelli OpenSSH tricks . . . . .
. Default Config Files and SSH Port /etc/ssh/sshd_config - OpenSSH server configuration file. /etc/ssh/ssh_config - OpenSSH client configuration file. ~/.ssh/ - Users ssh configuration directory. ~/.ssh/authorized_keys - Lists the public keys (RSA or DSA) that can be used to log into the users account /etc/nologin - If this file exists, sshd refuses to let anyone except root log in. /etc/hosts.allow and /etc/hosts.deny : Access controls lists that should be enforced by tcp-wrappers are defined here. SSH default port : TCP ?? . Assem Chelli OpenSSH tricks . . . . .
. BEST SSH Tricks 1 . Copy ssh keys to user@host to enable password-less ssh logins 1 ssh-copy-id user@host . Start a tunnel from some machines port 80 to your local post 2001 2 ssh -N -L2001:localhost:80 somemachine . Output your microphone to a remote computers speaker 3 dd if=/dev/dsp | ssh -c arcfour -C username@host dd of=/dev/dsp . Compare a remote file with a local file 4 ssh user@host cat /path/to/remotefile | diff /path/to/localfile - . Mount folder/filesystem through SSH 5 ss hfs name@server:/path/to/folder /path/to/mount/point . Assem Chelli OpenSSH tricks . . . . .
. BEST SSH Tricks 1 . Copy ssh keys to user@host to enable password-less ssh logins 1 ssh-copy-id user@host . Start a tunnel from some machines port 80 to your local post 2001 2 ssh -N -L2001:localhost:80 somemachine . Output your microphone to a remote computers speaker 3 dd if=/dev/dsp | ssh -c arcfour -C username@host dd of=/dev/dsp . Compare a remote file with a local file 4 ssh user@host cat /path/to/remotefile | diff /path/to/localfile - . Mount folder/filesystem through SSH 5 ss hfs name@server:/path/to/folder /path/to/mount/point . Assem Chelli OpenSSH tricks . . . . .
. BEST SSH Tricks 1 . Copy ssh keys to user@host to enable password-less ssh logins 1 ssh-copy-id user@host . Start a tunnel from some machines port 80 to your local post 2001 2 ssh -N -L2001:localhost:80 somemachine . Output your microphone to a remote computers speaker 3 dd if=/dev/dsp | ssh -c arcfour -C username@host dd of=/dev/dsp . Compare a remote file with a local file 4 ssh user@host cat /path/to/remotefile | diff /path/to/localfile - . Mount folder/filesystem through SSH 5 ss hfs name@server:/path/to/folder /path/to/mount/point . Assem Chelli OpenSSH tricks . . . . .
. BEST SSH Tricks 1 . Copy ssh keys to user@host to enable password-less ssh logins 1 ssh-copy-id user@host . Start a tunnel from some machines port 80 to your local post 2001 2 ssh -N -L2001:localhost:80 somemachine . Output your microphone to a remote computers speaker 3 dd if=/dev/dsp | ssh -c arcfour -C username@host dd of=/dev/dsp . Compare a remote file with a local file 4 ssh user@host cat /path/to/remotefile | diff /path/to/localfile - . Mount folder/filesystem through SSH 5 ss hfs name@server:/path/to/folder /path/to/mount/point . Assem Chelli OpenSSH tricks . . . . .
. BEST SSH Tricks 1 . Copy ssh keys to user@host to enable password-less ssh logins 1 ssh-copy-id user@host . Start a tunnel from some machines port 80 to your local post 2001 2 ssh -N -L2001:localhost:80 somemachine . Output your microphone to a remote computers speaker 3 dd if=/dev/dsp | ssh -c arcfour -C username@host dd of=/dev/dsp . Compare a remote file with a local file 4 ssh user@host cat /path/to/remotefile | diff /path/to/localfile - . Mount folder/filesystem through SSH 5 ss hfs name@server:/path/to/folder /path/to/mount/point . Assem Chelli OpenSSH tricks . . . . .
. BEST SSH Tricks 2 . SSH connection through host in the middle 1 ssh -t reachable_host ssh unreachable_host . Copy from host1 to host2, through your host 2 ssh root@host1 cd /somedir/tocopy/ && tar -cf . | ssh root@host2 cd /samedir/tocopyto/ && tar -xf - . Run any GUI program remotely 3 ssh -fX @ . Create a persistent connection to a machine 4 ssh -MNf @ . Attach screen over ssh 5 ssh -t remote_host screen -r . Assem Chelli OpenSSH tricks . . . . .
. BEST SSH Tricks 2 . SSH connection through host in the middle 1 ssh -t reachable_host ssh unreachable_host . Copy from host1 to host2, through your host 2 ssh root@host1 cd /somedir/tocopy/ && tar -cf . | ssh root@host2 cd /samedir/tocopyto/ && tar -xf - . Run any GUI program remotely 3 ssh -fX @ . Create a persistent connection to a machine 4 ssh -MNf @ . Attach screen over ssh 5 ssh -t remote_host screen -r . Assem Chelli OpenSSH tricks . . . . .
. BEST SSH Tricks 2 . SSH connection through host in the middle 1 ssh -t reachable_host ssh unreachable_host . Copy from host1 to host2, through your host 2 ssh root@host1 cd /somedir/tocopy/ && tar -cf . | ssh root@host2 cd /samedir/tocopyto/ && tar -xf - . Run any GUI program remotely 3 ssh -fX @ . Create a persistent connection to a machine 4 ssh -MNf @ . Attach screen over ssh 5 ssh -t remote_host screen -r . Assem Chelli OpenSSH tricks . . . . .
. BEST SSH Tricks 2 . SSH connection through host in the middle 1 ssh -t reachable_host ssh unreachable_host . Copy from host1 to host2, through your host 2 ssh root@host1 cd /somedir/tocopy/ && tar -cf . | ssh root@host2 cd /samedir/tocopyto/ && tar -xf - . Run any GUI program remotely 3 ssh -fX @ . Create a persistent connection to a machine 4 ssh -MNf @ . Attach screen over ssh 5 ssh -t remote_host screen -r . Assem Chelli OpenSSH tricks . . . . .
. BEST SSH Tricks 2 . SSH connection through host in the middle 1 ssh -t reachable_host ssh unreachable_host . Copy from host1 to host2, through your host 2 ssh root@host1 cd /somedir/tocopy/ && tar -cf . | ssh root@host2 cd /samedir/tocopyto/ && tar -xf - . Run any GUI program remotely 3 ssh -fX @ . Create a persistent connection to a machine 4 ssh -MNf @ . Attach screen over ssh 5 ssh -t remote_host screen -r . Assem Chelli OpenSSH tricks . . . . .
. BEST SSH Tricks 3 . Run complex remote shell cmds over ssh 1 ssh host -l user $( ssh host -l user cat cmd.txt . Resume scp of a big file 2 rsync partial progress rsh=ssh $file_source $user@$host:$destination_file . Analyze traffic remotely over ssh w/ wireshark 3 ssh root@server.com tshark -f port !22 -w - | wireshark -k -i - . Have an ssh session open forever 4 autossh -M50000 -t server.example.com screen -raAd mysession . Harder, Faster, Stronger SSH clients 5 ssh -4 -C -c blowfish-cbc . Assem Chelli OpenSSH tricks . . . . .
. BEST SSH Tricks 3 . Run complex remote shell cmds over ssh 1 ssh host -l user $( ssh host -l user cat cmd.txt . Resume scp of a big file 2 rsync partial progress rsh=ssh $file_source $user@$host:$destination_file . Analyze traffic remotely over ssh w/ wireshark 3 ssh root@server.com tshark -f port !22 -w - | wireshark -k -i - . Have an ssh session open forever 4 autossh -M50000 -t server.example.com screen -raAd mysession . Harder, Faster, Stronger SSH clients 5 ssh -4 -C -c blowfish-cbc . Assem Chelli OpenSSH tricks . . . . .
. BEST SSH Tricks 3 . Run complex remote shell cmds over ssh 1 ssh host -l user $( ssh host -l user cat cmd.txt . Resume scp of a big file 2 rsync partial progress rsh=ssh $file_source $user@$host:$destination_file . Analyze traffic remotely over ssh w/ wireshark 3 ssh root@server.com tshark -f port !22 -w - | wireshark -k -i - . Have an ssh session open forever 4 autossh -M50000 -t server.example.com screen -raAd mysession . Harder, Faster, Stronger SSH clients 5 ssh -4 -C -c blowfish-cbc . Assem Chelli OpenSSH tricks . . . . .
. BEST SSH Tricks 3 . Run complex remote shell cmds over ssh 1 ssh host -l user $( ssh host -l user cat cmd.txt . Resume scp of a big file 2 rsync partial progress rsh=ssh $file_source $user@$host:$destination_file . Analyze traffic remotely over ssh w/ wireshark 3 ssh root@server.com tshark -f port !22 -w - | wireshark -k -i - . Have an ssh session open forever 4 autossh -M50000 -t server.example.com screen -raAd mysession . Harder, Faster, Stronger SSH clients 5 ssh -4 -C -c blowfish-cbc . Assem Chelli OpenSSH tricks . . . . .
. BEST SSH Tricks 3 . Run complex remote shell cmds over ssh 1 ssh host -l user $( ssh host -l user cat cmd.txt . Resume scp of a big file 2 rsync partial progress rsh=ssh $file_source $user@$host:$destination_file . Analyze traffic remotely over ssh w/ wireshark 3 ssh root@server.com tshark -f port !22 -w - | wireshark -k -i - . Have an ssh session open forever 4 autossh -M50000 -t server.example.com screen -raAd mysession . Harder, Faster, Stronger SSH clients 5 ssh -4 -C -c blowfish-cbc . Assem Chelli OpenSSH tricks . . . . .
. Best SSH tricks 4 . Disable OpenSSH Server 1 apt-get remove openssh-server (ubuntu ) chkconfig sshd off && yum erase openssh-server (fedora) . Force to use SSH protocole 2 because SSH-1 is vulnerable (Man-in-the-middle attacks) 2 in /etc/ssh/sshd_config add the line: Protocol 2 . Limit root or Users’ SSH Access 3 in /etc/ssh/sshd_config find&modify the line: AllowUsers root assem or find&modify the line: DenyUsers omar zaki ali-baba or find&modify the line: PermitRootLogin no or create /etc/nologin . Enable a Warning Banner 4 in /etc/ssh/sshd_config add the line: Banner /etc/issue . Assem Chelli OpenSSH tricks . . . . .
. Best SSH tricks 4 . Disable OpenSSH Server 1 apt-get remove openssh-server (ubuntu ) chkconfig sshd off && yum erase openssh-server (fedora) . Force to use SSH protocole 2 because SSH-1 is vulnerable (Man-in-the-middle attacks) 2 in /etc/ssh/sshd_config add the line: Protocol 2 . Limit root or Users’ SSH Access 3 in /etc/ssh/sshd_config find&modify the line: AllowUsers root assem or find&modify the line: DenyUsers omar zaki ali-baba or find&modify the line: PermitRootLogin no or create /etc/nologin . Enable a Warning Banner 4 in /etc/ssh/sshd_config add the line: Banner /etc/issue . Assem Chelli OpenSSH tricks . . . . .
. Best SSH tricks 4 . Disable OpenSSH Server 1 apt-get remove openssh-server (ubuntu ) chkconfig sshd off && yum erase openssh-server (fedora) . Force to use SSH protocole 2 because SSH-1 is vulnerable (Man-in-the-middle attacks) 2 in /etc/ssh/sshd_config add the line: Protocol 2 . Limit root or Users’ SSH Access 3 in /etc/ssh/sshd_config find&modify the line: AllowUsers root assem or find&modify the line: DenyUsers omar zaki ali-baba or find&modify the line: PermitRootLogin no or create /etc/nologin . Enable a Warning Banner 4 in /etc/ssh/sshd_config add the line: Banner /etc/issue . Assem Chelli OpenSSH tricks . . . . .
. Best SSH tricks 4 . Disable OpenSSH Server 1 apt-get remove openssh-server (ubuntu ) chkconfig sshd off && yum erase openssh-server (fedora) . Force to use SSH protocole 2 because SSH-1 is vulnerable (Man-in-the-middle attacks) 2 in /etc/ssh/sshd_config add the line: Protocol 2 . Limit root or Users’ SSH Access 3 in /etc/ssh/sshd_config find&modify the line: AllowUsers root assem or find&modify the line: DenyUsers omar zaki ali-baba or find&modify the line: PermitRootLogin no or create /etc/nologin . Enable a Warning Banner 4 in /etc/ssh/sshd_config add the line: Banner /etc/issue . Assem Chelli OpenSSH tricks . . . . .
. Best SSH tricks 5 . Change SSH port 1 in /etc/ssh/sshd_config find&modify the line: Port 300 . Deny empty passwords 2 in /etc/ssh/sshd_config find&modify the line: PermitEmptyPasswords no . Use SSH as an Internet Proxy 3 Google it ! . Assem Chelli OpenSSH tricks . . . . .
. Best SSH tricks 5 . Change SSH port 1 in /etc/ssh/sshd_config find&modify the line: Port 300 . Deny empty passwords 2 in /etc/ssh/sshd_config find&modify the line: PermitEmptyPasswords no . Use SSH as an Internet Proxy 3 Google it ! . Assem Chelli OpenSSH tricks . . . . .
. Best SSH tricks 5 . Change SSH port 1 in /etc/ssh/sshd_config find&modify the line: Port 300 . Deny empty passwords 2 in /etc/ssh/sshd_config find&modify the line: PermitEmptyPasswords no . Use SSH as an Internet Proxy 3 Google it ! . Assem Chelli OpenSSH tricks . . . . .
. Best SSH tricks 5 . Change SSH port 1 in /etc/ssh/sshd_config find&modify the line: Port 300 . Deny empty passwords 2 in /etc/ssh/sshd_config find&modify the line: PermitEmptyPasswords no . Use SSH as an Internet Proxy 3 Google it ! . Assem Chelli OpenSSH tricks . . . . .
. Thwart SSH Crackers DenyHosts Fail2ban security/sshguard security/sshblock . Assem Chelli OpenSSH tricks . . . . .
. SSH via Proxy! Proxy Problem! /etc/ssh/ssh_config host * proxyCommand connect -H 10.0.0.1:80 %h %p . Assem Chelli OpenSSH tricks . . . . .
. SSH via Proxy! Proxy Problem! /etc/ssh/ssh_config host * proxyCommand connect -H 10.0.0.1:80 %h %p . Assem Chelli OpenSSH tricks . . . . .
. forwarding over SSH Agent forwarding ssh -A trustedhost (your privatekeys can be stolen) X11 forwarding ssh -X user@host firefox ssh -Y user@host Port forwarding ssh -L8000:anotherhost:80 somehost . Assem Chelli OpenSSH tricks . . . . .
. Tunneling types LocalForward RemoteForward DynamicForward ProxyCommand ForwardX11/ForwardX11Trusted Tunnel ControlMaster . Assem Chelli OpenSSH tricks . . . . .
. Security ssh-agent X11 GatewayPorts MITM SSH-1.99 SSH timing attack . Assem Chelli OpenSSH tricks . . . . .
Appendix . Questions Questions? . Assem Chelli OpenSSH tricks . . . . .
Appendix For Further Reading . For Further Reading I SSH tips, tricks & protocol tutorial .Damien Miller , AUUG Winter 2002 . 25 Best SSH Commands / Tricks. http://www.newitperson.com/2012/01/25-ssh-commandstricks/ SSH manpage . Assem Chelli OpenSSH tricks . . . . .

Recommandé

FLOSS UK DEVOPS Spring 2015 Enhancing ssh config
FLOSS UK DEVOPS Spring 2015 Enhancing ssh configFLOSS UK DEVOPS Spring 2015 Enhancing ssh config
FLOSS UK DEVOPS Spring 2015 Enhancing ssh configdmp1304
 
Introduction to SSH
Introduction to SSHIntroduction to SSH
Introduction to SSHHemant Shah
 
SSH
SSHSSH
SSHZach Dennis
 
SSH - Secure Shell
SSH - Secure ShellSSH - Secure Shell
SSH - Secure ShellPeter R. Egli
 
Ssh
SshSsh
SshRaghu nath
 
An introduction to SSH
An introduction to SSHAn introduction to SSH
An introduction to SSHnussbauml
 
Secure SHell
Secure SHellSecure SHell
Secure SHellÇağrı Çakır
 
Secure shell
Secure shellSecure shell
Secure shellArjun Aj
 

Recommandé

FLOSS UK DEVOPS Spring 2015 Enhancing ssh config
FLOSS UK DEVOPS Spring 2015 Enhancing ssh configFLOSS UK DEVOPS Spring 2015 Enhancing ssh config
FLOSS UK DEVOPS Spring 2015 Enhancing ssh configdmp1304
 
Introduction to SSH
Introduction to SSHIntroduction to SSH
Introduction to SSHHemant Shah
 
SSH
SSHSSH
SSHZach Dennis
 
SSH - Secure Shell
SSH - Secure ShellSSH - Secure Shell
SSH - Secure ShellPeter R. Egli
 
Ssh
SshSsh
SshRaghu nath
 
An introduction to SSH
An introduction to SSHAn introduction to SSH
An introduction to SSHnussbauml
 
Secure SHell
Secure SHellSecure SHell
Secure SHellÇağrı Çakır
 
Secure shell
Secure shellSecure shell
Secure shellArjun Aj
 
Secure shell protocol
Secure shell protocolSecure shell protocol
Secure shell protocolBaspally Sai Anirudh
 
SSH Tunneling Recipes
SSH Tunneling RecipesSSH Tunneling Recipes
SSH Tunneling RecipesOSOCO
 
Secure Shell(ssh)
Secure Shell(ssh)Secure Shell(ssh)
Secure Shell(ssh)Pina Parmar
 
Ssh (The Secure Shell)
Ssh (The Secure Shell)Ssh (The Secure Shell)
Ssh (The Secure Shell)Mehedi Farazi
 
Ssh
SshSsh
Sshgh02
 
Introduction to SSH & PGP
Introduction to SSH & PGPIntroduction to SSH & PGP
Introduction to SSH & PGPSarang Ananda Rao
 
Ssh And Rlogin
Ssh And RloginSsh And Rlogin
Ssh And RloginSourav Roy
 
Secure shell ppt
Secure shell pptSecure shell ppt
Secure shell pptsravya raju
 
Securing the tunnel with Raccoon
Securing the tunnel with RaccoonSecuring the tunnel with Raccoon
Securing the tunnel with RaccoonGloria Stoilova
 
Intro to SSH
Intro to SSHIntro to SSH
Intro to SSHJP Bourget
 
Windowshadoop
WindowshadoopWindowshadoop
Windowshadooparunkumar sadhasivam
 
Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform Enviornment
Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform EnviornmentNagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform Enviornment
Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform EnviornmentNagios
 
How to increase security with SSH
How to increase security with SSHHow to increase security with SSH
How to increase security with SSHVitalii Sharavara
 
Ssh that wonderful thing
Ssh that wonderful thingSsh that wonderful thing
Ssh that wonderful thingMarc Cluet
 
Meeting 5.2 : ssh
Meeting 5.2 : sshMeeting 5.2 : ssh
Meeting 5.2 : sshSyaiful Ahdan
 
Bh usa-01-kaminsky
Bh usa-01-kaminskyBh usa-01-kaminsky
Bh usa-01-kaminskyDan Kaminsky
 
Share File easily between computers using sftp
Share File easily between computers using sftpShare File easily between computers using sftp
Share File easily between computers using sftpTushar B Kute
 
Ssh tunnel
Ssh tunnelSsh tunnel
Ssh tunnelAmandeep Singh
 
SSH.ppt
SSH.pptSSH.ppt
SSH.pptjoekr1
 
SSH for pen-testers
SSH for pen-testersSSH for pen-testers
SSH for pen-testersE D Williams
 
Cent os 5 ssh
Cent os 5 sshCent os 5 ssh
Cent os 5 sshAlejandro Besne
 
tutorial-ssh.pdf
tutorial-ssh.pdftutorial-ssh.pdf
tutorial-ssh.pdfNigussMehari4
 

Contenu connexe

Tendances

SSH Tunneling Recipes
SSH Tunneling RecipesSSH Tunneling Recipes
SSH Tunneling RecipesOSOCO
 
Secure Shell(ssh)
Secure Shell(ssh)Secure Shell(ssh)
Secure Shell(ssh)Pina Parmar
 
Ssh (The Secure Shell)
Ssh (The Secure Shell)Ssh (The Secure Shell)
Ssh (The Secure Shell)Mehedi Farazi
 
Ssh
SshSsh
Sshgh02
 
Ssh And Rlogin
Ssh And RloginSsh And Rlogin
Ssh And RloginSourav Roy
 
Secure shell ppt
Secure shell pptSecure shell ppt
Secure shell pptsravya raju
 
Securing the tunnel with Raccoon
Securing the tunnel with RaccoonSecuring the tunnel with Raccoon
Securing the tunnel with RaccoonGloria Stoilova
 
Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform Enviornment
Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform EnviornmentNagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform Enviornment
Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform EnviornmentNagios
 
How to increase security with SSH
How to increase security with SSHHow to increase security with SSH
How to increase security with SSHVitalii Sharavara
 
Ssh that wonderful thing
Ssh that wonderful thingSsh that wonderful thing
Ssh that wonderful thingMarc Cluet
 
Bh usa-01-kaminsky
Bh usa-01-kaminskyBh usa-01-kaminsky
Bh usa-01-kaminskyDan Kaminsky
 
Share File easily between computers using sftp
Share File easily between computers using sftpShare File easily between computers using sftp
Share File easily between computers using sftpTushar B Kute
 
SSH.ppt
SSH.pptSSH.ppt
SSH.pptjoekr1
 

Tendances (19)

Secure shell protocol
Secure shell protocolSecure shell protocol
Secure shell protocol
 
SSH Tunneling Recipes
SSH Tunneling RecipesSSH Tunneling Recipes
SSH Tunneling Recipes
 
Secure Shell(ssh)
Secure Shell(ssh)Secure Shell(ssh)
Secure Shell(ssh)
 
Ssh (The Secure Shell)
Ssh (The Secure Shell)Ssh (The Secure Shell)
Ssh (The Secure Shell)
 
Ssh
SshSsh
Ssh
 
Introduction to SSH & PGP
Introduction to SSH & PGPIntroduction to SSH & PGP
Introduction to SSH & PGP
 
Ssh And Rlogin
Ssh And RloginSsh And Rlogin
Ssh And Rlogin
 
Secure shell ppt
Secure shell pptSecure shell ppt
Secure shell ppt
 
Securing the tunnel with Raccoon
Securing the tunnel with RaccoonSecuring the tunnel with Raccoon
Securing the tunnel with Raccoon
 
Intro to SSH
Intro to SSHIntro to SSH
Intro to SSH
 
Windowshadoop
WindowshadoopWindowshadoop
Windowshadoop
 
Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform Enviornment
Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform EnviornmentNagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform Enviornment
Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform Enviornment
 
How to increase security with SSH
How to increase security with SSHHow to increase security with SSH
How to increase security with SSH
 
Ssh that wonderful thing
Ssh that wonderful thingSsh that wonderful thing
Ssh that wonderful thing
 
Meeting 5.2 : ssh
Meeting 5.2 : sshMeeting 5.2 : ssh
Meeting 5.2 : ssh
 
Bh usa-01-kaminsky
Bh usa-01-kaminskyBh usa-01-kaminsky
Bh usa-01-kaminsky
 
Share File easily between computers using sftp
Share File easily between computers using sftpShare File easily between computers using sftp
Share File easily between computers using sftp
 
Ssh tunnel
Ssh tunnelSsh tunnel
Ssh tunnel
 
SSH.ppt
SSH.pptSSH.ppt
SSH.ppt
 

Similaire à OpenSSH tricks

SSH for pen-testers
SSH for pen-testersSSH for pen-testers
SSH for pen-testersE D Williams
 
Presentation nix
Presentation nixPresentation nix
Presentation nixfangjiafu
 
Presentation nix
Presentation nixPresentation nix
Presentation nixfangjiafu
 
How To Setup SSH Keys on CentOS 7
How To Setup SSH Keys on CentOS 7How To Setup SSH Keys on CentOS 7
How To Setup SSH Keys on CentOS 7VCP Muthukrishna
 
Linux advanced privilege escalation
Linux advanced privilege escalationLinux advanced privilege escalation
Linux advanced privilege escalationJameel Nabbo
 
OpenSSH: keep your secrets safe
OpenSSH: keep your secrets safeOpenSSH: keep your secrets safe
OpenSSH: keep your secrets safeGiovanni Bechis
 
Tomáš Čorej - OpenSSH
Tomáš Čorej - OpenSSHTomáš Čorej - OpenSSH
Tomáš Čorej - OpenSSHwebelement
 
Hadoop meet Rex(How to construct hadoop cluster with rex)
Hadoop meet Rex(How to construct hadoop cluster with rex)Hadoop meet Rex(How to construct hadoop cluster with rex)
Hadoop meet Rex(How to construct hadoop cluster with rex)Jun Hong Kim
 
Power point on linux commands,appache,php,mysql,html,css,web 2.0
Power point on linux commands,appache,php,mysql,html,css,web 2.0Power point on linux commands,appache,php,mysql,html,css,web 2.0
Power point on linux commands,appache,php,mysql,html,css,web 2.0venkatakrishnan k
 
Brief summary-standard-password-hashes-Aix-FreeBSD-Linux-Solaris-HP-UX-May-20...
Brief summary-standard-password-hashes-Aix-FreeBSD-Linux-Solaris-HP-UX-May-20...Brief summary-standard-password-hashes-Aix-FreeBSD-Linux-Solaris-HP-UX-May-20...
Brief summary-standard-password-hashes-Aix-FreeBSD-Linux-Solaris-HP-UX-May-20...Circling Cycle
 

Similaire à OpenSSH tricks (20)

SSH for pen-testers
SSH for pen-testersSSH for pen-testers
SSH for pen-testers
 
Cent os 5 ssh
Cent os 5 sshCent os 5 ssh
Cent os 5 ssh
 
tutorial-ssh.pdf
tutorial-ssh.pdftutorial-ssh.pdf
tutorial-ssh.pdf
 
SSH how to 2011
SSH how to 2011SSH how to 2011
SSH how to 2011
 
Presentation nix
Presentation nixPresentation nix
Presentation nix
 
Presentation nix
Presentation nixPresentation nix
Presentation nix
 
Ssh cookbook v2
Ssh cookbook v2Ssh cookbook v2
Ssh cookbook v2
 
Ssh cookbook
Ssh cookbookSsh cookbook
Ssh cookbook
 
How To Setup SSH Keys on CentOS 7
How To Setup SSH Keys on CentOS 7How To Setup SSH Keys on CentOS 7
How To Setup SSH Keys on CentOS 7
 
Linux advanced privilege escalation
Linux advanced privilege escalationLinux advanced privilege escalation
Linux advanced privilege escalation
 
OpenSSH: keep your secrets safe
OpenSSH: keep your secrets safeOpenSSH: keep your secrets safe
OpenSSH: keep your secrets safe
 
Tomáš Čorej - OpenSSH
Tomáš Čorej - OpenSSHTomáš Čorej - OpenSSH
Tomáš Čorej - OpenSSH
 
SSH.pdf
SSH.pdfSSH.pdf
SSH.pdf
 
Linuxserver harden
Linuxserver hardenLinuxserver harden
Linuxserver harden
 
Unsecuring SSH
Unsecuring SSHUnsecuring SSH
Unsecuring SSH
 
Hadoop meet Rex(How to construct hadoop cluster with rex)
Hadoop meet Rex(How to construct hadoop cluster with rex)Hadoop meet Rex(How to construct hadoop cluster with rex)
Hadoop meet Rex(How to construct hadoop cluster with rex)
 
Logging remotely open ssh
Logging remotely open sshLogging remotely open ssh
Logging remotely open ssh
 
Power point on linux commands,appache,php,mysql,html,css,web 2.0
Power point on linux commands,appache,php,mysql,html,css,web 2.0Power point on linux commands,appache,php,mysql,html,css,web 2.0
Power point on linux commands,appache,php,mysql,html,css,web 2.0
 
Linux presentation
Linux presentationLinux presentation
Linux presentation
 
Brief summary-standard-password-hashes-Aix-FreeBSD-Linux-Solaris-HP-UX-May-20...
Brief summary-standard-password-hashes-Aix-FreeBSD-Linux-Solaris-HP-UX-May-20...Brief summary-standard-password-hashes-Aix-FreeBSD-Linux-Solaris-HP-UX-May-20...
Brief summary-standard-password-hashes-Aix-FreeBSD-Linux-Solaris-HP-UX-May-20...
 

Plus de Assem CHELLI

How to get in GSoC , DevFest Algiers 2018
How to get in GSoC , DevFest Algiers 2018How to get in GSoC , DevFest Algiers 2018
How to get in GSoC , DevFest Algiers 2018Assem CHELLI
 
Dev environment for linux (Mainly KDE and python)
Dev environment for linux (Mainly KDE and python)Dev environment for linux (Mainly KDE and python)
Dev environment for linux (Mainly KDE and python)Assem CHELLI
 
تجربتي مع المساهمة في المشاريع الحرة - اليوم الحر
تجربتي مع المساهمة في المشاريع الحرة - اليوم الحر تجربتي مع المساهمة في المشاريع الحرة - اليوم الحر
تجربتي مع المساهمة في المشاريع الحرة - اليوم الحر Assem CHELLI
 
Proposal of an Advanced Retrieval System for NobleQur'an - Thesis defending
Proposal of an Advanced Retrieval System for NobleQur'an - Thesis defending Proposal of an Advanced Retrieval System for NobleQur'an - Thesis defending
Proposal of an Advanced Retrieval System for NobleQur'an - Thesis defending Assem CHELLI
 
Global Schema for Alfanous Quran Search Engine
Global Schema for Alfanous Quran Search EngineGlobal Schema for Alfanous Quran Search Engine
Global Schema for Alfanous Quran Search EngineAssem CHELLI
 
Proposal of an Advanced Retrieval System for Noble Qur’an
Proposal of an Advanced Retrieval System for Noble Qur’anProposal of an Advanced Retrieval System for Noble Qur’an
Proposal of an Advanced Retrieval System for Noble Qur’anAssem CHELLI
 
Alfanous Quran Search Engine API
Alfanous Quran Search Engine APIAlfanous Quran Search Engine API
Alfanous Quran Search Engine APIAssem CHELLI
 

Plus de Assem CHELLI (8)

How to get in GSoC , DevFest Algiers 2018
How to get in GSoC , DevFest Algiers 2018How to get in GSoC , DevFest Algiers 2018
How to get in GSoC , DevFest Algiers 2018
 
Dev environment for linux (Mainly KDE and python)
Dev environment for linux (Mainly KDE and python)Dev environment for linux (Mainly KDE and python)
Dev environment for linux (Mainly KDE and python)
 
Python Workshop
Python Workshop Python Workshop
Python Workshop
 
تجربتي مع المساهمة في المشاريع الحرة - اليوم الحر
تجربتي مع المساهمة في المشاريع الحرة - اليوم الحر تجربتي مع المساهمة في المشاريع الحرة - اليوم الحر
تجربتي مع المساهمة في المشاريع الحرة - اليوم الحر
 
Proposal of an Advanced Retrieval System for NobleQur'an - Thesis defending
Proposal of an Advanced Retrieval System for NobleQur'an - Thesis defending Proposal of an Advanced Retrieval System for NobleQur'an - Thesis defending
Proposal of an Advanced Retrieval System for NobleQur'an - Thesis defending
 
Global Schema for Alfanous Quran Search Engine
Global Schema for Alfanous Quran Search EngineGlobal Schema for Alfanous Quran Search Engine
Global Schema for Alfanous Quran Search Engine
 
Proposal of an Advanced Retrieval System for Noble Qur’an
Proposal of an Advanced Retrieval System for Noble Qur’anProposal of an Advanced Retrieval System for Noble Qur’an
Proposal of an Advanced Retrieval System for Noble Qur’an
 
Alfanous Quran Search Engine API
Alfanous Quran Search Engine APIAlfanous Quran Search Engine API
Alfanous Quran Search Engine API
 

Dernier

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 

Dernier (20)

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 

OpenSSH tricks

  • 1. . . OpenSSH tricks Assem Chelli assem.ch@gmail.com (@assem_ch) Hacknowledge Contest Algeria 2013 . Assem Chelli OpenSSH tricks . . . . .
  • 2. . What is SSH? SSH: Secure SHell, a Network protocol Created by Tatu Ylonen (1995) Secure logging into remote computer Public key authentication (!Password), Authentication of the server (!MAN-IN-THE-MIDDLE ) Encryption, Integrity more features: Stream Compression Port forwarding X11 sessions forwarding File transfer . Assem Chelli OpenSSH tricks . . . . .
  • 3. . WHY SSH IS SO IMPORTANT? IP spoofing IP source routing DNS spoofing Password sniffing Manipulation of transfer data Atack on X11 (sniffing on authorization) . Assem Chelli OpenSSH tricks . . . . .
  • 4. . Install Open SSH SSH is so resricted , OPEN SSH is free! openssh-client , openssh-server sudo apt-get install openssh-client openssh-server sudo yum install openssh-client openssh-server WINDOWS: download & install PuTTY http://www.chiark.greenend.org.uk/ sgtatham/putty/ . Assem Chelli OpenSSH tricks . . . . .
  • 5. . Basic SSH usage Remote login ssh hostname ssh -l user hostname ssh user@hostname cd:41:70:30:48:07:16:81:e5:30:34:66:f1:56:ef:db RSA key fingerprint —> yes / no (Public Key authentification) host’s password: _______ (Password authentification) known hosts ~/.ssh/known_hosts . Assem Chelli OpenSSH tricks . . . . .
  • 6. . Basic SSH usage Remote login ssh hostname ssh -l user hostname ssh user@hostname cd:41:70:30:48:07:16:81:e5:30:34:66:f1:56:ef:db RSA key fingerprint —> yes / no (Public Key authentification) host’s password: _______ (Password authentification) known hosts ~/.ssh/known_hosts . Assem Chelli OpenSSH tricks . . . . .
  • 7. . Omar in the middle! let’s play SERVER role! We put Server offline Someone fix his IP as the same IP of server Now try login again ssh host @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that the RSA host key has just been changed. . Assem Chelli OpenSSH tricks . . . . .
  • 8. . Omar in the middle! let’s play SERVER role! We put Server offline Someone fix his IP as the same IP of server Now try login again ssh host @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that the RSA host key has just been changed. . Assem Chelli OpenSSH tricks . . . . .
  • 9. . SSH replaces telnet. ssh host.domena.pl ssh user@host.domena.pl ssh -l user host.domena.pl . Assem Chelli OpenSSH tricks . . . . .
  • 10. . SSH replaces FTP. sftp host.domena.pl sftp> dir . Assem Chelli OpenSSH tricks . . . . .
  • 11. . SSH replaces r-command . rexec ssh host "cat /etc/passwd" rlogin ssh user@host rcp scp file host.domena.pl . Assem Chelli OpenSSH tricks . . . . .
  • 12. . Executing commands remotely ssh host netstat ssh host "ls -C /bin" ssh host “cat /etc/passwd” ssh host “vi /tmp/foo ” ssh -t host vi /tmp/foo . Assem Chelli OpenSSH tricks . . . . .
  • 13. . Executing commands remotely ssh host netstat ssh host "ls -C /bin" ssh host “cat /etc/passwd” ssh host “vi /tmp/foo ” ssh -t host vi /tmp/foo . Assem Chelli OpenSSH tricks . . . . .
  • 14. . Redirecting commands input and output ssh host "ls /bin | grep -i rm" ssh host "ls /bin" | grep -i rm ssh host "cat /etc/passwd" > remote_passwd ssh host "psql billing" < billing.sql | grep -v ^INFO . Assem Chelli OpenSSH tricks . . . . .
  • 15. . Redirecting commands input and output ssh host "ls /bin | grep -i rm" ssh host "ls /bin" | grep -i rm ssh host "cat /etc/passwd" > remote_passwd ssh host "psql billing" < billing.sql | grep -v ^INFO . Assem Chelli OpenSSH tricks . . . . .
  • 16. . File transfer scp scp [user1@]host1:/path/to/source/file [user2@]host2:/path/to/destination/file scp -r sftp sftp host sftp> cd /usr/share/games sftp> ls sftp> lcd /tmp get c* quit tar-over-ssh ssh host "cd /usr/share/games ; tar cf - ./a*" | > (cd /tmp ; tar xpvf -) rsync rsync -ve ssh host:/bin/c* /tmp . Assem Chelli OpenSSH tricks . . . . .
  • 17. . Public Keys Generate a public key ssh-keygen -t rsa cat ~/.ssh/id_rsa.pub Authentification ssh-add -l Restrictions cat ~/.ssh/authorized_keys . Assem Chelli OpenSSH tricks . . . . .
  • 18. . Default Config Files and SSH Port /etc/ssh/sshd_config - OpenSSH server configuration file. /etc/ssh/ssh_config - OpenSSH client configuration file. ~/.ssh/ - Users ssh configuration directory. ~/.ssh/authorized_keys - Lists the public keys (RSA or DSA) that can be used to log into the users account /etc/nologin - If this file exists, sshd refuses to let anyone except root log in. /etc/hosts.allow and /etc/hosts.deny : Access controls lists that should be enforced by tcp-wrappers are defined here. SSH default port : TCP ?? . Assem Chelli OpenSSH tricks . . . . .
  • 19. . Default Config Files and SSH Port /etc/ssh/sshd_config - OpenSSH server configuration file. /etc/ssh/ssh_config - OpenSSH client configuration file. ~/.ssh/ - Users ssh configuration directory. ~/.ssh/authorized_keys - Lists the public keys (RSA or DSA) that can be used to log into the users account /etc/nologin - If this file exists, sshd refuses to let anyone except root log in. /etc/hosts.allow and /etc/hosts.deny : Access controls lists that should be enforced by tcp-wrappers are defined here. SSH default port : TCP ?? . Assem Chelli OpenSSH tricks . . . . .
  • 20. . Default Config Files and SSH Port /etc/ssh/sshd_config - OpenSSH server configuration file. /etc/ssh/ssh_config - OpenSSH client configuration file. ~/.ssh/ - Users ssh configuration directory. ~/.ssh/authorized_keys - Lists the public keys (RSA or DSA) that can be used to log into the users account /etc/nologin - If this file exists, sshd refuses to let anyone except root log in. /etc/hosts.allow and /etc/hosts.deny : Access controls lists that should be enforced by tcp-wrappers are defined here. SSH default port : TCP ?? . Assem Chelli OpenSSH tricks . . . . .
  • 21. . Default Config Files and SSH Port /etc/ssh/sshd_config - OpenSSH server configuration file. /etc/ssh/ssh_config - OpenSSH client configuration file. ~/.ssh/ - Users ssh configuration directory. ~/.ssh/authorized_keys - Lists the public keys (RSA or DSA) that can be used to log into the users account /etc/nologin - If this file exists, sshd refuses to let anyone except root log in. /etc/hosts.allow and /etc/hosts.deny : Access controls lists that should be enforced by tcp-wrappers are defined here. SSH default port : TCP ?? . Assem Chelli OpenSSH tricks . . . . .
  • 22. . Default Config Files and SSH Port /etc/ssh/sshd_config - OpenSSH server configuration file. /etc/ssh/ssh_config - OpenSSH client configuration file. ~/.ssh/ - Users ssh configuration directory. ~/.ssh/authorized_keys - Lists the public keys (RSA or DSA) that can be used to log into the users account /etc/nologin - If this file exists, sshd refuses to let anyone except root log in. /etc/hosts.allow and /etc/hosts.deny : Access controls lists that should be enforced by tcp-wrappers are defined here. SSH default port : TCP ?? . Assem Chelli OpenSSH tricks . . . . .
  • 23. . Default Config Files and SSH Port /etc/ssh/sshd_config - OpenSSH server configuration file. /etc/ssh/ssh_config - OpenSSH client configuration file. ~/.ssh/ - Users ssh configuration directory. ~/.ssh/authorized_keys - Lists the public keys (RSA or DSA) that can be used to log into the users account /etc/nologin - If this file exists, sshd refuses to let anyone except root log in. /etc/hosts.allow and /etc/hosts.deny : Access controls lists that should be enforced by tcp-wrappers are defined here. SSH default port : TCP ?? . Assem Chelli OpenSSH tricks . . . . .
  • 24. . Default Config Files and SSH Port /etc/ssh/sshd_config - OpenSSH server configuration file. /etc/ssh/ssh_config - OpenSSH client configuration file. ~/.ssh/ - Users ssh configuration directory. ~/.ssh/authorized_keys - Lists the public keys (RSA or DSA) that can be used to log into the users account /etc/nologin - If this file exists, sshd refuses to let anyone except root log in. /etc/hosts.allow and /etc/hosts.deny : Access controls lists that should be enforced by tcp-wrappers are defined here. SSH default port : TCP ?? . Assem Chelli OpenSSH tricks . . . . .
  • 25. . BEST SSH Tricks 1 . Copy ssh keys to user@host to enable password-less ssh logins 1 ssh-copy-id user@host . Start a tunnel from some machines port 80 to your local post 2001 2 ssh -N -L2001:localhost:80 somemachine . Output your microphone to a remote computers speaker 3 dd if=/dev/dsp | ssh -c arcfour -C username@host dd of=/dev/dsp . Compare a remote file with a local file 4 ssh user@host cat /path/to/remotefile | diff /path/to/localfile - . Mount folder/filesystem through SSH 5 ss hfs name@server:/path/to/folder /path/to/mount/point . Assem Chelli OpenSSH tricks . . . . .
  • 26. . BEST SSH Tricks 1 . Copy ssh keys to user@host to enable password-less ssh logins 1 ssh-copy-id user@host . Start a tunnel from some machines port 80 to your local post 2001 2 ssh -N -L2001:localhost:80 somemachine . Output your microphone to a remote computers speaker 3 dd if=/dev/dsp | ssh -c arcfour -C username@host dd of=/dev/dsp . Compare a remote file with a local file 4 ssh user@host cat /path/to/remotefile | diff /path/to/localfile - . Mount folder/filesystem through SSH 5 ss hfs name@server:/path/to/folder /path/to/mount/point . Assem Chelli OpenSSH tricks . . . . .
  • 27. . BEST SSH Tricks 1 . Copy ssh keys to user@host to enable password-less ssh logins 1 ssh-copy-id user@host . Start a tunnel from some machines port 80 to your local post 2001 2 ssh -N -L2001:localhost:80 somemachine . Output your microphone to a remote computers speaker 3 dd if=/dev/dsp | ssh -c arcfour -C username@host dd of=/dev/dsp . Compare a remote file with a local file 4 ssh user@host cat /path/to/remotefile | diff /path/to/localfile - . Mount folder/filesystem through SSH 5 ss hfs name@server:/path/to/folder /path/to/mount/point . Assem Chelli OpenSSH tricks . . . . .
  • 28. . BEST SSH Tricks 1 . Copy ssh keys to user@host to enable password-less ssh logins 1 ssh-copy-id user@host . Start a tunnel from some machines port 80 to your local post 2001 2 ssh -N -L2001:localhost:80 somemachine . Output your microphone to a remote computers speaker 3 dd if=/dev/dsp | ssh -c arcfour -C username@host dd of=/dev/dsp . Compare a remote file with a local file 4 ssh user@host cat /path/to/remotefile | diff /path/to/localfile - . Mount folder/filesystem through SSH 5 ss hfs name@server:/path/to/folder /path/to/mount/point . Assem Chelli OpenSSH tricks . . . . .
  • 29. . BEST SSH Tricks 1 . Copy ssh keys to user@host to enable password-less ssh logins 1 ssh-copy-id user@host . Start a tunnel from some machines port 80 to your local post 2001 2 ssh -N -L2001:localhost:80 somemachine . Output your microphone to a remote computers speaker 3 dd if=/dev/dsp | ssh -c arcfour -C username@host dd of=/dev/dsp . Compare a remote file with a local file 4 ssh user@host cat /path/to/remotefile | diff /path/to/localfile - . Mount folder/filesystem through SSH 5 ss hfs name@server:/path/to/folder /path/to/mount/point . Assem Chelli OpenSSH tricks . . . . .
  • 30. . BEST SSH Tricks 2 . SSH connection through host in the middle 1 ssh -t reachable_host ssh unreachable_host . Copy from host1 to host2, through your host 2 ssh root@host1 cd /somedir/tocopy/ && tar -cf . | ssh root@host2 cd /samedir/tocopyto/ && tar -xf - . Run any GUI program remotely 3 ssh -fX @ . Create a persistent connection to a machine 4 ssh -MNf @ . Attach screen over ssh 5 ssh -t remote_host screen -r . Assem Chelli OpenSSH tricks . . . . .
  • 31. . BEST SSH Tricks 2 . SSH connection through host in the middle 1 ssh -t reachable_host ssh unreachable_host . Copy from host1 to host2, through your host 2 ssh root@host1 cd /somedir/tocopy/ && tar -cf . | ssh root@host2 cd /samedir/tocopyto/ && tar -xf - . Run any GUI program remotely 3 ssh -fX @ . Create a persistent connection to a machine 4 ssh -MNf @ . Attach screen over ssh 5 ssh -t remote_host screen -r . Assem Chelli OpenSSH tricks . . . . .
  • 32. . BEST SSH Tricks 2 . SSH connection through host in the middle 1 ssh -t reachable_host ssh unreachable_host . Copy from host1 to host2, through your host 2 ssh root@host1 cd /somedir/tocopy/ && tar -cf . | ssh root@host2 cd /samedir/tocopyto/ && tar -xf - . Run any GUI program remotely 3 ssh -fX @ . Create a persistent connection to a machine 4 ssh -MNf @ . Attach screen over ssh 5 ssh -t remote_host screen -r . Assem Chelli OpenSSH tricks . . . . .
  • 33. . BEST SSH Tricks 2 . SSH connection through host in the middle 1 ssh -t reachable_host ssh unreachable_host . Copy from host1 to host2, through your host 2 ssh root@host1 cd /somedir/tocopy/ && tar -cf . | ssh root@host2 cd /samedir/tocopyto/ && tar -xf - . Run any GUI program remotely 3 ssh -fX @ . Create a persistent connection to a machine 4 ssh -MNf @ . Attach screen over ssh 5 ssh -t remote_host screen -r . Assem Chelli OpenSSH tricks . . . . .
  • 34. . BEST SSH Tricks 2 . SSH connection through host in the middle 1 ssh -t reachable_host ssh unreachable_host . Copy from host1 to host2, through your host 2 ssh root@host1 cd /somedir/tocopy/ && tar -cf . | ssh root@host2 cd /samedir/tocopyto/ && tar -xf - . Run any GUI program remotely 3 ssh -fX @ . Create a persistent connection to a machine 4 ssh -MNf @ . Attach screen over ssh 5 ssh -t remote_host screen -r . Assem Chelli OpenSSH tricks . . . . .
  • 35. . BEST SSH Tricks 3 . Run complex remote shell cmds over ssh 1 ssh host -l user $( ssh host -l user cat cmd.txt . Resume scp of a big file 2 rsync partial progress rsh=ssh $file_source $user@$host:$destination_file . Analyze traffic remotely over ssh w/ wireshark 3 ssh root@server.com tshark -f port !22 -w - | wireshark -k -i - . Have an ssh session open forever 4 autossh -M50000 -t server.example.com screen -raAd mysession . Harder, Faster, Stronger SSH clients 5 ssh -4 -C -c blowfish-cbc . Assem Chelli OpenSSH tricks . . . . .
  • 36. . BEST SSH Tricks 3 . Run complex remote shell cmds over ssh 1 ssh host -l user $( ssh host -l user cat cmd.txt . Resume scp of a big file 2 rsync partial progress rsh=ssh $file_source $user@$host:$destination_file . Analyze traffic remotely over ssh w/ wireshark 3 ssh root@server.com tshark -f port !22 -w - | wireshark -k -i - . Have an ssh session open forever 4 autossh -M50000 -t server.example.com screen -raAd mysession . Harder, Faster, Stronger SSH clients 5 ssh -4 -C -c blowfish-cbc . Assem Chelli OpenSSH tricks . . . . .
  • 37. . BEST SSH Tricks 3 . Run complex remote shell cmds over ssh 1 ssh host -l user $( ssh host -l user cat cmd.txt . Resume scp of a big file 2 rsync partial progress rsh=ssh $file_source $user@$host:$destination_file . Analyze traffic remotely over ssh w/ wireshark 3 ssh root@server.com tshark -f port !22 -w - | wireshark -k -i - . Have an ssh session open forever 4 autossh -M50000 -t server.example.com screen -raAd mysession . Harder, Faster, Stronger SSH clients 5 ssh -4 -C -c blowfish-cbc . Assem Chelli OpenSSH tricks . . . . .
  • 38. . BEST SSH Tricks 3 . Run complex remote shell cmds over ssh 1 ssh host -l user $( ssh host -l user cat cmd.txt . Resume scp of a big file 2 rsync partial progress rsh=ssh $file_source $user@$host:$destination_file . Analyze traffic remotely over ssh w/ wireshark 3 ssh root@server.com tshark -f port !22 -w - | wireshark -k -i - . Have an ssh session open forever 4 autossh -M50000 -t server.example.com screen -raAd mysession . Harder, Faster, Stronger SSH clients 5 ssh -4 -C -c blowfish-cbc . Assem Chelli OpenSSH tricks . . . . .
  • 39. . BEST SSH Tricks 3 . Run complex remote shell cmds over ssh 1 ssh host -l user $( ssh host -l user cat cmd.txt . Resume scp of a big file 2 rsync partial progress rsh=ssh $file_source $user@$host:$destination_file . Analyze traffic remotely over ssh w/ wireshark 3 ssh root@server.com tshark -f port !22 -w - | wireshark -k -i - . Have an ssh session open forever 4 autossh -M50000 -t server.example.com screen -raAd mysession . Harder, Faster, Stronger SSH clients 5 ssh -4 -C -c blowfish-cbc . Assem Chelli OpenSSH tricks . . . . .
  • 40. . Best SSH tricks 4 . Disable OpenSSH Server 1 apt-get remove openssh-server (ubuntu ) chkconfig sshd off && yum erase openssh-server (fedora) . Force to use SSH protocole 2 because SSH-1 is vulnerable (Man-in-the-middle attacks) 2 in /etc/ssh/sshd_config add the line: Protocol 2 . Limit root or Users’ SSH Access 3 in /etc/ssh/sshd_config find&modify the line: AllowUsers root assem or find&modify the line: DenyUsers omar zaki ali-baba or find&modify the line: PermitRootLogin no or create /etc/nologin . Enable a Warning Banner 4 in /etc/ssh/sshd_config add the line: Banner /etc/issue . Assem Chelli OpenSSH tricks . . . . .
  • 41. . Best SSH tricks 4 . Disable OpenSSH Server 1 apt-get remove openssh-server (ubuntu ) chkconfig sshd off && yum erase openssh-server (fedora) . Force to use SSH protocole 2 because SSH-1 is vulnerable (Man-in-the-middle attacks) 2 in /etc/ssh/sshd_config add the line: Protocol 2 . Limit root or Users’ SSH Access 3 in /etc/ssh/sshd_config find&modify the line: AllowUsers root assem or find&modify the line: DenyUsers omar zaki ali-baba or find&modify the line: PermitRootLogin no or create /etc/nologin . Enable a Warning Banner 4 in /etc/ssh/sshd_config add the line: Banner /etc/issue . Assem Chelli OpenSSH tricks . . . . .
  • 42. . Best SSH tricks 4 . Disable OpenSSH Server 1 apt-get remove openssh-server (ubuntu ) chkconfig sshd off && yum erase openssh-server (fedora) . Force to use SSH protocole 2 because SSH-1 is vulnerable (Man-in-the-middle attacks) 2 in /etc/ssh/sshd_config add the line: Protocol 2 . Limit root or Users’ SSH Access 3 in /etc/ssh/sshd_config find&modify the line: AllowUsers root assem or find&modify the line: DenyUsers omar zaki ali-baba or find&modify the line: PermitRootLogin no or create /etc/nologin . Enable a Warning Banner 4 in /etc/ssh/sshd_config add the line: Banner /etc/issue . Assem Chelli OpenSSH tricks . . . . .
  • 43. . Best SSH tricks 4 . Disable OpenSSH Server 1 apt-get remove openssh-server (ubuntu ) chkconfig sshd off && yum erase openssh-server (fedora) . Force to use SSH protocole 2 because SSH-1 is vulnerable (Man-in-the-middle attacks) 2 in /etc/ssh/sshd_config add the line: Protocol 2 . Limit root or Users’ SSH Access 3 in /etc/ssh/sshd_config find&modify the line: AllowUsers root assem or find&modify the line: DenyUsers omar zaki ali-baba or find&modify the line: PermitRootLogin no or create /etc/nologin . Enable a Warning Banner 4 in /etc/ssh/sshd_config add the line: Banner /etc/issue . Assem Chelli OpenSSH tricks . . . . .
  • 44. . Best SSH tricks 5 . Change SSH port 1 in /etc/ssh/sshd_config find&modify the line: Port 300 . Deny empty passwords 2 in /etc/ssh/sshd_config find&modify the line: PermitEmptyPasswords no . Use SSH as an Internet Proxy 3 Google it ! . Assem Chelli OpenSSH tricks . . . . .
  • 45. . Best SSH tricks 5 . Change SSH port 1 in /etc/ssh/sshd_config find&modify the line: Port 300 . Deny empty passwords 2 in /etc/ssh/sshd_config find&modify the line: PermitEmptyPasswords no . Use SSH as an Internet Proxy 3 Google it ! . Assem Chelli OpenSSH tricks . . . . .
  • 46. . Best SSH tricks 5 . Change SSH port 1 in /etc/ssh/sshd_config find&modify the line: Port 300 . Deny empty passwords 2 in /etc/ssh/sshd_config find&modify the line: PermitEmptyPasswords no . Use SSH as an Internet Proxy 3 Google it ! . Assem Chelli OpenSSH tricks . . . . .
  • 47. . Best SSH tricks 5 . Change SSH port 1 in /etc/ssh/sshd_config find&modify the line: Port 300 . Deny empty passwords 2 in /etc/ssh/sshd_config find&modify the line: PermitEmptyPasswords no . Use SSH as an Internet Proxy 3 Google it ! . Assem Chelli OpenSSH tricks . . . . .
  • 48. . Thwart SSH Crackers DenyHosts Fail2ban security/sshguard security/sshblock . Assem Chelli OpenSSH tricks . . . . .
  • 49. . SSH via Proxy! Proxy Problem! /etc/ssh/ssh_config host * proxyCommand connect -H 10.0.0.1:80 %h %p . Assem Chelli OpenSSH tricks . . . . .
  • 50. . SSH via Proxy! Proxy Problem! /etc/ssh/ssh_config host * proxyCommand connect -H 10.0.0.1:80 %h %p . Assem Chelli OpenSSH tricks . . . . .
  • 51. . forwarding over SSH Agent forwarding ssh -A trustedhost (your privatekeys can be stolen) X11 forwarding ssh -X user@host firefox ssh -Y user@host Port forwarding ssh -L8000:anotherhost:80 somehost . Assem Chelli OpenSSH tricks . . . . .
  • 53. . Security ssh-agent X11 GatewayPorts MITM SSH-1.99 SSH timing attack . Assem Chelli OpenSSH tricks . . . . .
  • 55. Appendix For Further Reading . For Further Reading I SSH tips, tricks & protocol tutorial .Damien Miller , AUUG Winter 2002 . 25 Best SSH Commands / Tricks. http://www.newitperson.com/2012/01/25-ssh-commandstricks/ SSH manpage . Assem Chelli OpenSSH tricks . . . . .