SlideShare une entreprise Scribd logo

OpenSSH tricks

Assem CHELLI
Assem CHELLI

Some useful tricks using OpenSSH

Technologie
1  sur  55
Télécharger pour lire hors ligne
. . OpenSSH tricks Assem Chelli assem.ch@gmail.com (@assem_ch) Hacknowledge Contest Algeria 2013 . Assem Chelli OpenSSH tricks . . . . .
. What is SSH? SSH: Secure SHell, a Network protocol Created by Tatu Ylonen (1995) Secure logging into remote computer Public key authentication (!Password), Authentication of the server (!MAN-IN-THE-MIDDLE ) Encryption, Integrity more features: Stream Compression Port forwarding X11 sessions forwarding File transfer . Assem Chelli OpenSSH tricks . . . . .
. WHY SSH IS SO IMPORTANT? IP spoofing IP source routing DNS spoofing Password sniffing Manipulation of transfer data Atack on X11 (sniffing on authorization) . Assem Chelli OpenSSH tricks . . . . .
. Install Open SSH SSH is so resricted , OPEN SSH is free! openssh-client , openssh-server sudo apt-get install openssh-client openssh-server sudo yum install openssh-client openssh-server WINDOWS: download & install PuTTY http://www.chiark.greenend.org.uk/ sgtatham/putty/ . Assem Chelli OpenSSH tricks . . . . .
. Basic SSH usage Remote login ssh hostname ssh -l user hostname ssh user@hostname cd:41:70:30:48:07:16:81:e5:30:34:66:f1:56:ef:db RSA key fingerprint —> yes / no (Public Key authentification) host’s password: _______ (Password authentification) known hosts ~/.ssh/known_hosts . Assem Chelli OpenSSH tricks . . . . .
. Basic SSH usage Remote login ssh hostname ssh -l user hostname ssh user@hostname cd:41:70:30:48:07:16:81:e5:30:34:66:f1:56:ef:db RSA key fingerprint —> yes / no (Public Key authentification) host’s password: _______ (Password authentification) known hosts ~/.ssh/known_hosts . Assem Chelli OpenSSH tricks . . . . .
. Omar in the middle! let’s play SERVER role! We put Server offline Someone fix his IP as the same IP of server Now try login again ssh host @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that the RSA host key has just been changed. . Assem Chelli OpenSSH tricks . . . . .
. Omar in the middle! let’s play SERVER role! We put Server offline Someone fix his IP as the same IP of server Now try login again ssh host @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that the RSA host key has just been changed. . Assem Chelli OpenSSH tricks . . . . .
. SSH replaces telnet. ssh host.domena.pl ssh user@host.domena.pl ssh -l user host.domena.pl . Assem Chelli OpenSSH tricks . . . . .
. SSH replaces FTP. sftp host.domena.pl sftp> dir . Assem Chelli OpenSSH tricks . . . . .
. SSH replaces r-command . rexec ssh host "cat /etc/passwd" rlogin ssh user@host rcp scp file host.domena.pl . Assem Chelli OpenSSH tricks . . . . .
. Executing commands remotely ssh host netstat ssh host "ls -C /bin" ssh host “cat /etc/passwd” ssh host “vi /tmp/foo ” ssh -t host vi /tmp/foo . Assem Chelli OpenSSH tricks . . . . .
. Executing commands remotely ssh host netstat ssh host "ls -C /bin" ssh host “cat /etc/passwd” ssh host “vi /tmp/foo ” ssh -t host vi /tmp/foo . Assem Chelli OpenSSH tricks . . . . .
. Redirecting commands input and output ssh host "ls /bin | grep -i rm" ssh host "ls /bin" | grep -i rm ssh host "cat /etc/passwd" > remote_passwd ssh host "psql billing" < billing.sql | grep -v ^INFO . Assem Chelli OpenSSH tricks . . . . .
. Redirecting commands input and output ssh host "ls /bin | grep -i rm" ssh host "ls /bin" | grep -i rm ssh host "cat /etc/passwd" > remote_passwd ssh host "psql billing" < billing.sql | grep -v ^INFO . Assem Chelli OpenSSH tricks . . . . .
. File transfer scp scp [user1@]host1:/path/to/source/file [user2@]host2:/path/to/destination/file scp -r sftp sftp host sftp> cd /usr/share/games sftp> ls sftp> lcd /tmp get c* quit tar-over-ssh ssh host "cd /usr/share/games ; tar cf - ./a*" | > (cd /tmp ; tar xpvf -) rsync rsync -ve ssh host:/bin/c* /tmp . Assem Chelli OpenSSH tricks . . . . .
. Public Keys Generate a public key ssh-keygen -t rsa cat ~/.ssh/id_rsa.pub Authentification ssh-add -l Restrictions cat ~/.ssh/authorized_keys . Assem Chelli OpenSSH tricks . . . . .
. Default Config Files and SSH Port /etc/ssh/sshd_config - OpenSSH server configuration file. /etc/ssh/ssh_config - OpenSSH client configuration file. ~/.ssh/ - Users ssh configuration directory. ~/.ssh/authorized_keys - Lists the public keys (RSA or DSA) that can be used to log into the users account /etc/nologin - If this file exists, sshd refuses to let anyone except root log in. /etc/hosts.allow and /etc/hosts.deny : Access controls lists that should be enforced by tcp-wrappers are defined here. SSH default port : TCP ?? . Assem Chelli OpenSSH tricks . . . . .
. Default Config Files and SSH Port /etc/ssh/sshd_config - OpenSSH server configuration file. /etc/ssh/ssh_config - OpenSSH client configuration file. ~/.ssh/ - Users ssh configuration directory. ~/.ssh/authorized_keys - Lists the public keys (RSA or DSA) that can be used to log into the users account /etc/nologin - If this file exists, sshd refuses to let anyone except root log in. /etc/hosts.allow and /etc/hosts.deny : Access controls lists that should be enforced by tcp-wrappers are defined here. SSH default port : TCP ?? . Assem Chelli OpenSSH tricks . . . . .
. Default Config Files and SSH Port /etc/ssh/sshd_config - OpenSSH server configuration file. /etc/ssh/ssh_config - OpenSSH client configuration file. ~/.ssh/ - Users ssh configuration directory. ~/.ssh/authorized_keys - Lists the public keys (RSA or DSA) that can be used to log into the users account /etc/nologin - If this file exists, sshd refuses to let anyone except root log in. /etc/hosts.allow and /etc/hosts.deny : Access controls lists that should be enforced by tcp-wrappers are defined here. SSH default port : TCP ?? . Assem Chelli OpenSSH tricks . . . . .
. Default Config Files and SSH Port /etc/ssh/sshd_config - OpenSSH server configuration file. /etc/ssh/ssh_config - OpenSSH client configuration file. ~/.ssh/ - Users ssh configuration directory. ~/.ssh/authorized_keys - Lists the public keys (RSA or DSA) that can be used to log into the users account /etc/nologin - If this file exists, sshd refuses to let anyone except root log in. /etc/hosts.allow and /etc/hosts.deny : Access controls lists that should be enforced by tcp-wrappers are defined here. SSH default port : TCP ?? . Assem Chelli OpenSSH tricks . . . . .
. Default Config Files and SSH Port /etc/ssh/sshd_config - OpenSSH server configuration file. /etc/ssh/ssh_config - OpenSSH client configuration file. ~/.ssh/ - Users ssh configuration directory. ~/.ssh/authorized_keys - Lists the public keys (RSA or DSA) that can be used to log into the users account /etc/nologin - If this file exists, sshd refuses to let anyone except root log in. /etc/hosts.allow and /etc/hosts.deny : Access controls lists that should be enforced by tcp-wrappers are defined here. SSH default port : TCP ?? . Assem Chelli OpenSSH tricks . . . . .
. Default Config Files and SSH Port /etc/ssh/sshd_config - OpenSSH server configuration file. /etc/ssh/ssh_config - OpenSSH client configuration file. ~/.ssh/ - Users ssh configuration directory. ~/.ssh/authorized_keys - Lists the public keys (RSA or DSA) that can be used to log into the users account /etc/nologin - If this file exists, sshd refuses to let anyone except root log in. /etc/hosts.allow and /etc/hosts.deny : Access controls lists that should be enforced by tcp-wrappers are defined here. SSH default port : TCP ?? . Assem Chelli OpenSSH tricks . . . . .
. Default Config Files and SSH Port /etc/ssh/sshd_config - OpenSSH server configuration file. /etc/ssh/ssh_config - OpenSSH client configuration file. ~/.ssh/ - Users ssh configuration directory. ~/.ssh/authorized_keys - Lists the public keys (RSA or DSA) that can be used to log into the users account /etc/nologin - If this file exists, sshd refuses to let anyone except root log in. /etc/hosts.allow and /etc/hosts.deny : Access controls lists that should be enforced by tcp-wrappers are defined here. SSH default port : TCP ?? . Assem Chelli OpenSSH tricks . . . . .
. BEST SSH Tricks 1 . Copy ssh keys to user@host to enable password-less ssh logins 1 ssh-copy-id user@host . Start a tunnel from some machines port 80 to your local post 2001 2 ssh -N -L2001:localhost:80 somemachine . Output your microphone to a remote computers speaker 3 dd if=/dev/dsp | ssh -c arcfour -C username@host dd of=/dev/dsp . Compare a remote file with a local file 4 ssh user@host cat /path/to/remotefile | diff /path/to/localfile - . Mount folder/filesystem through SSH 5 ss hfs name@server:/path/to/folder /path/to/mount/point . Assem Chelli OpenSSH tricks . . . . .
. BEST SSH Tricks 1 . Copy ssh keys to user@host to enable password-less ssh logins 1 ssh-copy-id user@host . Start a tunnel from some machines port 80 to your local post 2001 2 ssh -N -L2001:localhost:80 somemachine . Output your microphone to a remote computers speaker 3 dd if=/dev/dsp | ssh -c arcfour -C username@host dd of=/dev/dsp . Compare a remote file with a local file 4 ssh user@host cat /path/to/remotefile | diff /path/to/localfile - . Mount folder/filesystem through SSH 5 ss hfs name@server:/path/to/folder /path/to/mount/point . Assem Chelli OpenSSH tricks . . . . .
. BEST SSH Tricks 1 . Copy ssh keys to user@host to enable password-less ssh logins 1 ssh-copy-id user@host . Start a tunnel from some machines port 80 to your local post 2001 2 ssh -N -L2001:localhost:80 somemachine . Output your microphone to a remote computers speaker 3 dd if=/dev/dsp | ssh -c arcfour -C username@host dd of=/dev/dsp . Compare a remote file with a local file 4 ssh user@host cat /path/to/remotefile | diff /path/to/localfile - . Mount folder/filesystem through SSH 5 ss hfs name@server:/path/to/folder /path/to/mount/point . Assem Chelli OpenSSH tricks . . . . .
. BEST SSH Tricks 1 . Copy ssh keys to user@host to enable password-less ssh logins 1 ssh-copy-id user@host . Start a tunnel from some machines port 80 to your local post 2001 2 ssh -N -L2001:localhost:80 somemachine . Output your microphone to a remote computers speaker 3 dd if=/dev/dsp | ssh -c arcfour -C username@host dd of=/dev/dsp . Compare a remote file with a local file 4 ssh user@host cat /path/to/remotefile | diff /path/to/localfile - . Mount folder/filesystem through SSH 5 ss hfs name@server:/path/to/folder /path/to/mount/point . Assem Chelli OpenSSH tricks . . . . .
. BEST SSH Tricks 1 . Copy ssh keys to user@host to enable password-less ssh logins 1 ssh-copy-id user@host . Start a tunnel from some machines port 80 to your local post 2001 2 ssh -N -L2001:localhost:80 somemachine . Output your microphone to a remote computers speaker 3 dd if=/dev/dsp | ssh -c arcfour -C username@host dd of=/dev/dsp . Compare a remote file with a local file 4 ssh user@host cat /path/to/remotefile | diff /path/to/localfile - . Mount folder/filesystem through SSH 5 ss hfs name@server:/path/to/folder /path/to/mount/point . Assem Chelli OpenSSH tricks . . . . .
. BEST SSH Tricks 2 . SSH connection through host in the middle 1 ssh -t reachable_host ssh unreachable_host . Copy from host1 to host2, through your host 2 ssh root@host1 cd /somedir/tocopy/ && tar -cf . | ssh root@host2 cd /samedir/tocopyto/ && tar -xf - . Run any GUI program remotely 3 ssh -fX @ . Create a persistent connection to a machine 4 ssh -MNf @ . Attach screen over ssh 5 ssh -t remote_host screen -r . Assem Chelli OpenSSH tricks . . . . .
. BEST SSH Tricks 2 . SSH connection through host in the middle 1 ssh -t reachable_host ssh unreachable_host . Copy from host1 to host2, through your host 2 ssh root@host1 cd /somedir/tocopy/ && tar -cf . | ssh root@host2 cd /samedir/tocopyto/ && tar -xf - . Run any GUI program remotely 3 ssh -fX @ . Create a persistent connection to a machine 4 ssh -MNf @ . Attach screen over ssh 5 ssh -t remote_host screen -r . Assem Chelli OpenSSH tricks . . . . .
. BEST SSH Tricks 2 . SSH connection through host in the middle 1 ssh -t reachable_host ssh unreachable_host . Copy from host1 to host2, through your host 2 ssh root@host1 cd /somedir/tocopy/ && tar -cf . | ssh root@host2 cd /samedir/tocopyto/ && tar -xf - . Run any GUI program remotely 3 ssh -fX @ . Create a persistent connection to a machine 4 ssh -MNf @ . Attach screen over ssh 5 ssh -t remote_host screen -r . Assem Chelli OpenSSH tricks . . . . .
. BEST SSH Tricks 2 . SSH connection through host in the middle 1 ssh -t reachable_host ssh unreachable_host . Copy from host1 to host2, through your host 2 ssh root@host1 cd /somedir/tocopy/ && tar -cf . | ssh root@host2 cd /samedir/tocopyto/ && tar -xf - . Run any GUI program remotely 3 ssh -fX @ . Create a persistent connection to a machine 4 ssh -MNf @ . Attach screen over ssh 5 ssh -t remote_host screen -r . Assem Chelli OpenSSH tricks . . . . .
. BEST SSH Tricks 2 . SSH connection through host in the middle 1 ssh -t reachable_host ssh unreachable_host . Copy from host1 to host2, through your host 2 ssh root@host1 cd /somedir/tocopy/ && tar -cf . | ssh root@host2 cd /samedir/tocopyto/ && tar -xf - . Run any GUI program remotely 3 ssh -fX @ . Create a persistent connection to a machine 4 ssh -MNf @ . Attach screen over ssh 5 ssh -t remote_host screen -r . Assem Chelli OpenSSH tricks . . . . .
. BEST SSH Tricks 3 . Run complex remote shell cmds over ssh 1 ssh host -l user $( ssh host -l user cat cmd.txt . Resume scp of a big file 2 rsync partial progress rsh=ssh $file_source $user@$host:$destination_file . Analyze traffic remotely over ssh w/ wireshark 3 ssh root@server.com tshark -f port !22 -w - | wireshark -k -i - . Have an ssh session open forever 4 autossh -M50000 -t server.example.com screen -raAd mysession . Harder, Faster, Stronger SSH clients 5 ssh -4 -C -c blowfish-cbc . Assem Chelli OpenSSH tricks . . . . .
. BEST SSH Tricks 3 . Run complex remote shell cmds over ssh 1 ssh host -l user $( ssh host -l user cat cmd.txt . Resume scp of a big file 2 rsync partial progress rsh=ssh $file_source $user@$host:$destination_file . Analyze traffic remotely over ssh w/ wireshark 3 ssh root@server.com tshark -f port !22 -w - | wireshark -k -i - . Have an ssh session open forever 4 autossh -M50000 -t server.example.com screen -raAd mysession . Harder, Faster, Stronger SSH clients 5 ssh -4 -C -c blowfish-cbc . Assem Chelli OpenSSH tricks . . . . .
. BEST SSH Tricks 3 . Run complex remote shell cmds over ssh 1 ssh host -l user $( ssh host -l user cat cmd.txt . Resume scp of a big file 2 rsync partial progress rsh=ssh $file_source $user@$host:$destination_file . Analyze traffic remotely over ssh w/ wireshark 3 ssh root@server.com tshark -f port !22 -w - | wireshark -k -i - . Have an ssh session open forever 4 autossh -M50000 -t server.example.com screen -raAd mysession . Harder, Faster, Stronger SSH clients 5 ssh -4 -C -c blowfish-cbc . Assem Chelli OpenSSH tricks . . . . .
. BEST SSH Tricks 3 . Run complex remote shell cmds over ssh 1 ssh host -l user $( ssh host -l user cat cmd.txt . Resume scp of a big file 2 rsync partial progress rsh=ssh $file_source $user@$host:$destination_file . Analyze traffic remotely over ssh w/ wireshark 3 ssh root@server.com tshark -f port !22 -w - | wireshark -k -i - . Have an ssh session open forever 4 autossh -M50000 -t server.example.com screen -raAd mysession . Harder, Faster, Stronger SSH clients 5 ssh -4 -C -c blowfish-cbc . Assem Chelli OpenSSH tricks . . . . .
. BEST SSH Tricks 3 . Run complex remote shell cmds over ssh 1 ssh host -l user $( ssh host -l user cat cmd.txt . Resume scp of a big file 2 rsync partial progress rsh=ssh $file_source $user@$host:$destination_file . Analyze traffic remotely over ssh w/ wireshark 3 ssh root@server.com tshark -f port !22 -w - | wireshark -k -i - . Have an ssh session open forever 4 autossh -M50000 -t server.example.com screen -raAd mysession . Harder, Faster, Stronger SSH clients 5 ssh -4 -C -c blowfish-cbc . Assem Chelli OpenSSH tricks . . . . .
. Best SSH tricks 4 . Disable OpenSSH Server 1 apt-get remove openssh-server (ubuntu ) chkconfig sshd off && yum erase openssh-server (fedora) . Force to use SSH protocole 2 because SSH-1 is vulnerable (Man-in-the-middle attacks) 2 in /etc/ssh/sshd_config add the line: Protocol 2 . Limit root or Users’ SSH Access 3 in /etc/ssh/sshd_config find&modify the line: AllowUsers root assem or find&modify the line: DenyUsers omar zaki ali-baba or find&modify the line: PermitRootLogin no or create /etc/nologin . Enable a Warning Banner 4 in /etc/ssh/sshd_config add the line: Banner /etc/issue . Assem Chelli OpenSSH tricks . . . . .
. Best SSH tricks 4 . Disable OpenSSH Server 1 apt-get remove openssh-server (ubuntu ) chkconfig sshd off && yum erase openssh-server (fedora) . Force to use SSH protocole 2 because SSH-1 is vulnerable (Man-in-the-middle attacks) 2 in /etc/ssh/sshd_config add the line: Protocol 2 . Limit root or Users’ SSH Access 3 in /etc/ssh/sshd_config find&modify the line: AllowUsers root assem or find&modify the line: DenyUsers omar zaki ali-baba or find&modify the line: PermitRootLogin no or create /etc/nologin . Enable a Warning Banner 4 in /etc/ssh/sshd_config add the line: Banner /etc/issue . Assem Chelli OpenSSH tricks . . . . .
. Best SSH tricks 4 . Disable OpenSSH Server 1 apt-get remove openssh-server (ubuntu ) chkconfig sshd off && yum erase openssh-server (fedora) . Force to use SSH protocole 2 because SSH-1 is vulnerable (Man-in-the-middle attacks) 2 in /etc/ssh/sshd_config add the line: Protocol 2 . Limit root or Users’ SSH Access 3 in /etc/ssh/sshd_config find&modify the line: AllowUsers root assem or find&modify the line: DenyUsers omar zaki ali-baba or find&modify the line: PermitRootLogin no or create /etc/nologin . Enable a Warning Banner 4 in /etc/ssh/sshd_config add the line: Banner /etc/issue . Assem Chelli OpenSSH tricks . . . . .
. Best SSH tricks 4 . Disable OpenSSH Server 1 apt-get remove openssh-server (ubuntu ) chkconfig sshd off && yum erase openssh-server (fedora) . Force to use SSH protocole 2 because SSH-1 is vulnerable (Man-in-the-middle attacks) 2 in /etc/ssh/sshd_config add the line: Protocol 2 . Limit root or Users’ SSH Access 3 in /etc/ssh/sshd_config find&modify the line: AllowUsers root assem or find&modify the line: DenyUsers omar zaki ali-baba or find&modify the line: PermitRootLogin no or create /etc/nologin . Enable a Warning Banner 4 in /etc/ssh/sshd_config add the line: Banner /etc/issue . Assem Chelli OpenSSH tricks . . . . .
. Best SSH tricks 5 . Change SSH port 1 in /etc/ssh/sshd_config find&modify the line: Port 300 . Deny empty passwords 2 in /etc/ssh/sshd_config find&modify the line: PermitEmptyPasswords no . Use SSH as an Internet Proxy 3 Google it ! . Assem Chelli OpenSSH tricks . . . . .
. Best SSH tricks 5 . Change SSH port 1 in /etc/ssh/sshd_config find&modify the line: Port 300 . Deny empty passwords 2 in /etc/ssh/sshd_config find&modify the line: PermitEmptyPasswords no . Use SSH as an Internet Proxy 3 Google it ! . Assem Chelli OpenSSH tricks . . . . .
. Best SSH tricks 5 . Change SSH port 1 in /etc/ssh/sshd_config find&modify the line: Port 300 . Deny empty passwords 2 in /etc/ssh/sshd_config find&modify the line: PermitEmptyPasswords no . Use SSH as an Internet Proxy 3 Google it ! . Assem Chelli OpenSSH tricks . . . . .
. Best SSH tricks 5 . Change SSH port 1 in /etc/ssh/sshd_config find&modify the line: Port 300 . Deny empty passwords 2 in /etc/ssh/sshd_config find&modify the line: PermitEmptyPasswords no . Use SSH as an Internet Proxy 3 Google it ! . Assem Chelli OpenSSH tricks . . . . .
. Thwart SSH Crackers DenyHosts Fail2ban security/sshguard security/sshblock . Assem Chelli OpenSSH tricks . . . . .
. SSH via Proxy! Proxy Problem! /etc/ssh/ssh_config host * proxyCommand connect -H 10.0.0.1:80 %h %p . Assem Chelli OpenSSH tricks . . . . .
. SSH via Proxy! Proxy Problem! /etc/ssh/ssh_config host * proxyCommand connect -H 10.0.0.1:80 %h %p . Assem Chelli OpenSSH tricks . . . . .
. forwarding over SSH Agent forwarding ssh -A trustedhost (your privatekeys can be stolen) X11 forwarding ssh -X user@host firefox ssh -Y user@host Port forwarding ssh -L8000:anotherhost:80 somehost . Assem Chelli OpenSSH tricks . . . . .
. Tunneling types LocalForward RemoteForward DynamicForward ProxyCommand ForwardX11/ForwardX11Trusted Tunnel ControlMaster . Assem Chelli OpenSSH tricks . . . . .
. Security ssh-agent X11 GatewayPorts MITM SSH-1.99 SSH timing attack . Assem Chelli OpenSSH tricks . . . . .
Appendix . Questions Questions? . Assem Chelli OpenSSH tricks . . . . .
Appendix For Further Reading . For Further Reading I SSH tips, tricks & protocol tutorial .Damien Miller , AUUG Winter 2002 . 25 Best SSH Commands / Tricks. http://www.newitperson.com/2012/01/25-ssh-commandstricks/ SSH manpage . Assem Chelli OpenSSH tricks . . . . .

Recommandé

FLOSS UK DEVOPS Spring 2015 Enhancing ssh config
FLOSS UK DEVOPS Spring 2015 Enhancing ssh configFLOSS UK DEVOPS Spring 2015 Enhancing ssh config
FLOSS UK DEVOPS Spring 2015 Enhancing ssh configdmp1304
 
Introduction to SSH
Introduction to SSHIntroduction to SSH
Introduction to SSHHemant Shah
 
SSH
SSHSSH
SSHZach Dennis
 
SSH - Secure Shell
SSH - Secure ShellSSH - Secure Shell
SSH - Secure ShellPeter R. Egli
 
Ssh
SshSsh
SshRaghu nath
 
An introduction to SSH
An introduction to SSHAn introduction to SSH
An introduction to SSHnussbauml
 
Secure SHell
Secure SHellSecure SHell
Secure SHellÇağrı Çakır
 
Secure shell
Secure shellSecure shell
Secure shellArjun Aj
 

Recommandé

FLOSS UK DEVOPS Spring 2015 Enhancing ssh config
FLOSS UK DEVOPS Spring 2015 Enhancing ssh configFLOSS UK DEVOPS Spring 2015 Enhancing ssh config
FLOSS UK DEVOPS Spring 2015 Enhancing ssh configdmp1304
 
Introduction to SSH
Introduction to SSHIntroduction to SSH
Introduction to SSHHemant Shah
 
SSH
SSHSSH
SSHZach Dennis
 
SSH - Secure Shell
SSH - Secure ShellSSH - Secure Shell
SSH - Secure ShellPeter R. Egli
 
Ssh
SshSsh
SshRaghu nath
 
An introduction to SSH
An introduction to SSHAn introduction to SSH
An introduction to SSHnussbauml
 
Secure SHell
Secure SHellSecure SHell
Secure SHellÇağrı Çakır
 
Secure shell
Secure shellSecure shell
Secure shellArjun Aj
 
Secure shell protocol
Secure shell protocolSecure shell protocol
Secure shell protocolBaspally Sai Anirudh
 
SSH Tunneling Recipes
SSH Tunneling RecipesSSH Tunneling Recipes
SSH Tunneling RecipesOSOCO
 
Secure Shell(ssh)
Secure Shell(ssh)Secure Shell(ssh)
Secure Shell(ssh)Pina Parmar
 
Ssh (The Secure Shell)
Ssh (The Secure Shell)Ssh (The Secure Shell)
Ssh (The Secure Shell)Mehedi Farazi
 
Ssh
SshSsh
Sshgh02
 
Introduction to SSH & PGP
Introduction to SSH & PGPIntroduction to SSH & PGP
Introduction to SSH & PGPSarang Ananda Rao
 
Ssh And Rlogin
Ssh And RloginSsh And Rlogin
Ssh And RloginSourav Roy
 
Secure shell ppt
Secure shell pptSecure shell ppt
Secure shell pptsravya raju
 
Securing the tunnel with Raccoon
Securing the tunnel with RaccoonSecuring the tunnel with Raccoon
Securing the tunnel with RaccoonGloria Stoilova
 
Intro to SSH
Intro to SSHIntro to SSH
Intro to SSHJP Bourget
 
Windowshadoop
WindowshadoopWindowshadoop
Windowshadooparunkumar sadhasivam
 
Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform Enviornment
Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform EnviornmentNagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform Enviornment
Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform EnviornmentNagios
 
How to increase security with SSH
How to increase security with SSHHow to increase security with SSH
How to increase security with SSHVitalii Sharavara
 
Ssh that wonderful thing
Ssh that wonderful thingSsh that wonderful thing
Ssh that wonderful thingMarc Cluet
 
Meeting 5.2 : ssh
Meeting 5.2 : sshMeeting 5.2 : ssh
Meeting 5.2 : sshSyaiful Ahdan
 
Bh usa-01-kaminsky
Bh usa-01-kaminskyBh usa-01-kaminsky
Bh usa-01-kaminskyDan Kaminsky
 
Share File easily between computers using sftp
Share File easily between computers using sftpShare File easily between computers using sftp
Share File easily between computers using sftpTushar B Kute
 
Ssh tunnel
Ssh tunnelSsh tunnel
Ssh tunnelAmandeep Singh
 
SSH.ppt
SSH.pptSSH.ppt
SSH.pptjoekr1
 
SSH for pen-testers
SSH for pen-testersSSH for pen-testers
SSH for pen-testersE D Williams
 
Cent os 5 ssh
Cent os 5 sshCent os 5 ssh
Cent os 5 sshAlejandro Besne
 
tutorial-ssh.pdf
tutorial-ssh.pdftutorial-ssh.pdf
tutorial-ssh.pdfNigussMehari4
 

Contenu connexe

Tendances

SSH Tunneling Recipes
SSH Tunneling RecipesSSH Tunneling Recipes
SSH Tunneling RecipesOSOCO
 
Secure Shell(ssh)
Secure Shell(ssh)Secure Shell(ssh)
Secure Shell(ssh)Pina Parmar
 
Ssh (The Secure Shell)
Ssh (The Secure Shell)Ssh (The Secure Shell)
Ssh (The Secure Shell)Mehedi Farazi
 
Ssh
SshSsh
Sshgh02
 
Ssh And Rlogin
Ssh And RloginSsh And Rlogin
Ssh And RloginSourav Roy
 
Secure shell ppt
Secure shell pptSecure shell ppt
Secure shell pptsravya raju
 
Securing the tunnel with Raccoon
Securing the tunnel with RaccoonSecuring the tunnel with Raccoon
Securing the tunnel with RaccoonGloria Stoilova
 
Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform Enviornment
Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform EnviornmentNagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform Enviornment
Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform EnviornmentNagios
 
How to increase security with SSH
How to increase security with SSHHow to increase security with SSH
How to increase security with SSHVitalii Sharavara
 
Ssh that wonderful thing
Ssh that wonderful thingSsh that wonderful thing
Ssh that wonderful thingMarc Cluet
 
Bh usa-01-kaminsky
Bh usa-01-kaminskyBh usa-01-kaminsky
Bh usa-01-kaminskyDan Kaminsky
 
Share File easily between computers using sftp
Share File easily between computers using sftpShare File easily between computers using sftp
Share File easily between computers using sftpTushar B Kute
 
SSH.ppt
SSH.pptSSH.ppt
SSH.pptjoekr1
 

Tendances (19)

Secure shell protocol
Secure shell protocolSecure shell protocol
Secure shell protocol
 
SSH Tunneling Recipes
SSH Tunneling RecipesSSH Tunneling Recipes
SSH Tunneling Recipes
 
Secure Shell(ssh)
Secure Shell(ssh)Secure Shell(ssh)
Secure Shell(ssh)
 
Ssh (The Secure Shell)
Ssh (The Secure Shell)Ssh (The Secure Shell)
Ssh (The Secure Shell)
 
Ssh
SshSsh
Ssh
 
Introduction to SSH & PGP
Introduction to SSH & PGPIntroduction to SSH & PGP
Introduction to SSH & PGP
 
Ssh And Rlogin
Ssh And RloginSsh And Rlogin
Ssh And Rlogin
 
Secure shell ppt
Secure shell pptSecure shell ppt
Secure shell ppt
 
Securing the tunnel with Raccoon
Securing the tunnel with RaccoonSecuring the tunnel with Raccoon
Securing the tunnel with Raccoon
 
Intro to SSH
Intro to SSHIntro to SSH
Intro to SSH
 
Windowshadoop
WindowshadoopWindowshadoop
Windowshadoop
 
Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform Enviornment
Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform EnviornmentNagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform Enviornment
Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform Enviornment
 
How to increase security with SSH
How to increase security with SSHHow to increase security with SSH
How to increase security with SSH
 
Ssh that wonderful thing
Ssh that wonderful thingSsh that wonderful thing
Ssh that wonderful thing
 
Meeting 5.2 : ssh
Meeting 5.2 : sshMeeting 5.2 : ssh
Meeting 5.2 : ssh
 
Bh usa-01-kaminsky
Bh usa-01-kaminskyBh usa-01-kaminsky
Bh usa-01-kaminsky
 
Share File easily between computers using sftp
Share File easily between computers using sftpShare File easily between computers using sftp
Share File easily between computers using sftp
 
Ssh tunnel
Ssh tunnelSsh tunnel
Ssh tunnel
 
SSH.ppt
SSH.pptSSH.ppt
SSH.ppt
 

Similaire à OpenSSH tricks

SSH for pen-testers
SSH for pen-testersSSH for pen-testers
SSH for pen-testersE D Williams
 
Presentation nix
Presentation nixPresentation nix
Presentation nixfangjiafu
 
Presentation nix
Presentation nixPresentation nix
Presentation nixfangjiafu
 
How To Setup SSH Keys on CentOS 7
How To Setup SSH Keys on CentOS 7How To Setup SSH Keys on CentOS 7
How To Setup SSH Keys on CentOS 7VCP Muthukrishna
 
Linux advanced privilege escalation
Linux advanced privilege escalationLinux advanced privilege escalation
Linux advanced privilege escalationJameel Nabbo
 
OpenSSH: keep your secrets safe
OpenSSH: keep your secrets safeOpenSSH: keep your secrets safe
OpenSSH: keep your secrets safeGiovanni Bechis
 
Tomáš Čorej - OpenSSH
Tomáš Čorej - OpenSSHTomáš Čorej - OpenSSH
Tomáš Čorej - OpenSSHwebelement
 
Hadoop meet Rex(How to construct hadoop cluster with rex)
Hadoop meet Rex(How to construct hadoop cluster with rex)Hadoop meet Rex(How to construct hadoop cluster with rex)
Hadoop meet Rex(How to construct hadoop cluster with rex)Jun Hong Kim
 
Power point on linux commands,appache,php,mysql,html,css,web 2.0
Power point on linux commands,appache,php,mysql,html,css,web 2.0Power point on linux commands,appache,php,mysql,html,css,web 2.0
Power point on linux commands,appache,php,mysql,html,css,web 2.0venkatakrishnan k
 
Brief summary-standard-password-hashes-Aix-FreeBSD-Linux-Solaris-HP-UX-May-20...
Brief summary-standard-password-hashes-Aix-FreeBSD-Linux-Solaris-HP-UX-May-20...Brief summary-standard-password-hashes-Aix-FreeBSD-Linux-Solaris-HP-UX-May-20...
Brief summary-standard-password-hashes-Aix-FreeBSD-Linux-Solaris-HP-UX-May-20...Circling Cycle
 

Similaire à OpenSSH tricks (20)

SSH for pen-testers
SSH for pen-testersSSH for pen-testers
SSH for pen-testers
 
Cent os 5 ssh
Cent os 5 sshCent os 5 ssh
Cent os 5 ssh
 
tutorial-ssh.pdf
tutorial-ssh.pdftutorial-ssh.pdf
tutorial-ssh.pdf
 
SSH how to 2011
SSH how to 2011SSH how to 2011
SSH how to 2011
 
Presentation nix
Presentation nixPresentation nix
Presentation nix
 
Presentation nix
Presentation nixPresentation nix
Presentation nix
 
Ssh cookbook v2
Ssh cookbook v2Ssh cookbook v2
Ssh cookbook v2
 
Ssh cookbook
Ssh cookbookSsh cookbook
Ssh cookbook
 
How To Setup SSH Keys on CentOS 7
How To Setup SSH Keys on CentOS 7How To Setup SSH Keys on CentOS 7
How To Setup SSH Keys on CentOS 7
 
Linux advanced privilege escalation
Linux advanced privilege escalationLinux advanced privilege escalation
Linux advanced privilege escalation
 
OpenSSH: keep your secrets safe
OpenSSH: keep your secrets safeOpenSSH: keep your secrets safe
OpenSSH: keep your secrets safe
 
Tomáš Čorej - OpenSSH
Tomáš Čorej - OpenSSHTomáš Čorej - OpenSSH
Tomáš Čorej - OpenSSH
 
SSH.pdf
SSH.pdfSSH.pdf
SSH.pdf
 
Linuxserver harden
Linuxserver hardenLinuxserver harden
Linuxserver harden
 
Unsecuring SSH
Unsecuring SSHUnsecuring SSH
Unsecuring SSH
 
Hadoop meet Rex(How to construct hadoop cluster with rex)
Hadoop meet Rex(How to construct hadoop cluster with rex)Hadoop meet Rex(How to construct hadoop cluster with rex)
Hadoop meet Rex(How to construct hadoop cluster with rex)
 
Logging remotely open ssh
Logging remotely open sshLogging remotely open ssh
Logging remotely open ssh
 
Power point on linux commands,appache,php,mysql,html,css,web 2.0
Power point on linux commands,appache,php,mysql,html,css,web 2.0Power point on linux commands,appache,php,mysql,html,css,web 2.0
Power point on linux commands,appache,php,mysql,html,css,web 2.0
 
Linux presentation
Linux presentationLinux presentation
Linux presentation
 
Brief summary-standard-password-hashes-Aix-FreeBSD-Linux-Solaris-HP-UX-May-20...
Brief summary-standard-password-hashes-Aix-FreeBSD-Linux-Solaris-HP-UX-May-20...Brief summary-standard-password-hashes-Aix-FreeBSD-Linux-Solaris-HP-UX-May-20...
Brief summary-standard-password-hashes-Aix-FreeBSD-Linux-Solaris-HP-UX-May-20...
 

Plus de Assem CHELLI

How to get in GSoC , DevFest Algiers 2018
How to get in GSoC , DevFest Algiers 2018How to get in GSoC , DevFest Algiers 2018
How to get in GSoC , DevFest Algiers 2018Assem CHELLI
 
Dev environment for linux (Mainly KDE and python)
Dev environment for linux (Mainly KDE and python)Dev environment for linux (Mainly KDE and python)
Dev environment for linux (Mainly KDE and python)Assem CHELLI
 
تجربتي مع المساهمة في المشاريع الحرة - اليوم الحر
تجربتي مع المساهمة في المشاريع الحرة - اليوم الحر تجربتي مع المساهمة في المشاريع الحرة - اليوم الحر
تجربتي مع المساهمة في المشاريع الحرة - اليوم الحر Assem CHELLI
 
Proposal of an Advanced Retrieval System for NobleQur'an - Thesis defending
Proposal of an Advanced Retrieval System for NobleQur'an - Thesis defending Proposal of an Advanced Retrieval System for NobleQur'an - Thesis defending
Proposal of an Advanced Retrieval System for NobleQur'an - Thesis defending Assem CHELLI
 
Global Schema for Alfanous Quran Search Engine
Global Schema for Alfanous Quran Search EngineGlobal Schema for Alfanous Quran Search Engine
Global Schema for Alfanous Quran Search EngineAssem CHELLI
 
Proposal of an Advanced Retrieval System for Noble Qur’an
Proposal of an Advanced Retrieval System for Noble Qur’anProposal of an Advanced Retrieval System for Noble Qur’an
Proposal of an Advanced Retrieval System for Noble Qur’anAssem CHELLI
 
Alfanous Quran Search Engine API
Alfanous Quran Search Engine APIAlfanous Quran Search Engine API
Alfanous Quran Search Engine APIAssem CHELLI
 

Plus de Assem CHELLI (8)

How to get in GSoC , DevFest Algiers 2018
How to get in GSoC , DevFest Algiers 2018How to get in GSoC , DevFest Algiers 2018
How to get in GSoC , DevFest Algiers 2018
 
Dev environment for linux (Mainly KDE and python)
Dev environment for linux (Mainly KDE and python)Dev environment for linux (Mainly KDE and python)
Dev environment for linux (Mainly KDE and python)
 
Python Workshop
Python Workshop Python Workshop
Python Workshop
 
تجربتي مع المساهمة في المشاريع الحرة - اليوم الحر
تجربتي مع المساهمة في المشاريع الحرة - اليوم الحر تجربتي مع المساهمة في المشاريع الحرة - اليوم الحر
تجربتي مع المساهمة في المشاريع الحرة - اليوم الحر
 
Proposal of an Advanced Retrieval System for NobleQur'an - Thesis defending
Proposal of an Advanced Retrieval System for NobleQur'an - Thesis defending Proposal of an Advanced Retrieval System for NobleQur'an - Thesis defending
Proposal of an Advanced Retrieval System for NobleQur'an - Thesis defending
 
Global Schema for Alfanous Quran Search Engine
Global Schema for Alfanous Quran Search EngineGlobal Schema for Alfanous Quran Search Engine
Global Schema for Alfanous Quran Search Engine
 
Proposal of an Advanced Retrieval System for Noble Qur’an
Proposal of an Advanced Retrieval System for Noble Qur’anProposal of an Advanced Retrieval System for Noble Qur’an
Proposal of an Advanced Retrieval System for Noble Qur’an
 
Alfanous Quran Search Engine API
Alfanous Quran Search Engine APIAlfanous Quran Search Engine API
Alfanous Quran Search Engine API
 

Dernier

Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfSeasiaInfotech2
 

Dernier (20)

Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
 

OpenSSH tricks

  • 1. . . OpenSSH tricks Assem Chelli assem.ch@gmail.com (@assem_ch) Hacknowledge Contest Algeria 2013 . Assem Chelli OpenSSH tricks . . . . .
  • 2. . What is SSH? SSH: Secure SHell, a Network protocol Created by Tatu Ylonen (1995) Secure logging into remote computer Public key authentication (!Password), Authentication of the server (!MAN-IN-THE-MIDDLE ) Encryption, Integrity more features: Stream Compression Port forwarding X11 sessions forwarding File transfer . Assem Chelli OpenSSH tricks . . . . .
  • 3. . WHY SSH IS SO IMPORTANT? IP spoofing IP source routing DNS spoofing Password sniffing Manipulation of transfer data Atack on X11 (sniffing on authorization) . Assem Chelli OpenSSH tricks . . . . .
  • 4. . Install Open SSH SSH is so resricted , OPEN SSH is free! openssh-client , openssh-server sudo apt-get install openssh-client openssh-server sudo yum install openssh-client openssh-server WINDOWS: download & install PuTTY http://www.chiark.greenend.org.uk/ sgtatham/putty/ . Assem Chelli OpenSSH tricks . . . . .
  • 5. . Basic SSH usage Remote login ssh hostname ssh -l user hostname ssh user@hostname cd:41:70:30:48:07:16:81:e5:30:34:66:f1:56:ef:db RSA key fingerprint —> yes / no (Public Key authentification) host’s password: _______ (Password authentification) known hosts ~/.ssh/known_hosts . Assem Chelli OpenSSH tricks . . . . .
  • 6. . Basic SSH usage Remote login ssh hostname ssh -l user hostname ssh user@hostname cd:41:70:30:48:07:16:81:e5:30:34:66:f1:56:ef:db RSA key fingerprint —> yes / no (Public Key authentification) host’s password: _______ (Password authentification) known hosts ~/.ssh/known_hosts . Assem Chelli OpenSSH tricks . . . . .
  • 7. . Omar in the middle! let’s play SERVER role! We put Server offline Someone fix his IP as the same IP of server Now try login again ssh host @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that the RSA host key has just been changed. . Assem Chelli OpenSSH tricks . . . . .
  • 8. . Omar in the middle! let’s play SERVER role! We put Server offline Someone fix his IP as the same IP of server Now try login again ssh host @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that the RSA host key has just been changed. . Assem Chelli OpenSSH tricks . . . . .
  • 9. . SSH replaces telnet. ssh host.domena.pl ssh user@host.domena.pl ssh -l user host.domena.pl . Assem Chelli OpenSSH tricks . . . . .
  • 10. . SSH replaces FTP. sftp host.domena.pl sftp> dir . Assem Chelli OpenSSH tricks . . . . .
  • 11. . SSH replaces r-command . rexec ssh host "cat /etc/passwd" rlogin ssh user@host rcp scp file host.domena.pl . Assem Chelli OpenSSH tricks . . . . .
  • 12. . Executing commands remotely ssh host netstat ssh host "ls -C /bin" ssh host “cat /etc/passwd” ssh host “vi /tmp/foo ” ssh -t host vi /tmp/foo . Assem Chelli OpenSSH tricks . . . . .
  • 13. . Executing commands remotely ssh host netstat ssh host "ls -C /bin" ssh host “cat /etc/passwd” ssh host “vi /tmp/foo ” ssh -t host vi /tmp/foo . Assem Chelli OpenSSH tricks . . . . .
  • 14. . Redirecting commands input and output ssh host "ls /bin | grep -i rm" ssh host "ls /bin" | grep -i rm ssh host "cat /etc/passwd" > remote_passwd ssh host "psql billing" < billing.sql | grep -v ^INFO . Assem Chelli OpenSSH tricks . . . . .
  • 15. . Redirecting commands input and output ssh host "ls /bin | grep -i rm" ssh host "ls /bin" | grep -i rm ssh host "cat /etc/passwd" > remote_passwd ssh host "psql billing" < billing.sql | grep -v ^INFO . Assem Chelli OpenSSH tricks . . . . .
  • 16. . File transfer scp scp [user1@]host1:/path/to/source/file [user2@]host2:/path/to/destination/file scp -r sftp sftp host sftp> cd /usr/share/games sftp> ls sftp> lcd /tmp get c* quit tar-over-ssh ssh host "cd /usr/share/games ; tar cf - ./a*" | > (cd /tmp ; tar xpvf -) rsync rsync -ve ssh host:/bin/c* /tmp . Assem Chelli OpenSSH tricks . . . . .
  • 17. . Public Keys Generate a public key ssh-keygen -t rsa cat ~/.ssh/id_rsa.pub Authentification ssh-add -l Restrictions cat ~/.ssh/authorized_keys . Assem Chelli OpenSSH tricks . . . . .
  • 18. . Default Config Files and SSH Port /etc/ssh/sshd_config - OpenSSH server configuration file. /etc/ssh/ssh_config - OpenSSH client configuration file. ~/.ssh/ - Users ssh configuration directory. ~/.ssh/authorized_keys - Lists the public keys (RSA or DSA) that can be used to log into the users account /etc/nologin - If this file exists, sshd refuses to let anyone except root log in. /etc/hosts.allow and /etc/hosts.deny : Access controls lists that should be enforced by tcp-wrappers are defined here. SSH default port : TCP ?? . Assem Chelli OpenSSH tricks . . . . .
  • 19. . Default Config Files and SSH Port /etc/ssh/sshd_config - OpenSSH server configuration file. /etc/ssh/ssh_config - OpenSSH client configuration file. ~/.ssh/ - Users ssh configuration directory. ~/.ssh/authorized_keys - Lists the public keys (RSA or DSA) that can be used to log into the users account /etc/nologin - If this file exists, sshd refuses to let anyone except root log in. /etc/hosts.allow and /etc/hosts.deny : Access controls lists that should be enforced by tcp-wrappers are defined here. SSH default port : TCP ?? . Assem Chelli OpenSSH tricks . . . . .
  • 20. . Default Config Files and SSH Port /etc/ssh/sshd_config - OpenSSH server configuration file. /etc/ssh/ssh_config - OpenSSH client configuration file. ~/.ssh/ - Users ssh configuration directory. ~/.ssh/authorized_keys - Lists the public keys (RSA or DSA) that can be used to log into the users account /etc/nologin - If this file exists, sshd refuses to let anyone except root log in. /etc/hosts.allow and /etc/hosts.deny : Access controls lists that should be enforced by tcp-wrappers are defined here. SSH default port : TCP ?? . Assem Chelli OpenSSH tricks . . . . .
  • 21. . Default Config Files and SSH Port /etc/ssh/sshd_config - OpenSSH server configuration file. /etc/ssh/ssh_config - OpenSSH client configuration file. ~/.ssh/ - Users ssh configuration directory. ~/.ssh/authorized_keys - Lists the public keys (RSA or DSA) that can be used to log into the users account /etc/nologin - If this file exists, sshd refuses to let anyone except root log in. /etc/hosts.allow and /etc/hosts.deny : Access controls lists that should be enforced by tcp-wrappers are defined here. SSH default port : TCP ?? . Assem Chelli OpenSSH tricks . . . . .
  • 22. . Default Config Files and SSH Port /etc/ssh/sshd_config - OpenSSH server configuration file. /etc/ssh/ssh_config - OpenSSH client configuration file. ~/.ssh/ - Users ssh configuration directory. ~/.ssh/authorized_keys - Lists the public keys (RSA or DSA) that can be used to log into the users account /etc/nologin - If this file exists, sshd refuses to let anyone except root log in. /etc/hosts.allow and /etc/hosts.deny : Access controls lists that should be enforced by tcp-wrappers are defined here. SSH default port : TCP ?? . Assem Chelli OpenSSH tricks . . . . .
  • 23. . Default Config Files and SSH Port /etc/ssh/sshd_config - OpenSSH server configuration file. /etc/ssh/ssh_config - OpenSSH client configuration file. ~/.ssh/ - Users ssh configuration directory. ~/.ssh/authorized_keys - Lists the public keys (RSA or DSA) that can be used to log into the users account /etc/nologin - If this file exists, sshd refuses to let anyone except root log in. /etc/hosts.allow and /etc/hosts.deny : Access controls lists that should be enforced by tcp-wrappers are defined here. SSH default port : TCP ?? . Assem Chelli OpenSSH tricks . . . . .
  • 24. . Default Config Files and SSH Port /etc/ssh/sshd_config - OpenSSH server configuration file. /etc/ssh/ssh_config - OpenSSH client configuration file. ~/.ssh/ - Users ssh configuration directory. ~/.ssh/authorized_keys - Lists the public keys (RSA or DSA) that can be used to log into the users account /etc/nologin - If this file exists, sshd refuses to let anyone except root log in. /etc/hosts.allow and /etc/hosts.deny : Access controls lists that should be enforced by tcp-wrappers are defined here. SSH default port : TCP ?? . Assem Chelli OpenSSH tricks . . . . .
  • 25. . BEST SSH Tricks 1 . Copy ssh keys to user@host to enable password-less ssh logins 1 ssh-copy-id user@host . Start a tunnel from some machines port 80 to your local post 2001 2 ssh -N -L2001:localhost:80 somemachine . Output your microphone to a remote computers speaker 3 dd if=/dev/dsp | ssh -c arcfour -C username@host dd of=/dev/dsp . Compare a remote file with a local file 4 ssh user@host cat /path/to/remotefile | diff /path/to/localfile - . Mount folder/filesystem through SSH 5 ss hfs name@server:/path/to/folder /path/to/mount/point . Assem Chelli OpenSSH tricks . . . . .
  • 26. . BEST SSH Tricks 1 . Copy ssh keys to user@host to enable password-less ssh logins 1 ssh-copy-id user@host . Start a tunnel from some machines port 80 to your local post 2001 2 ssh -N -L2001:localhost:80 somemachine . Output your microphone to a remote computers speaker 3 dd if=/dev/dsp | ssh -c arcfour -C username@host dd of=/dev/dsp . Compare a remote file with a local file 4 ssh user@host cat /path/to/remotefile | diff /path/to/localfile - . Mount folder/filesystem through SSH 5 ss hfs name@server:/path/to/folder /path/to/mount/point . Assem Chelli OpenSSH tricks . . . . .
  • 27. . BEST SSH Tricks 1 . Copy ssh keys to user@host to enable password-less ssh logins 1 ssh-copy-id user@host . Start a tunnel from some machines port 80 to your local post 2001 2 ssh -N -L2001:localhost:80 somemachine . Output your microphone to a remote computers speaker 3 dd if=/dev/dsp | ssh -c arcfour -C username@host dd of=/dev/dsp . Compare a remote file with a local file 4 ssh user@host cat /path/to/remotefile | diff /path/to/localfile - . Mount folder/filesystem through SSH 5 ss hfs name@server:/path/to/folder /path/to/mount/point . Assem Chelli OpenSSH tricks . . . . .
  • 28. . BEST SSH Tricks 1 . Copy ssh keys to user@host to enable password-less ssh logins 1 ssh-copy-id user@host . Start a tunnel from some machines port 80 to your local post 2001 2 ssh -N -L2001:localhost:80 somemachine . Output your microphone to a remote computers speaker 3 dd if=/dev/dsp | ssh -c arcfour -C username@host dd of=/dev/dsp . Compare a remote file with a local file 4 ssh user@host cat /path/to/remotefile | diff /path/to/localfile - . Mount folder/filesystem through SSH 5 ss hfs name@server:/path/to/folder /path/to/mount/point . Assem Chelli OpenSSH tricks . . . . .
  • 29. . BEST SSH Tricks 1 . Copy ssh keys to user@host to enable password-less ssh logins 1 ssh-copy-id user@host . Start a tunnel from some machines port 80 to your local post 2001 2 ssh -N -L2001:localhost:80 somemachine . Output your microphone to a remote computers speaker 3 dd if=/dev/dsp | ssh -c arcfour -C username@host dd of=/dev/dsp . Compare a remote file with a local file 4 ssh user@host cat /path/to/remotefile | diff /path/to/localfile - . Mount folder/filesystem through SSH 5 ss hfs name@server:/path/to/folder /path/to/mount/point . Assem Chelli OpenSSH tricks . . . . .
  • 30. . BEST SSH Tricks 2 . SSH connection through host in the middle 1 ssh -t reachable_host ssh unreachable_host . Copy from host1 to host2, through your host 2 ssh root@host1 cd /somedir/tocopy/ && tar -cf . | ssh root@host2 cd /samedir/tocopyto/ && tar -xf - . Run any GUI program remotely 3 ssh -fX @ . Create a persistent connection to a machine 4 ssh -MNf @ . Attach screen over ssh 5 ssh -t remote_host screen -r . Assem Chelli OpenSSH tricks . . . . .
  • 31. . BEST SSH Tricks 2 . SSH connection through host in the middle 1 ssh -t reachable_host ssh unreachable_host . Copy from host1 to host2, through your host 2 ssh root@host1 cd /somedir/tocopy/ && tar -cf . | ssh root@host2 cd /samedir/tocopyto/ && tar -xf - . Run any GUI program remotely 3 ssh -fX @ . Create a persistent connection to a machine 4 ssh -MNf @ . Attach screen over ssh 5 ssh -t remote_host screen -r . Assem Chelli OpenSSH tricks . . . . .
  • 32. . BEST SSH Tricks 2 . SSH connection through host in the middle 1 ssh -t reachable_host ssh unreachable_host . Copy from host1 to host2, through your host 2 ssh root@host1 cd /somedir/tocopy/ && tar -cf . | ssh root@host2 cd /samedir/tocopyto/ && tar -xf - . Run any GUI program remotely 3 ssh -fX @ . Create a persistent connection to a machine 4 ssh -MNf @ . Attach screen over ssh 5 ssh -t remote_host screen -r . Assem Chelli OpenSSH tricks . . . . .
  • 33. . BEST SSH Tricks 2 . SSH connection through host in the middle 1 ssh -t reachable_host ssh unreachable_host . Copy from host1 to host2, through your host 2 ssh root@host1 cd /somedir/tocopy/ && tar -cf . | ssh root@host2 cd /samedir/tocopyto/ && tar -xf - . Run any GUI program remotely 3 ssh -fX @ . Create a persistent connection to a machine 4 ssh -MNf @ . Attach screen over ssh 5 ssh -t remote_host screen -r . Assem Chelli OpenSSH tricks . . . . .
  • 34. . BEST SSH Tricks 2 . SSH connection through host in the middle 1 ssh -t reachable_host ssh unreachable_host . Copy from host1 to host2, through your host 2 ssh root@host1 cd /somedir/tocopy/ && tar -cf . | ssh root@host2 cd /samedir/tocopyto/ && tar -xf - . Run any GUI program remotely 3 ssh -fX @ . Create a persistent connection to a machine 4 ssh -MNf @ . Attach screen over ssh 5 ssh -t remote_host screen -r . Assem Chelli OpenSSH tricks . . . . .
  • 35. . BEST SSH Tricks 3 . Run complex remote shell cmds over ssh 1 ssh host -l user $( ssh host -l user cat cmd.txt . Resume scp of a big file 2 rsync partial progress rsh=ssh $file_source $user@$host:$destination_file . Analyze traffic remotely over ssh w/ wireshark 3 ssh root@server.com tshark -f port !22 -w - | wireshark -k -i - . Have an ssh session open forever 4 autossh -M50000 -t server.example.com screen -raAd mysession . Harder, Faster, Stronger SSH clients 5 ssh -4 -C -c blowfish-cbc . Assem Chelli OpenSSH tricks . . . . .
  • 36. . BEST SSH Tricks 3 . Run complex remote shell cmds over ssh 1 ssh host -l user $( ssh host -l user cat cmd.txt . Resume scp of a big file 2 rsync partial progress rsh=ssh $file_source $user@$host:$destination_file . Analyze traffic remotely over ssh w/ wireshark 3 ssh root@server.com tshark -f port !22 -w - | wireshark -k -i - . Have an ssh session open forever 4 autossh -M50000 -t server.example.com screen -raAd mysession . Harder, Faster, Stronger SSH clients 5 ssh -4 -C -c blowfish-cbc . Assem Chelli OpenSSH tricks . . . . .
  • 37. . BEST SSH Tricks 3 . Run complex remote shell cmds over ssh 1 ssh host -l user $( ssh host -l user cat cmd.txt . Resume scp of a big file 2 rsync partial progress rsh=ssh $file_source $user@$host:$destination_file . Analyze traffic remotely over ssh w/ wireshark 3 ssh root@server.com tshark -f port !22 -w - | wireshark -k -i - . Have an ssh session open forever 4 autossh -M50000 -t server.example.com screen -raAd mysession . Harder, Faster, Stronger SSH clients 5 ssh -4 -C -c blowfish-cbc . Assem Chelli OpenSSH tricks . . . . .
  • 38. . BEST SSH Tricks 3 . Run complex remote shell cmds over ssh 1 ssh host -l user $( ssh host -l user cat cmd.txt . Resume scp of a big file 2 rsync partial progress rsh=ssh $file_source $user@$host:$destination_file . Analyze traffic remotely over ssh w/ wireshark 3 ssh root@server.com tshark -f port !22 -w - | wireshark -k -i - . Have an ssh session open forever 4 autossh -M50000 -t server.example.com screen -raAd mysession . Harder, Faster, Stronger SSH clients 5 ssh -4 -C -c blowfish-cbc . Assem Chelli OpenSSH tricks . . . . .
  • 39. . BEST SSH Tricks 3 . Run complex remote shell cmds over ssh 1 ssh host -l user $( ssh host -l user cat cmd.txt . Resume scp of a big file 2 rsync partial progress rsh=ssh $file_source $user@$host:$destination_file . Analyze traffic remotely over ssh w/ wireshark 3 ssh root@server.com tshark -f port !22 -w - | wireshark -k -i - . Have an ssh session open forever 4 autossh -M50000 -t server.example.com screen -raAd mysession . Harder, Faster, Stronger SSH clients 5 ssh -4 -C -c blowfish-cbc . Assem Chelli OpenSSH tricks . . . . .
  • 40. . Best SSH tricks 4 . Disable OpenSSH Server 1 apt-get remove openssh-server (ubuntu ) chkconfig sshd off && yum erase openssh-server (fedora) . Force to use SSH protocole 2 because SSH-1 is vulnerable (Man-in-the-middle attacks) 2 in /etc/ssh/sshd_config add the line: Protocol 2 . Limit root or Users’ SSH Access 3 in /etc/ssh/sshd_config find&modify the line: AllowUsers root assem or find&modify the line: DenyUsers omar zaki ali-baba or find&modify the line: PermitRootLogin no or create /etc/nologin . Enable a Warning Banner 4 in /etc/ssh/sshd_config add the line: Banner /etc/issue . Assem Chelli OpenSSH tricks . . . . .
  • 41. . Best SSH tricks 4 . Disable OpenSSH Server 1 apt-get remove openssh-server (ubuntu ) chkconfig sshd off && yum erase openssh-server (fedora) . Force to use SSH protocole 2 because SSH-1 is vulnerable (Man-in-the-middle attacks) 2 in /etc/ssh/sshd_config add the line: Protocol 2 . Limit root or Users’ SSH Access 3 in /etc/ssh/sshd_config find&modify the line: AllowUsers root assem or find&modify the line: DenyUsers omar zaki ali-baba or find&modify the line: PermitRootLogin no or create /etc/nologin . Enable a Warning Banner 4 in /etc/ssh/sshd_config add the line: Banner /etc/issue . Assem Chelli OpenSSH tricks . . . . .
  • 42. . Best SSH tricks 4 . Disable OpenSSH Server 1 apt-get remove openssh-server (ubuntu ) chkconfig sshd off && yum erase openssh-server (fedora) . Force to use SSH protocole 2 because SSH-1 is vulnerable (Man-in-the-middle attacks) 2 in /etc/ssh/sshd_config add the line: Protocol 2 . Limit root or Users’ SSH Access 3 in /etc/ssh/sshd_config find&modify the line: AllowUsers root assem or find&modify the line: DenyUsers omar zaki ali-baba or find&modify the line: PermitRootLogin no or create /etc/nologin . Enable a Warning Banner 4 in /etc/ssh/sshd_config add the line: Banner /etc/issue . Assem Chelli OpenSSH tricks . . . . .
  • 43. . Best SSH tricks 4 . Disable OpenSSH Server 1 apt-get remove openssh-server (ubuntu ) chkconfig sshd off && yum erase openssh-server (fedora) . Force to use SSH protocole 2 because SSH-1 is vulnerable (Man-in-the-middle attacks) 2 in /etc/ssh/sshd_config add the line: Protocol 2 . Limit root or Users’ SSH Access 3 in /etc/ssh/sshd_config find&modify the line: AllowUsers root assem or find&modify the line: DenyUsers omar zaki ali-baba or find&modify the line: PermitRootLogin no or create /etc/nologin . Enable a Warning Banner 4 in /etc/ssh/sshd_config add the line: Banner /etc/issue . Assem Chelli OpenSSH tricks . . . . .
  • 44. . Best SSH tricks 5 . Change SSH port 1 in /etc/ssh/sshd_config find&modify the line: Port 300 . Deny empty passwords 2 in /etc/ssh/sshd_config find&modify the line: PermitEmptyPasswords no . Use SSH as an Internet Proxy 3 Google it ! . Assem Chelli OpenSSH tricks . . . . .
  • 45. . Best SSH tricks 5 . Change SSH port 1 in /etc/ssh/sshd_config find&modify the line: Port 300 . Deny empty passwords 2 in /etc/ssh/sshd_config find&modify the line: PermitEmptyPasswords no . Use SSH as an Internet Proxy 3 Google it ! . Assem Chelli OpenSSH tricks . . . . .
  • 46. . Best SSH tricks 5 . Change SSH port 1 in /etc/ssh/sshd_config find&modify the line: Port 300 . Deny empty passwords 2 in /etc/ssh/sshd_config find&modify the line: PermitEmptyPasswords no . Use SSH as an Internet Proxy 3 Google it ! . Assem Chelli OpenSSH tricks . . . . .
  • 47. . Best SSH tricks 5 . Change SSH port 1 in /etc/ssh/sshd_config find&modify the line: Port 300 . Deny empty passwords 2 in /etc/ssh/sshd_config find&modify the line: PermitEmptyPasswords no . Use SSH as an Internet Proxy 3 Google it ! . Assem Chelli OpenSSH tricks . . . . .
  • 48. . Thwart SSH Crackers DenyHosts Fail2ban security/sshguard security/sshblock . Assem Chelli OpenSSH tricks . . . . .
  • 49. . SSH via Proxy! Proxy Problem! /etc/ssh/ssh_config host * proxyCommand connect -H 10.0.0.1:80 %h %p . Assem Chelli OpenSSH tricks . . . . .
  • 50. . SSH via Proxy! Proxy Problem! /etc/ssh/ssh_config host * proxyCommand connect -H 10.0.0.1:80 %h %p . Assem Chelli OpenSSH tricks . . . . .
  • 51. . forwarding over SSH Agent forwarding ssh -A trustedhost (your privatekeys can be stolen) X11 forwarding ssh -X user@host firefox ssh -Y user@host Port forwarding ssh -L8000:anotherhost:80 somehost . Assem Chelli OpenSSH tricks . . . . .
  • 53. . Security ssh-agent X11 GatewayPorts MITM SSH-1.99 SSH timing attack . Assem Chelli OpenSSH tricks . . . . .
  • 55. Appendix For Further Reading . For Further Reading I SSH tips, tricks & protocol tutorial .Damien Miller , AUUG Winter 2002 . 25 Best SSH Commands / Tricks. http://www.newitperson.com/2012/01/25-ssh-commandstricks/ SSH manpage . Assem Chelli OpenSSH tricks . . . . .