2. . What is SSH?
SSH: Secure SHell, a Network protocol Created by Tatu
Ylonen (1995)
Secure logging into remote computer
Public key authentication (!Password),
Authentication of the server (!MAN-IN-THE-MIDDLE )
Encryption,
Integrity
more features:
Stream Compression
Port forwarding
X11 sessions forwarding
File transfer
.
Assem Chelli
OpenSSH tricks
.
.
.
.
.
3. . WHY SSH IS SO IMPORTANT?
IP spoofing
IP source routing
DNS spoofing
Password sniffing
Manipulation of transfer data Atack on X11 (sniffing on
authorization)
.
Assem Chelli
OpenSSH tricks
.
.
.
.
.
4. . Install Open SSH
SSH is so resricted , OPEN SSH is free!
openssh-client , openssh-server
sudo apt-get install openssh-client openssh-server
sudo yum install openssh-client openssh-server
WINDOWS: download & install PuTTY
http://www.chiark.greenend.org.uk/ sgtatham/putty/
.
Assem Chelli
OpenSSH tricks
.
.
.
.
.
7. . Omar in the middle!
let’s play SERVER role!
We put Server offline
Someone fix his IP as the same IP of server
Now try login again
ssh host
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle
attack)!
It is also possible that the RSA host key has just been changed.
.
Assem Chelli
OpenSSH tricks
.
.
.
.
.
8. . Omar in the middle!
let’s play SERVER role!
We put Server offline
Someone fix his IP as the same IP of server
Now try login again
ssh host
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle
attack)!
It is also possible that the RSA host key has just been changed.
.
Assem Chelli
OpenSSH tricks
.
.
.
.
.
16. . File transfer
scp
scp [user1@]host1:/path/to/source/file
[user2@]host2:/path/to/destination/file
scp -r
sftp
sftp host
sftp> cd /usr/share/games
sftp> ls
sftp> lcd /tmp
get c*
quit
tar-over-ssh
ssh host "cd /usr/share/games ; tar cf - ./a*" |
> (cd /tmp ; tar xpvf -)
rsync
rsync -ve ssh host:/bin/c* /tmp
.
Assem Chelli
OpenSSH tricks
.
.
.
.
.
17. . Public Keys
Generate a public key
ssh-keygen -t rsa
cat ~/.ssh/id_rsa.pub
Authentification
ssh-add -l
Restrictions
cat ~/.ssh/authorized_keys
.
Assem Chelli
OpenSSH tricks
.
.
.
.
.
18. . Default Config Files and SSH Port
/etc/ssh/sshd_config - OpenSSH server configuration file.
/etc/ssh/ssh_config - OpenSSH client configuration file.
~/.ssh/ - Users ssh configuration directory.
~/.ssh/authorized_keys - Lists the public keys (RSA or
DSA) that can be used to log into the users account
/etc/nologin - If this file exists, sshd refuses to let anyone
except root log in.
/etc/hosts.allow and /etc/hosts.deny : Access controls
lists that should be enforced by tcp-wrappers are defined here.
SSH default port : TCP ??
.
Assem Chelli
OpenSSH tricks
.
.
.
.
.
19. . Default Config Files and SSH Port
/etc/ssh/sshd_config - OpenSSH server configuration file.
/etc/ssh/ssh_config - OpenSSH client configuration file.
~/.ssh/ - Users ssh configuration directory.
~/.ssh/authorized_keys - Lists the public keys (RSA or
DSA) that can be used to log into the users account
/etc/nologin - If this file exists, sshd refuses to let anyone
except root log in.
/etc/hosts.allow and /etc/hosts.deny : Access controls
lists that should be enforced by tcp-wrappers are defined here.
SSH default port : TCP ??
.
Assem Chelli
OpenSSH tricks
.
.
.
.
.
20. . Default Config Files and SSH Port
/etc/ssh/sshd_config - OpenSSH server configuration file.
/etc/ssh/ssh_config - OpenSSH client configuration file.
~/.ssh/ - Users ssh configuration directory.
~/.ssh/authorized_keys - Lists the public keys (RSA or
DSA) that can be used to log into the users account
/etc/nologin - If this file exists, sshd refuses to let anyone
except root log in.
/etc/hosts.allow and /etc/hosts.deny : Access controls
lists that should be enforced by tcp-wrappers are defined here.
SSH default port : TCP ??
.
Assem Chelli
OpenSSH tricks
.
.
.
.
.
21. . Default Config Files and SSH Port
/etc/ssh/sshd_config - OpenSSH server configuration file.
/etc/ssh/ssh_config - OpenSSH client configuration file.
~/.ssh/ - Users ssh configuration directory.
~/.ssh/authorized_keys - Lists the public keys (RSA or
DSA) that can be used to log into the users account
/etc/nologin - If this file exists, sshd refuses to let anyone
except root log in.
/etc/hosts.allow and /etc/hosts.deny : Access controls
lists that should be enforced by tcp-wrappers are defined here.
SSH default port : TCP ??
.
Assem Chelli
OpenSSH tricks
.
.
.
.
.
22. . Default Config Files and SSH Port
/etc/ssh/sshd_config - OpenSSH server configuration file.
/etc/ssh/ssh_config - OpenSSH client configuration file.
~/.ssh/ - Users ssh configuration directory.
~/.ssh/authorized_keys - Lists the public keys (RSA or
DSA) that can be used to log into the users account
/etc/nologin - If this file exists, sshd refuses to let anyone
except root log in.
/etc/hosts.allow and /etc/hosts.deny : Access controls
lists that should be enforced by tcp-wrappers are defined here.
SSH default port : TCP ??
.
Assem Chelli
OpenSSH tricks
.
.
.
.
.
23. . Default Config Files and SSH Port
/etc/ssh/sshd_config - OpenSSH server configuration file.
/etc/ssh/ssh_config - OpenSSH client configuration file.
~/.ssh/ - Users ssh configuration directory.
~/.ssh/authorized_keys - Lists the public keys (RSA or
DSA) that can be used to log into the users account
/etc/nologin - If this file exists, sshd refuses to let anyone
except root log in.
/etc/hosts.allow and /etc/hosts.deny : Access controls
lists that should be enforced by tcp-wrappers are defined here.
SSH default port : TCP ??
.
Assem Chelli
OpenSSH tricks
.
.
.
.
.
24. . Default Config Files and SSH Port
/etc/ssh/sshd_config - OpenSSH server configuration file.
/etc/ssh/ssh_config - OpenSSH client configuration file.
~/.ssh/ - Users ssh configuration directory.
~/.ssh/authorized_keys - Lists the public keys (RSA or
DSA) that can be used to log into the users account
/etc/nologin - If this file exists, sshd refuses to let anyone
except root log in.
/etc/hosts.allow and /etc/hosts.deny : Access controls
lists that should be enforced by tcp-wrappers are defined here.
SSH default port : TCP ??
.
Assem Chelli
OpenSSH tricks
.
.
.
.
.
25. . BEST SSH Tricks 1
. Copy ssh keys to user@host to enable password-less ssh logins
1
ssh-copy-id user@host
. Start a tunnel from some machines port 80 to your local post
2001
2
ssh -N -L2001:localhost:80 somemachine
. Output your microphone to a remote computers speaker
3
dd if=/dev/dsp | ssh -c arcfour -C username@host dd
of=/dev/dsp
. Compare a remote file with a local file
4
ssh user@host cat /path/to/remotefile | diff /path/to/localfile
-
. Mount folder/filesystem through SSH
5
ss hfs name@server:/path/to/folder /path/to/mount/point
.
Assem Chelli
OpenSSH tricks
.
.
.
.
.
26. . BEST SSH Tricks 1
. Copy ssh keys to user@host to enable password-less ssh logins
1
ssh-copy-id user@host
. Start a tunnel from some machines port 80 to your local post
2001
2
ssh -N -L2001:localhost:80 somemachine
. Output your microphone to a remote computers speaker
3
dd if=/dev/dsp | ssh -c arcfour -C username@host dd
of=/dev/dsp
. Compare a remote file with a local file
4
ssh user@host cat /path/to/remotefile | diff /path/to/localfile
-
. Mount folder/filesystem through SSH
5
ss hfs name@server:/path/to/folder /path/to/mount/point
.
Assem Chelli
OpenSSH tricks
.
.
.
.
.
27. . BEST SSH Tricks 1
. Copy ssh keys to user@host to enable password-less ssh logins
1
ssh-copy-id user@host
. Start a tunnel from some machines port 80 to your local post
2001
2
ssh -N -L2001:localhost:80 somemachine
. Output your microphone to a remote computers speaker
3
dd if=/dev/dsp | ssh -c arcfour -C username@host dd
of=/dev/dsp
. Compare a remote file with a local file
4
ssh user@host cat /path/to/remotefile | diff /path/to/localfile
-
. Mount folder/filesystem through SSH
5
ss hfs name@server:/path/to/folder /path/to/mount/point
.
Assem Chelli
OpenSSH tricks
.
.
.
.
.
28. . BEST SSH Tricks 1
. Copy ssh keys to user@host to enable password-less ssh logins
1
ssh-copy-id user@host
. Start a tunnel from some machines port 80 to your local post
2001
2
ssh -N -L2001:localhost:80 somemachine
. Output your microphone to a remote computers speaker
3
dd if=/dev/dsp | ssh -c arcfour -C username@host dd
of=/dev/dsp
. Compare a remote file with a local file
4
ssh user@host cat /path/to/remotefile | diff /path/to/localfile
-
. Mount folder/filesystem through SSH
5
ss hfs name@server:/path/to/folder /path/to/mount/point
.
Assem Chelli
OpenSSH tricks
.
.
.
.
.
29. . BEST SSH Tricks 1
. Copy ssh keys to user@host to enable password-less ssh logins
1
ssh-copy-id user@host
. Start a tunnel from some machines port 80 to your local post
2001
2
ssh -N -L2001:localhost:80 somemachine
. Output your microphone to a remote computers speaker
3
dd if=/dev/dsp | ssh -c arcfour -C username@host dd
of=/dev/dsp
. Compare a remote file with a local file
4
ssh user@host cat /path/to/remotefile | diff /path/to/localfile
-
. Mount folder/filesystem through SSH
5
ss hfs name@server:/path/to/folder /path/to/mount/point
.
Assem Chelli
OpenSSH tricks
.
.
.
.
.
30. . BEST SSH Tricks 2
. SSH connection through host in the middle
1
ssh -t reachable_host ssh unreachable_host
. Copy from host1 to host2, through your host
2
ssh root@host1 cd /somedir/tocopy/ && tar -cf . | ssh
root@host2 cd /samedir/tocopyto/ && tar -xf -
. Run any GUI program remotely
3
ssh -fX @
. Create a persistent connection to a machine
4
ssh -MNf @
. Attach screen over ssh
5
ssh -t remote_host screen -r
.
Assem Chelli
OpenSSH tricks
.
.
.
.
.
31. . BEST SSH Tricks 2
. SSH connection through host in the middle
1
ssh -t reachable_host ssh unreachable_host
. Copy from host1 to host2, through your host
2
ssh root@host1 cd /somedir/tocopy/ && tar -cf . | ssh
root@host2 cd /samedir/tocopyto/ && tar -xf -
. Run any GUI program remotely
3
ssh -fX @
. Create a persistent connection to a machine
4
ssh -MNf @
. Attach screen over ssh
5
ssh -t remote_host screen -r
.
Assem Chelli
OpenSSH tricks
.
.
.
.
.
32. . BEST SSH Tricks 2
. SSH connection through host in the middle
1
ssh -t reachable_host ssh unreachable_host
. Copy from host1 to host2, through your host
2
ssh root@host1 cd /somedir/tocopy/ && tar -cf . | ssh
root@host2 cd /samedir/tocopyto/ && tar -xf -
. Run any GUI program remotely
3
ssh -fX @
. Create a persistent connection to a machine
4
ssh -MNf @
. Attach screen over ssh
5
ssh -t remote_host screen -r
.
Assem Chelli
OpenSSH tricks
.
.
.
.
.
33. . BEST SSH Tricks 2
. SSH connection through host in the middle
1
ssh -t reachable_host ssh unreachable_host
. Copy from host1 to host2, through your host
2
ssh root@host1 cd /somedir/tocopy/ && tar -cf . | ssh
root@host2 cd /samedir/tocopyto/ && tar -xf -
. Run any GUI program remotely
3
ssh -fX @
. Create a persistent connection to a machine
4
ssh -MNf @
. Attach screen over ssh
5
ssh -t remote_host screen -r
.
Assem Chelli
OpenSSH tricks
.
.
.
.
.
34. . BEST SSH Tricks 2
. SSH connection through host in the middle
1
ssh -t reachable_host ssh unreachable_host
. Copy from host1 to host2, through your host
2
ssh root@host1 cd /somedir/tocopy/ && tar -cf . | ssh
root@host2 cd /samedir/tocopyto/ && tar -xf -
. Run any GUI program remotely
3
ssh -fX @
. Create a persistent connection to a machine
4
ssh -MNf @
. Attach screen over ssh
5
ssh -t remote_host screen -r
.
Assem Chelli
OpenSSH tricks
.
.
.
.
.
35. . BEST SSH Tricks 3
. Run complex remote shell cmds over ssh
1
ssh host -l user $(
ssh host -l user cat cmd.txt
. Resume scp of a big file
2
rsync partial progress rsh=ssh $file_source
$user@$host:$destination_file
. Analyze traffic remotely over ssh w/ wireshark
3
ssh root@server.com tshark -f port !22 -w - | wireshark -k -i -
. Have an ssh session open forever
4
autossh -M50000 -t server.example.com screen -raAd
mysession
. Harder, Faster, Stronger SSH clients
5
ssh -4 -C -c blowfish-cbc
.
Assem Chelli
OpenSSH tricks
.
.
.
.
.
36. . BEST SSH Tricks 3
. Run complex remote shell cmds over ssh
1
ssh host -l user $(
ssh host -l user cat cmd.txt
. Resume scp of a big file
2
rsync partial progress rsh=ssh $file_source
$user@$host:$destination_file
. Analyze traffic remotely over ssh w/ wireshark
3
ssh root@server.com tshark -f port !22 -w - | wireshark -k -i -
. Have an ssh session open forever
4
autossh -M50000 -t server.example.com screen -raAd
mysession
. Harder, Faster, Stronger SSH clients
5
ssh -4 -C -c blowfish-cbc
.
Assem Chelli
OpenSSH tricks
.
.
.
.
.
37. . BEST SSH Tricks 3
. Run complex remote shell cmds over ssh
1
ssh host -l user $(
ssh host -l user cat cmd.txt
. Resume scp of a big file
2
rsync partial progress rsh=ssh $file_source
$user@$host:$destination_file
. Analyze traffic remotely over ssh w/ wireshark
3
ssh root@server.com tshark -f port !22 -w - | wireshark -k -i -
. Have an ssh session open forever
4
autossh -M50000 -t server.example.com screen -raAd
mysession
. Harder, Faster, Stronger SSH clients
5
ssh -4 -C -c blowfish-cbc
.
Assem Chelli
OpenSSH tricks
.
.
.
.
.
38. . BEST SSH Tricks 3
. Run complex remote shell cmds over ssh
1
ssh host -l user $(
ssh host -l user cat cmd.txt
. Resume scp of a big file
2
rsync partial progress rsh=ssh $file_source
$user@$host:$destination_file
. Analyze traffic remotely over ssh w/ wireshark
3
ssh root@server.com tshark -f port !22 -w - | wireshark -k -i -
. Have an ssh session open forever
4
autossh -M50000 -t server.example.com screen -raAd
mysession
. Harder, Faster, Stronger SSH clients
5
ssh -4 -C -c blowfish-cbc
.
Assem Chelli
OpenSSH tricks
.
.
.
.
.
39. . BEST SSH Tricks 3
. Run complex remote shell cmds over ssh
1
ssh host -l user $(
ssh host -l user cat cmd.txt
. Resume scp of a big file
2
rsync partial progress rsh=ssh $file_source
$user@$host:$destination_file
. Analyze traffic remotely over ssh w/ wireshark
3
ssh root@server.com tshark -f port !22 -w - | wireshark -k -i -
. Have an ssh session open forever
4
autossh -M50000 -t server.example.com screen -raAd
mysession
. Harder, Faster, Stronger SSH clients
5
ssh -4 -C -c blowfish-cbc
.
Assem Chelli
OpenSSH tricks
.
.
.
.
.
40. . Best SSH tricks 4
. Disable OpenSSH Server
1
apt-get remove openssh-server (ubuntu )
chkconfig sshd off && yum erase openssh-server (fedora)
. Force to use SSH protocole 2 because SSH-1 is vulnerable
(Man-in-the-middle attacks)
2
in /etc/ssh/sshd_config add the line: Protocol 2
. Limit root or Users’ SSH Access
3
in /etc/ssh/sshd_config
find&modify the line: AllowUsers root assem
or find&modify the line: DenyUsers omar zaki ali-baba
or find&modify the line: PermitRootLogin no
or create /etc/nologin
. Enable a Warning Banner
4
in /etc/ssh/sshd_config add the line: Banner /etc/issue
.
Assem Chelli
OpenSSH tricks
.
.
.
.
.
41. . Best SSH tricks 4
. Disable OpenSSH Server
1
apt-get remove openssh-server (ubuntu )
chkconfig sshd off && yum erase openssh-server (fedora)
. Force to use SSH protocole 2 because SSH-1 is vulnerable
(Man-in-the-middle attacks)
2
in /etc/ssh/sshd_config add the line: Protocol 2
. Limit root or Users’ SSH Access
3
in /etc/ssh/sshd_config
find&modify the line: AllowUsers root assem
or find&modify the line: DenyUsers omar zaki ali-baba
or find&modify the line: PermitRootLogin no
or create /etc/nologin
. Enable a Warning Banner
4
in /etc/ssh/sshd_config add the line: Banner /etc/issue
.
Assem Chelli
OpenSSH tricks
.
.
.
.
.
42. . Best SSH tricks 4
. Disable OpenSSH Server
1
apt-get remove openssh-server (ubuntu )
chkconfig sshd off && yum erase openssh-server (fedora)
. Force to use SSH protocole 2 because SSH-1 is vulnerable
(Man-in-the-middle attacks)
2
in /etc/ssh/sshd_config add the line: Protocol 2
. Limit root or Users’ SSH Access
3
in /etc/ssh/sshd_config
find&modify the line: AllowUsers root assem
or find&modify the line: DenyUsers omar zaki ali-baba
or find&modify the line: PermitRootLogin no
or create /etc/nologin
. Enable a Warning Banner
4
in /etc/ssh/sshd_config add the line: Banner /etc/issue
.
Assem Chelli
OpenSSH tricks
.
.
.
.
.
43. . Best SSH tricks 4
. Disable OpenSSH Server
1
apt-get remove openssh-server (ubuntu )
chkconfig sshd off && yum erase openssh-server (fedora)
. Force to use SSH protocole 2 because SSH-1 is vulnerable
(Man-in-the-middle attacks)
2
in /etc/ssh/sshd_config add the line: Protocol 2
. Limit root or Users’ SSH Access
3
in /etc/ssh/sshd_config
find&modify the line: AllowUsers root assem
or find&modify the line: DenyUsers omar zaki ali-baba
or find&modify the line: PermitRootLogin no
or create /etc/nologin
. Enable a Warning Banner
4
in /etc/ssh/sshd_config add the line: Banner /etc/issue
.
Assem Chelli
OpenSSH tricks
.
.
.
.
.
44. . Best SSH tricks 5
. Change SSH port
1
in /etc/ssh/sshd_config find&modify the line: Port 300
. Deny empty passwords
2
in /etc/ssh/sshd_config find&modify the line:
PermitEmptyPasswords no
. Use SSH as an Internet Proxy
3
Google it !
.
Assem Chelli
OpenSSH tricks
.
.
.
.
.
45. . Best SSH tricks 5
. Change SSH port
1
in /etc/ssh/sshd_config find&modify the line: Port 300
. Deny empty passwords
2
in /etc/ssh/sshd_config find&modify the line:
PermitEmptyPasswords no
. Use SSH as an Internet Proxy
3
Google it !
.
Assem Chelli
OpenSSH tricks
.
.
.
.
.
46. . Best SSH tricks 5
. Change SSH port
1
in /etc/ssh/sshd_config find&modify the line: Port 300
. Deny empty passwords
2
in /etc/ssh/sshd_config find&modify the line:
PermitEmptyPasswords no
. Use SSH as an Internet Proxy
3
Google it !
.
Assem Chelli
OpenSSH tricks
.
.
.
.
.
47. . Best SSH tricks 5
. Change SSH port
1
in /etc/ssh/sshd_config find&modify the line: Port 300
. Deny empty passwords
2
in /etc/ssh/sshd_config find&modify the line:
PermitEmptyPasswords no
. Use SSH as an Internet Proxy
3
Google it !
.
Assem Chelli
OpenSSH tricks
.
.
.
.
.