SlideShare a Scribd company logo

OpenSSH tricks

Assem CHELLI
Assem CHELLI

This document discusses OpenSSH and provides tricks for using SSH. It begins by explaining what SSH is and why it is important for secure remote access. It then discusses installing OpenSSH and basic SSH usage like remote login. The document covers additional SSH features like executing commands remotely, file transfers using SCP and SFTP, public key authentication, and default configuration files. It provides examples of SSH port forwarding, comparing remote and local files, and mounting remote folders. The document concludes with a list of "best SSH tricks" including enabling password-less login and starting tunnels.

1 of 55
Download to read offline
. . OpenSSH tricks Assem Chelli assem.ch@gmail.com (@assem_ch) Hacknowledge Contest Algeria 2013 . Assem Chelli OpenSSH tricks . . . . .
. What is SSH? SSH: Secure SHell, a Network protocol Created by Tatu Ylonen (1995) Secure logging into remote computer Public key authentication (!Password), Authentication of the server (!MAN-IN-THE-MIDDLE ) Encryption, Integrity more features: Stream Compression Port forwarding X11 sessions forwarding File transfer . Assem Chelli OpenSSH tricks . . . . .
. WHY SSH IS SO IMPORTANT? IP spoofing IP source routing DNS spoofing Password sniffing Manipulation of transfer data Atack on X11 (sniffing on authorization) . Assem Chelli OpenSSH tricks . . . . .
. Install Open SSH SSH is so resricted , OPEN SSH is free! openssh-client , openssh-server sudo apt-get install openssh-client openssh-server sudo yum install openssh-client openssh-server WINDOWS: download & install PuTTY http://www.chiark.greenend.org.uk/ sgtatham/putty/ . Assem Chelli OpenSSH tricks . . . . .
. Basic SSH usage Remote login ssh hostname ssh -l user hostname ssh user@hostname cd:41:70:30:48:07:16:81:e5:30:34:66:f1:56:ef:db RSA key fingerprint —> yes / no (Public Key authentification) host’s password: _______ (Password authentification) known hosts ~/.ssh/known_hosts . Assem Chelli OpenSSH tricks . . . . .
. Basic SSH usage Remote login ssh hostname ssh -l user hostname ssh user@hostname cd:41:70:30:48:07:16:81:e5:30:34:66:f1:56:ef:db RSA key fingerprint —> yes / no (Public Key authentification) host’s password: _______ (Password authentification) known hosts ~/.ssh/known_hosts . Assem Chelli OpenSSH tricks . . . . .
. Omar in the middle! let’s play SERVER role! We put Server offline Someone fix his IP as the same IP of server Now try login again ssh host @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that the RSA host key has just been changed. . Assem Chelli OpenSSH tricks . . . . .
. Omar in the middle! let’s play SERVER role! We put Server offline Someone fix his IP as the same IP of server Now try login again ssh host @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that the RSA host key has just been changed. . Assem Chelli OpenSSH tricks . . . . .
. SSH replaces telnet. ssh host.domena.pl ssh user@host.domena.pl ssh -l user host.domena.pl . Assem Chelli OpenSSH tricks . . . . .
. SSH replaces FTP. sftp host.domena.pl sftp> dir . Assem Chelli OpenSSH tricks . . . . .
. SSH replaces r-command . rexec ssh host "cat /etc/passwd" rlogin ssh user@host rcp scp file host.domena.pl . Assem Chelli OpenSSH tricks . . . . .
. Executing commands remotely ssh host netstat ssh host "ls -C /bin" ssh host “cat /etc/passwd” ssh host “vi /tmp/foo ” ssh -t host vi /tmp/foo . Assem Chelli OpenSSH tricks . . . . .
. Executing commands remotely ssh host netstat ssh host "ls -C /bin" ssh host “cat /etc/passwd” ssh host “vi /tmp/foo ” ssh -t host vi /tmp/foo . Assem Chelli OpenSSH tricks . . . . .
. Redirecting commands input and output ssh host "ls /bin | grep -i rm" ssh host "ls /bin" | grep -i rm ssh host "cat /etc/passwd" > remote_passwd ssh host "psql billing" < billing.sql | grep -v ^INFO . Assem Chelli OpenSSH tricks . . . . .
. Redirecting commands input and output ssh host "ls /bin | grep -i rm" ssh host "ls /bin" | grep -i rm ssh host "cat /etc/passwd" > remote_passwd ssh host "psql billing" < billing.sql | grep -v ^INFO . Assem Chelli OpenSSH tricks . . . . .
. File transfer scp scp [user1@]host1:/path/to/source/file [user2@]host2:/path/to/destination/file scp -r sftp sftp host sftp> cd /usr/share/games sftp> ls sftp> lcd /tmp get c* quit tar-over-ssh ssh host "cd /usr/share/games ; tar cf - ./a*" | > (cd /tmp ; tar xpvf -) rsync rsync -ve ssh host:/bin/c* /tmp . Assem Chelli OpenSSH tricks . . . . .
. Public Keys Generate a public key ssh-keygen -t rsa cat ~/.ssh/id_rsa.pub Authentification ssh-add -l Restrictions cat ~/.ssh/authorized_keys . Assem Chelli OpenSSH tricks . . . . .
. Default Config Files and SSH Port /etc/ssh/sshd_config - OpenSSH server configuration file. /etc/ssh/ssh_config - OpenSSH client configuration file. ~/.ssh/ - Users ssh configuration directory. ~/.ssh/authorized_keys - Lists the public keys (RSA or DSA) that can be used to log into the users account /etc/nologin - If this file exists, sshd refuses to let anyone except root log in. /etc/hosts.allow and /etc/hosts.deny : Access controls lists that should be enforced by tcp-wrappers are defined here. SSH default port : TCP ?? . Assem Chelli OpenSSH tricks . . . . .
. Default Config Files and SSH Port /etc/ssh/sshd_config - OpenSSH server configuration file. /etc/ssh/ssh_config - OpenSSH client configuration file. ~/.ssh/ - Users ssh configuration directory. ~/.ssh/authorized_keys - Lists the public keys (RSA or DSA) that can be used to log into the users account /etc/nologin - If this file exists, sshd refuses to let anyone except root log in. /etc/hosts.allow and /etc/hosts.deny : Access controls lists that should be enforced by tcp-wrappers are defined here. SSH default port : TCP ?? . Assem Chelli OpenSSH tricks . . . . .
. Default Config Files and SSH Port /etc/ssh/sshd_config - OpenSSH server configuration file. /etc/ssh/ssh_config - OpenSSH client configuration file. ~/.ssh/ - Users ssh configuration directory. ~/.ssh/authorized_keys - Lists the public keys (RSA or DSA) that can be used to log into the users account /etc/nologin - If this file exists, sshd refuses to let anyone except root log in. /etc/hosts.allow and /etc/hosts.deny : Access controls lists that should be enforced by tcp-wrappers are defined here. SSH default port : TCP ?? . Assem Chelli OpenSSH tricks . . . . .
. Default Config Files and SSH Port /etc/ssh/sshd_config - OpenSSH server configuration file. /etc/ssh/ssh_config - OpenSSH client configuration file. ~/.ssh/ - Users ssh configuration directory. ~/.ssh/authorized_keys - Lists the public keys (RSA or DSA) that can be used to log into the users account /etc/nologin - If this file exists, sshd refuses to let anyone except root log in. /etc/hosts.allow and /etc/hosts.deny : Access controls lists that should be enforced by tcp-wrappers are defined here. SSH default port : TCP ?? . Assem Chelli OpenSSH tricks . . . . .
. Default Config Files and SSH Port /etc/ssh/sshd_config - OpenSSH server configuration file. /etc/ssh/ssh_config - OpenSSH client configuration file. ~/.ssh/ - Users ssh configuration directory. ~/.ssh/authorized_keys - Lists the public keys (RSA or DSA) that can be used to log into the users account /etc/nologin - If this file exists, sshd refuses to let anyone except root log in. /etc/hosts.allow and /etc/hosts.deny : Access controls lists that should be enforced by tcp-wrappers are defined here. SSH default port : TCP ?? . Assem Chelli OpenSSH tricks . . . . .
. Default Config Files and SSH Port /etc/ssh/sshd_config - OpenSSH server configuration file. /etc/ssh/ssh_config - OpenSSH client configuration file. ~/.ssh/ - Users ssh configuration directory. ~/.ssh/authorized_keys - Lists the public keys (RSA or DSA) that can be used to log into the users account /etc/nologin - If this file exists, sshd refuses to let anyone except root log in. /etc/hosts.allow and /etc/hosts.deny : Access controls lists that should be enforced by tcp-wrappers are defined here. SSH default port : TCP ?? . Assem Chelli OpenSSH tricks . . . . .
. Default Config Files and SSH Port /etc/ssh/sshd_config - OpenSSH server configuration file. /etc/ssh/ssh_config - OpenSSH client configuration file. ~/.ssh/ - Users ssh configuration directory. ~/.ssh/authorized_keys - Lists the public keys (RSA or DSA) that can be used to log into the users account /etc/nologin - If this file exists, sshd refuses to let anyone except root log in. /etc/hosts.allow and /etc/hosts.deny : Access controls lists that should be enforced by tcp-wrappers are defined here. SSH default port : TCP ?? . Assem Chelli OpenSSH tricks . . . . .
. BEST SSH Tricks 1 . Copy ssh keys to user@host to enable password-less ssh logins 1 ssh-copy-id user@host . Start a tunnel from some machines port 80 to your local post 2001 2 ssh -N -L2001:localhost:80 somemachine . Output your microphone to a remote computers speaker 3 dd if=/dev/dsp | ssh -c arcfour -C username@host dd of=/dev/dsp . Compare a remote file with a local file 4 ssh user@host cat /path/to/remotefile | diff /path/to/localfile - . Mount folder/filesystem through SSH 5 ss hfs name@server:/path/to/folder /path/to/mount/point . Assem Chelli OpenSSH tricks . . . . .
. BEST SSH Tricks 1 . Copy ssh keys to user@host to enable password-less ssh logins 1 ssh-copy-id user@host . Start a tunnel from some machines port 80 to your local post 2001 2 ssh -N -L2001:localhost:80 somemachine . Output your microphone to a remote computers speaker 3 dd if=/dev/dsp | ssh -c arcfour -C username@host dd of=/dev/dsp . Compare a remote file with a local file 4 ssh user@host cat /path/to/remotefile | diff /path/to/localfile - . Mount folder/filesystem through SSH 5 ss hfs name@server:/path/to/folder /path/to/mount/point . Assem Chelli OpenSSH tricks . . . . .
. BEST SSH Tricks 1 . Copy ssh keys to user@host to enable password-less ssh logins 1 ssh-copy-id user@host . Start a tunnel from some machines port 80 to your local post 2001 2 ssh -N -L2001:localhost:80 somemachine . Output your microphone to a remote computers speaker 3 dd if=/dev/dsp | ssh -c arcfour -C username@host dd of=/dev/dsp . Compare a remote file with a local file 4 ssh user@host cat /path/to/remotefile | diff /path/to/localfile - . Mount folder/filesystem through SSH 5 ss hfs name@server:/path/to/folder /path/to/mount/point . Assem Chelli OpenSSH tricks . . . . .
. BEST SSH Tricks 1 . Copy ssh keys to user@host to enable password-less ssh logins 1 ssh-copy-id user@host . Start a tunnel from some machines port 80 to your local post 2001 2 ssh -N -L2001:localhost:80 somemachine . Output your microphone to a remote computers speaker 3 dd if=/dev/dsp | ssh -c arcfour -C username@host dd of=/dev/dsp . Compare a remote file with a local file 4 ssh user@host cat /path/to/remotefile | diff /path/to/localfile - . Mount folder/filesystem through SSH 5 ss hfs name@server:/path/to/folder /path/to/mount/point . Assem Chelli OpenSSH tricks . . . . .
. BEST SSH Tricks 1 . Copy ssh keys to user@host to enable password-less ssh logins 1 ssh-copy-id user@host . Start a tunnel from some machines port 80 to your local post 2001 2 ssh -N -L2001:localhost:80 somemachine . Output your microphone to a remote computers speaker 3 dd if=/dev/dsp | ssh -c arcfour -C username@host dd of=/dev/dsp . Compare a remote file with a local file 4 ssh user@host cat /path/to/remotefile | diff /path/to/localfile - . Mount folder/filesystem through SSH 5 ss hfs name@server:/path/to/folder /path/to/mount/point . Assem Chelli OpenSSH tricks . . . . .
. BEST SSH Tricks 2 . SSH connection through host in the middle 1 ssh -t reachable_host ssh unreachable_host . Copy from host1 to host2, through your host 2 ssh root@host1 cd /somedir/tocopy/ && tar -cf . | ssh root@host2 cd /samedir/tocopyto/ && tar -xf - . Run any GUI program remotely 3 ssh -fX @ . Create a persistent connection to a machine 4 ssh -MNf @ . Attach screen over ssh 5 ssh -t remote_host screen -r . Assem Chelli OpenSSH tricks . . . . .
. BEST SSH Tricks 2 . SSH connection through host in the middle 1 ssh -t reachable_host ssh unreachable_host . Copy from host1 to host2, through your host 2 ssh root@host1 cd /somedir/tocopy/ && tar -cf . | ssh root@host2 cd /samedir/tocopyto/ && tar -xf - . Run any GUI program remotely 3 ssh -fX @ . Create a persistent connection to a machine 4 ssh -MNf @ . Attach screen over ssh 5 ssh -t remote_host screen -r . Assem Chelli OpenSSH tricks . . . . .
. BEST SSH Tricks 2 . SSH connection through host in the middle 1 ssh -t reachable_host ssh unreachable_host . Copy from host1 to host2, through your host 2 ssh root@host1 cd /somedir/tocopy/ && tar -cf . | ssh root@host2 cd /samedir/tocopyto/ && tar -xf - . Run any GUI program remotely 3 ssh -fX @ . Create a persistent connection to a machine 4 ssh -MNf @ . Attach screen over ssh 5 ssh -t remote_host screen -r . Assem Chelli OpenSSH tricks . . . . .
. BEST SSH Tricks 2 . SSH connection through host in the middle 1 ssh -t reachable_host ssh unreachable_host . Copy from host1 to host2, through your host 2 ssh root@host1 cd /somedir/tocopy/ && tar -cf . | ssh root@host2 cd /samedir/tocopyto/ && tar -xf - . Run any GUI program remotely 3 ssh -fX @ . Create a persistent connection to a machine 4 ssh -MNf @ . Attach screen over ssh 5 ssh -t remote_host screen -r . Assem Chelli OpenSSH tricks . . . . .
. BEST SSH Tricks 2 . SSH connection through host in the middle 1 ssh -t reachable_host ssh unreachable_host . Copy from host1 to host2, through your host 2 ssh root@host1 cd /somedir/tocopy/ && tar -cf . | ssh root@host2 cd /samedir/tocopyto/ && tar -xf - . Run any GUI program remotely 3 ssh -fX @ . Create a persistent connection to a machine 4 ssh -MNf @ . Attach screen over ssh 5 ssh -t remote_host screen -r . Assem Chelli OpenSSH tricks . . . . .
. BEST SSH Tricks 3 . Run complex remote shell cmds over ssh 1 ssh host -l user $( ssh host -l user cat cmd.txt . Resume scp of a big file 2 rsync partial progress rsh=ssh $file_source $user@$host:$destination_file . Analyze traffic remotely over ssh w/ wireshark 3 ssh root@server.com tshark -f port !22 -w - | wireshark -k -i - . Have an ssh session open forever 4 autossh -M50000 -t server.example.com screen -raAd mysession . Harder, Faster, Stronger SSH clients 5 ssh -4 -C -c blowfish-cbc . Assem Chelli OpenSSH tricks . . . . .
. BEST SSH Tricks 3 . Run complex remote shell cmds over ssh 1 ssh host -l user $( ssh host -l user cat cmd.txt . Resume scp of a big file 2 rsync partial progress rsh=ssh $file_source $user@$host:$destination_file . Analyze traffic remotely over ssh w/ wireshark 3 ssh root@server.com tshark -f port !22 -w - | wireshark -k -i - . Have an ssh session open forever 4 autossh -M50000 -t server.example.com screen -raAd mysession . Harder, Faster, Stronger SSH clients 5 ssh -4 -C -c blowfish-cbc . Assem Chelli OpenSSH tricks . . . . .
. BEST SSH Tricks 3 . Run complex remote shell cmds over ssh 1 ssh host -l user $( ssh host -l user cat cmd.txt . Resume scp of a big file 2 rsync partial progress rsh=ssh $file_source $user@$host:$destination_file . Analyze traffic remotely over ssh w/ wireshark 3 ssh root@server.com tshark -f port !22 -w - | wireshark -k -i - . Have an ssh session open forever 4 autossh -M50000 -t server.example.com screen -raAd mysession . Harder, Faster, Stronger SSH clients 5 ssh -4 -C -c blowfish-cbc . Assem Chelli OpenSSH tricks . . . . .
. BEST SSH Tricks 3 . Run complex remote shell cmds over ssh 1 ssh host -l user $( ssh host -l user cat cmd.txt . Resume scp of a big file 2 rsync partial progress rsh=ssh $file_source $user@$host:$destination_file . Analyze traffic remotely over ssh w/ wireshark 3 ssh root@server.com tshark -f port !22 -w - | wireshark -k -i - . Have an ssh session open forever 4 autossh -M50000 -t server.example.com screen -raAd mysession . Harder, Faster, Stronger SSH clients 5 ssh -4 -C -c blowfish-cbc . Assem Chelli OpenSSH tricks . . . . .
. BEST SSH Tricks 3 . Run complex remote shell cmds over ssh 1 ssh host -l user $( ssh host -l user cat cmd.txt . Resume scp of a big file 2 rsync partial progress rsh=ssh $file_source $user@$host:$destination_file . Analyze traffic remotely over ssh w/ wireshark 3 ssh root@server.com tshark -f port !22 -w - | wireshark -k -i - . Have an ssh session open forever 4 autossh -M50000 -t server.example.com screen -raAd mysession . Harder, Faster, Stronger SSH clients 5 ssh -4 -C -c blowfish-cbc . Assem Chelli OpenSSH tricks . . . . .
. Best SSH tricks 4 . Disable OpenSSH Server 1 apt-get remove openssh-server (ubuntu ) chkconfig sshd off && yum erase openssh-server (fedora) . Force to use SSH protocole 2 because SSH-1 is vulnerable (Man-in-the-middle attacks) 2 in /etc/ssh/sshd_config add the line: Protocol 2 . Limit root or Users’ SSH Access 3 in /etc/ssh/sshd_config find&modify the line: AllowUsers root assem or find&modify the line: DenyUsers omar zaki ali-baba or find&modify the line: PermitRootLogin no or create /etc/nologin . Enable a Warning Banner 4 in /etc/ssh/sshd_config add the line: Banner /etc/issue . Assem Chelli OpenSSH tricks . . . . .
. Best SSH tricks 4 . Disable OpenSSH Server 1 apt-get remove openssh-server (ubuntu ) chkconfig sshd off && yum erase openssh-server (fedora) . Force to use SSH protocole 2 because SSH-1 is vulnerable (Man-in-the-middle attacks) 2 in /etc/ssh/sshd_config add the line: Protocol 2 . Limit root or Users’ SSH Access 3 in /etc/ssh/sshd_config find&modify the line: AllowUsers root assem or find&modify the line: DenyUsers omar zaki ali-baba or find&modify the line: PermitRootLogin no or create /etc/nologin . Enable a Warning Banner 4 in /etc/ssh/sshd_config add the line: Banner /etc/issue . Assem Chelli OpenSSH tricks . . . . .
. Best SSH tricks 4 . Disable OpenSSH Server 1 apt-get remove openssh-server (ubuntu ) chkconfig sshd off && yum erase openssh-server (fedora) . Force to use SSH protocole 2 because SSH-1 is vulnerable (Man-in-the-middle attacks) 2 in /etc/ssh/sshd_config add the line: Protocol 2 . Limit root or Users’ SSH Access 3 in /etc/ssh/sshd_config find&modify the line: AllowUsers root assem or find&modify the line: DenyUsers omar zaki ali-baba or find&modify the line: PermitRootLogin no or create /etc/nologin . Enable a Warning Banner 4 in /etc/ssh/sshd_config add the line: Banner /etc/issue . Assem Chelli OpenSSH tricks . . . . .
. Best SSH tricks 4 . Disable OpenSSH Server 1 apt-get remove openssh-server (ubuntu ) chkconfig sshd off && yum erase openssh-server (fedora) . Force to use SSH protocole 2 because SSH-1 is vulnerable (Man-in-the-middle attacks) 2 in /etc/ssh/sshd_config add the line: Protocol 2 . Limit root or Users’ SSH Access 3 in /etc/ssh/sshd_config find&modify the line: AllowUsers root assem or find&modify the line: DenyUsers omar zaki ali-baba or find&modify the line: PermitRootLogin no or create /etc/nologin . Enable a Warning Banner 4 in /etc/ssh/sshd_config add the line: Banner /etc/issue . Assem Chelli OpenSSH tricks . . . . .
. Best SSH tricks 5 . Change SSH port 1 in /etc/ssh/sshd_config find&modify the line: Port 300 . Deny empty passwords 2 in /etc/ssh/sshd_config find&modify the line: PermitEmptyPasswords no . Use SSH as an Internet Proxy 3 Google it ! . Assem Chelli OpenSSH tricks . . . . .
. Best SSH tricks 5 . Change SSH port 1 in /etc/ssh/sshd_config find&modify the line: Port 300 . Deny empty passwords 2 in /etc/ssh/sshd_config find&modify the line: PermitEmptyPasswords no . Use SSH as an Internet Proxy 3 Google it ! . Assem Chelli OpenSSH tricks . . . . .
. Best SSH tricks 5 . Change SSH port 1 in /etc/ssh/sshd_config find&modify the line: Port 300 . Deny empty passwords 2 in /etc/ssh/sshd_config find&modify the line: PermitEmptyPasswords no . Use SSH as an Internet Proxy 3 Google it ! . Assem Chelli OpenSSH tricks . . . . .
. Best SSH tricks 5 . Change SSH port 1 in /etc/ssh/sshd_config find&modify the line: Port 300 . Deny empty passwords 2 in /etc/ssh/sshd_config find&modify the line: PermitEmptyPasswords no . Use SSH as an Internet Proxy 3 Google it ! . Assem Chelli OpenSSH tricks . . . . .
. Thwart SSH Crackers DenyHosts Fail2ban security/sshguard security/sshblock . Assem Chelli OpenSSH tricks . . . . .
. SSH via Proxy! Proxy Problem! /etc/ssh/ssh_config host * proxyCommand connect -H 10.0.0.1:80 %h %p . Assem Chelli OpenSSH tricks . . . . .
. SSH via Proxy! Proxy Problem! /etc/ssh/ssh_config host * proxyCommand connect -H 10.0.0.1:80 %h %p . Assem Chelli OpenSSH tricks . . . . .
. forwarding over SSH Agent forwarding ssh -A trustedhost (your privatekeys can be stolen) X11 forwarding ssh -X user@host firefox ssh -Y user@host Port forwarding ssh -L8000:anotherhost:80 somehost . Assem Chelli OpenSSH tricks . . . . .
. Tunneling types LocalForward RemoteForward DynamicForward ProxyCommand ForwardX11/ForwardX11Trusted Tunnel ControlMaster . Assem Chelli OpenSSH tricks . . . . .
. Security ssh-agent X11 GatewayPorts MITM SSH-1.99 SSH timing attack . Assem Chelli OpenSSH tricks . . . . .
Appendix . Questions Questions? . Assem Chelli OpenSSH tricks . . . . .
Appendix For Further Reading . For Further Reading I SSH tips, tricks & protocol tutorial .Damien Miller , AUUG Winter 2002 . 25 Best SSH Commands / Tricks. http://www.newitperson.com/2012/01/25-ssh-commandstricks/ SSH manpage . Assem Chelli OpenSSH tricks . . . . .

Recommended

FLOSS UK DEVOPS Spring 2015 Enhancing ssh config
FLOSS UK DEVOPS Spring 2015 Enhancing ssh configFLOSS UK DEVOPS Spring 2015 Enhancing ssh config
FLOSS UK DEVOPS Spring 2015 Enhancing ssh config
dmp1304
 
Introduction to SSH
Introduction to SSHIntroduction to SSH
Introduction to SSHHemant Shah
 
SSH
SSHSSH
SSH
Zach Dennis
 
SSH - Secure Shell
SSH - Secure ShellSSH - Secure Shell
SSH - Secure Shell
Peter R. Egli
 
Ssh
SshSsh
SshRaghu nath
 
An introduction to SSH
An introduction to SSHAn introduction to SSH
An introduction to SSH
nussbauml
 
Secure SHell
Secure SHellSecure SHell
Secure SHell
Çağrı Çakır
 
Secure shell
Secure shellSecure shell
Secure shell
Arjun Aj
 

Recommended

FLOSS UK DEVOPS Spring 2015 Enhancing ssh config
FLOSS UK DEVOPS Spring 2015 Enhancing ssh configFLOSS UK DEVOPS Spring 2015 Enhancing ssh config
FLOSS UK DEVOPS Spring 2015 Enhancing ssh config
dmp1304
 
Introduction to SSH
Introduction to SSHIntroduction to SSH
Introduction to SSHHemant Shah
 
SSH
SSHSSH
SSH
Zach Dennis
 
SSH - Secure Shell
SSH - Secure ShellSSH - Secure Shell
SSH - Secure Shell
Peter R. Egli
 
Ssh
SshSsh
SshRaghu nath
 
An introduction to SSH
An introduction to SSHAn introduction to SSH
An introduction to SSH
nussbauml
 
Secure SHell
Secure SHellSecure SHell
Secure SHell
Çağrı Çakır
 
Secure shell
Secure shellSecure shell
Secure shell
Arjun Aj
 
Secure shell protocol
Secure shell protocolSecure shell protocol
Secure shell protocol
Baspally Sai Anirudh
 
SSH Tunneling Recipes
SSH Tunneling RecipesSSH Tunneling Recipes
SSH Tunneling RecipesOSOCO
 
Secure Shell(ssh)
Secure Shell(ssh)Secure Shell(ssh)
Secure Shell(ssh)
Pina Parmar
 
Ssh (The Secure Shell)
Ssh (The Secure Shell)Ssh (The Secure Shell)
Ssh (The Secure Shell)
Mehedi Farazi
 
Ssh
SshSsh
Sshgh02
 
Introduction to SSH & PGP
Introduction to SSH & PGPIntroduction to SSH & PGP
Introduction to SSH & PGPSarang Ananda Rao
 
Ssh And Rlogin
Ssh And RloginSsh And Rlogin
Ssh And RloginSourav Roy
 
Secure shell ppt
Secure shell pptSecure shell ppt
Secure shell ppt
sravya raju
 
Securing the tunnel with Raccoon
Securing the tunnel with RaccoonSecuring the tunnel with Raccoon
Securing the tunnel with Raccoon
Gloria Stoilova
 
Intro to SSH
Intro to SSHIntro to SSH
Intro to SSH
JP Bourget
 
Windowshadoop
WindowshadoopWindowshadoop
Windowshadoop
arunkumar sadhasivam
 
Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform Enviornment
Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform EnviornmentNagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform Enviornment
Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform Enviornment
Nagios
 
How to increase security with SSH
How to increase security with SSHHow to increase security with SSH
How to increase security with SSH
Vitalii Sharavara
 
Ssh that wonderful thing
Ssh that wonderful thingSsh that wonderful thing
Ssh that wonderful thing
Marc Cluet
 
Meeting 5.2 : ssh
Meeting 5.2 : sshMeeting 5.2 : ssh
Meeting 5.2 : ssh
Syaiful Ahdan
 
Bh usa-01-kaminsky
Bh usa-01-kaminskyBh usa-01-kaminsky
Bh usa-01-kaminskyDan Kaminsky
 
Share File easily between computers using sftp
Share File easily between computers using sftpShare File easily between computers using sftp
Share File easily between computers using sftp
Tushar B Kute
 
Ssh tunnel
Ssh tunnelSsh tunnel
Ssh tunnel
Amandeep Singh
 
SSH.ppt
SSH.pptSSH.ppt
SSH.ppt
joekr1
 
SSH for pen-testers
SSH for pen-testersSSH for pen-testers
SSH for pen-testersE D Williams
 
Cent os 5 ssh
Cent os 5 sshCent os 5 ssh
Cent os 5 sshAlejandro Besne
 
tutorial-ssh.pdf
tutorial-ssh.pdftutorial-ssh.pdf
tutorial-ssh.pdf
NigussMehari4
 

More Related Content

What's hot

Secure shell protocol
Secure shell protocolSecure shell protocol
Secure shell protocol
Baspally Sai Anirudh
 
SSH Tunneling Recipes
SSH Tunneling RecipesSSH Tunneling Recipes
SSH Tunneling RecipesOSOCO
 
Secure Shell(ssh)
Secure Shell(ssh)Secure Shell(ssh)
Secure Shell(ssh)
Pina Parmar
 
Ssh (The Secure Shell)
Ssh (The Secure Shell)Ssh (The Secure Shell)
Ssh (The Secure Shell)
Mehedi Farazi
 
Ssh
SshSsh
Sshgh02
 
Ssh And Rlogin
Ssh And RloginSsh And Rlogin
Ssh And RloginSourav Roy
 
Secure shell ppt
Secure shell pptSecure shell ppt
Secure shell ppt
sravya raju
 
Securing the tunnel with Raccoon
Securing the tunnel with RaccoonSecuring the tunnel with Raccoon
Securing the tunnel with Raccoon
Gloria Stoilova
 
Intro to SSH
Intro to SSHIntro to SSH
Intro to SSH
JP Bourget
 
Windowshadoop
WindowshadoopWindowshadoop
Windowshadoop
arunkumar sadhasivam
 
Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform Enviornment
Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform EnviornmentNagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform Enviornment
Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform Enviornment
Nagios
 
How to increase security with SSH
How to increase security with SSHHow to increase security with SSH
How to increase security with SSH
Vitalii Sharavara
 
Ssh that wonderful thing
Ssh that wonderful thingSsh that wonderful thing
Ssh that wonderful thing
Marc Cluet
 
Meeting 5.2 : ssh
Meeting 5.2 : sshMeeting 5.2 : ssh
Meeting 5.2 : ssh
Syaiful Ahdan
 
Bh usa-01-kaminsky
Bh usa-01-kaminskyBh usa-01-kaminsky
Bh usa-01-kaminskyDan Kaminsky
 
Share File easily between computers using sftp
Share File easily between computers using sftpShare File easily between computers using sftp
Share File easily between computers using sftp
Tushar B Kute
 
Ssh tunnel
Ssh tunnelSsh tunnel
Ssh tunnel
Amandeep Singh
 
SSH.ppt
SSH.pptSSH.ppt
SSH.ppt
joekr1
 

What's hot (19)

Secure shell protocol
Secure shell protocolSecure shell protocol
Secure shell protocol
 
SSH Tunneling Recipes
SSH Tunneling RecipesSSH Tunneling Recipes
SSH Tunneling Recipes
 
Secure Shell(ssh)
Secure Shell(ssh)Secure Shell(ssh)
Secure Shell(ssh)
 
Ssh (The Secure Shell)
Ssh (The Secure Shell)Ssh (The Secure Shell)
Ssh (The Secure Shell)
 
Ssh
SshSsh
Ssh
 
Introduction to SSH & PGP
Introduction to SSH & PGPIntroduction to SSH & PGP
Introduction to SSH & PGP
 
Ssh And Rlogin
Ssh And RloginSsh And Rlogin
Ssh And Rlogin
 
Secure shell ppt
Secure shell pptSecure shell ppt
Secure shell ppt
 
Securing the tunnel with Raccoon
Securing the tunnel with RaccoonSecuring the tunnel with Raccoon
Securing the tunnel with Raccoon
 
Intro to SSH
Intro to SSHIntro to SSH
Intro to SSH
 
Windowshadoop
WindowshadoopWindowshadoop
Windowshadoop
 
Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform Enviornment
Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform EnviornmentNagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform Enviornment
Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform Enviornment
 
How to increase security with SSH
How to increase security with SSHHow to increase security with SSH
How to increase security with SSH
 
Ssh that wonderful thing
Ssh that wonderful thingSsh that wonderful thing
Ssh that wonderful thing
 
Meeting 5.2 : ssh
Meeting 5.2 : sshMeeting 5.2 : ssh
Meeting 5.2 : ssh
 
Bh usa-01-kaminsky
Bh usa-01-kaminskyBh usa-01-kaminsky
Bh usa-01-kaminsky
 
Share File easily between computers using sftp
Share File easily between computers using sftpShare File easily between computers using sftp
Share File easily between computers using sftp
 
Ssh tunnel
Ssh tunnelSsh tunnel
Ssh tunnel
 
SSH.ppt
SSH.pptSSH.ppt
SSH.ppt
 

Similar to OpenSSH tricks

SSH for pen-testers
SSH for pen-testersSSH for pen-testers
SSH for pen-testersE D Williams
 
tutorial-ssh.pdf
tutorial-ssh.pdftutorial-ssh.pdf
tutorial-ssh.pdf
NigussMehari4
 
SSH how to 2011
SSH how to 2011SSH how to 2011
SSH how to 2011
Chris Hales
 
Presentation nix
Presentation nixPresentation nix
Presentation nixfangjiafu
 
Presentation nix
Presentation nixPresentation nix
Presentation nixfangjiafu
 
Ssh cookbook
Ssh cookbookSsh cookbook
Ssh cookbook
Jean-Marie Renouard
 
How To Setup SSH Keys on CentOS 7
How To Setup SSH Keys on CentOS 7How To Setup SSH Keys on CentOS 7
How To Setup SSH Keys on CentOS 7
VCP Muthukrishna
 
Linux advanced privilege escalation
Linux advanced privilege escalationLinux advanced privilege escalation
Linux advanced privilege escalation
Jameel Nabbo
 
OpenSSH: keep your secrets safe
OpenSSH: keep your secrets safeOpenSSH: keep your secrets safe
OpenSSH: keep your secrets safe
Giovanni Bechis
 
Tomáš Čorej - OpenSSH
Tomáš Čorej - OpenSSHTomáš Čorej - OpenSSH
Tomáš Čorej - OpenSSHwebelement
 
SSH.pdf
SSH.pdfSSH.pdf
SSH.pdf
AnisSalhi3
 
Unsecuring SSH
Unsecuring SSHUnsecuring SSH
Unsecuring SSH
Jeremy Brown
 
Hadoop meet Rex(How to construct hadoop cluster with rex)
Hadoop meet Rex(How to construct hadoop cluster with rex)Hadoop meet Rex(How to construct hadoop cluster with rex)
Hadoop meet Rex(How to construct hadoop cluster with rex)
Jun Hong Kim
 
Logging remotely open ssh
Logging remotely open sshLogging remotely open ssh
Logging remotely open ssh
Visha Parasuraman
 
Linux presentation
Linux presentationLinux presentation
Linux presentation
Ajaigururaj R
 
Power point on linux commands,appache,php,mysql,html,css,web 2.0
Power point on linux commands,appache,php,mysql,html,css,web 2.0Power point on linux commands,appache,php,mysql,html,css,web 2.0
Power point on linux commands,appache,php,mysql,html,css,web 2.0venkatakrishnan k
 
Brief summary-standard-password-hashes-Aix-FreeBSD-Linux-Solaris-HP-UX-May-20...
Brief summary-standard-password-hashes-Aix-FreeBSD-Linux-Solaris-HP-UX-May-20...Brief summary-standard-password-hashes-Aix-FreeBSD-Linux-Solaris-HP-UX-May-20...
Brief summary-standard-password-hashes-Aix-FreeBSD-Linux-Solaris-HP-UX-May-20...
Circling Cycle
 

Similar to OpenSSH tricks (20)

SSH for pen-testers
SSH for pen-testersSSH for pen-testers
SSH for pen-testers
 
Cent os 5 ssh
Cent os 5 sshCent os 5 ssh
Cent os 5 ssh
 
tutorial-ssh.pdf
tutorial-ssh.pdftutorial-ssh.pdf
tutorial-ssh.pdf
 
SSH how to 2011
SSH how to 2011SSH how to 2011
SSH how to 2011
 
Presentation nix
Presentation nixPresentation nix
Presentation nix
 
Presentation nix
Presentation nixPresentation nix
Presentation nix
 
Ssh cookbook v2
Ssh cookbook v2Ssh cookbook v2
Ssh cookbook v2
 
Ssh cookbook
Ssh cookbookSsh cookbook
Ssh cookbook
 
How To Setup SSH Keys on CentOS 7
How To Setup SSH Keys on CentOS 7How To Setup SSH Keys on CentOS 7
How To Setup SSH Keys on CentOS 7
 
Linux advanced privilege escalation
Linux advanced privilege escalationLinux advanced privilege escalation
Linux advanced privilege escalation
 
OpenSSH: keep your secrets safe
OpenSSH: keep your secrets safeOpenSSH: keep your secrets safe
OpenSSH: keep your secrets safe
 
Tomáš Čorej - OpenSSH
Tomáš Čorej - OpenSSHTomáš Čorej - OpenSSH
Tomáš Čorej - OpenSSH
 
SSH.pdf
SSH.pdfSSH.pdf
SSH.pdf
 
Linuxserver harden
Linuxserver hardenLinuxserver harden
Linuxserver harden
 
Unsecuring SSH
Unsecuring SSHUnsecuring SSH
Unsecuring SSH
 
Hadoop meet Rex(How to construct hadoop cluster with rex)
Hadoop meet Rex(How to construct hadoop cluster with rex)Hadoop meet Rex(How to construct hadoop cluster with rex)
Hadoop meet Rex(How to construct hadoop cluster with rex)
 
Logging remotely open ssh
Logging remotely open sshLogging remotely open ssh
Logging remotely open ssh
 
Linux presentation
Linux presentationLinux presentation
Linux presentation
 
Power point on linux commands,appache,php,mysql,html,css,web 2.0
Power point on linux commands,appache,php,mysql,html,css,web 2.0Power point on linux commands,appache,php,mysql,html,css,web 2.0
Power point on linux commands,appache,php,mysql,html,css,web 2.0
 
Brief summary-standard-password-hashes-Aix-FreeBSD-Linux-Solaris-HP-UX-May-20...
Brief summary-standard-password-hashes-Aix-FreeBSD-Linux-Solaris-HP-UX-May-20...Brief summary-standard-password-hashes-Aix-FreeBSD-Linux-Solaris-HP-UX-May-20...
Brief summary-standard-password-hashes-Aix-FreeBSD-Linux-Solaris-HP-UX-May-20...
 

More from Assem CHELLI

How to get in GSoC , DevFest Algiers 2018
How to get in GSoC , DevFest Algiers 2018How to get in GSoC , DevFest Algiers 2018
How to get in GSoC , DevFest Algiers 2018
Assem CHELLI
 
Dev environment for linux (Mainly KDE and python)
Dev environment for linux (Mainly KDE and python)Dev environment for linux (Mainly KDE and python)
Dev environment for linux (Mainly KDE and python)
Assem CHELLI
 
Python Workshop
Python Workshop Python Workshop
Python Workshop
Assem CHELLI
 
تجربتي مع المساهمة في المشاريع الحرة - اليوم الحر
تجربتي مع المساهمة في المشاريع الحرة - اليوم الحر تجربتي مع المساهمة في المشاريع الحرة - اليوم الحر
تجربتي مع المساهمة في المشاريع الحرة - اليوم الحر
Assem CHELLI
 
Proposal of an Advanced Retrieval System for NobleQur'an - Thesis defending
Proposal of an Advanced Retrieval System for NobleQur'an - Thesis defending Proposal of an Advanced Retrieval System for NobleQur'an - Thesis defending
Proposal of an Advanced Retrieval System for NobleQur'an - Thesis defending
Assem CHELLI
 
Global Schema for Alfanous Quran Search Engine
Global Schema for Alfanous Quran Search EngineGlobal Schema for Alfanous Quran Search Engine
Global Schema for Alfanous Quran Search Engine
Assem CHELLI
 
Proposal of an Advanced Retrieval System for Noble Qur’an
Proposal of an Advanced Retrieval System for Noble Qur’anProposal of an Advanced Retrieval System for Noble Qur’an
Proposal of an Advanced Retrieval System for Noble Qur’an
Assem CHELLI
 
Alfanous Quran Search Engine API
Alfanous Quran Search Engine APIAlfanous Quran Search Engine API
Alfanous Quran Search Engine API
Assem CHELLI
 

More from Assem CHELLI (8)

How to get in GSoC , DevFest Algiers 2018
How to get in GSoC , DevFest Algiers 2018How to get in GSoC , DevFest Algiers 2018
How to get in GSoC , DevFest Algiers 2018
 
Dev environment for linux (Mainly KDE and python)
Dev environment for linux (Mainly KDE and python)Dev environment for linux (Mainly KDE and python)
Dev environment for linux (Mainly KDE and python)
 
Python Workshop
Python Workshop Python Workshop
Python Workshop
 
تجربتي مع المساهمة في المشاريع الحرة - اليوم الحر
تجربتي مع المساهمة في المشاريع الحرة - اليوم الحر تجربتي مع المساهمة في المشاريع الحرة - اليوم الحر
تجربتي مع المساهمة في المشاريع الحرة - اليوم الحر
 
Proposal of an Advanced Retrieval System for NobleQur'an - Thesis defending
Proposal of an Advanced Retrieval System for NobleQur'an - Thesis defending Proposal of an Advanced Retrieval System for NobleQur'an - Thesis defending
Proposal of an Advanced Retrieval System for NobleQur'an - Thesis defending
 
Global Schema for Alfanous Quran Search Engine
Global Schema for Alfanous Quran Search EngineGlobal Schema for Alfanous Quran Search Engine
Global Schema for Alfanous Quran Search Engine
 
Proposal of an Advanced Retrieval System for Noble Qur’an
Proposal of an Advanced Retrieval System for Noble Qur’anProposal of an Advanced Retrieval System for Noble Qur’an
Proposal of an Advanced Retrieval System for Noble Qur’an
 
Alfanous Quran Search Engine API
Alfanous Quran Search Engine APIAlfanous Quran Search Engine API
Alfanous Quran Search Engine API
 

Recently uploaded

GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
Sri Ambati
 
Generating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using SmithyGenerating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using Smithy
g2nightmarescribd
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
DianaGray10
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Thierry Lestable
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Tobias Schneck
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Ramesh Iyer
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
Safe Software
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
Elena Simperl
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Product School
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
DianaGray10
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Product School
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 

Recently uploaded (20)

GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
Generating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using SmithyGenerating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using Smithy
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 

OpenSSH tricks

  • 1. . . OpenSSH tricks Assem Chelli assem.ch@gmail.com (@assem_ch) Hacknowledge Contest Algeria 2013 . Assem Chelli OpenSSH tricks . . . . .
  • 2. . What is SSH? SSH: Secure SHell, a Network protocol Created by Tatu Ylonen (1995) Secure logging into remote computer Public key authentication (!Password), Authentication of the server (!MAN-IN-THE-MIDDLE ) Encryption, Integrity more features: Stream Compression Port forwarding X11 sessions forwarding File transfer . Assem Chelli OpenSSH tricks . . . . .
  • 3. . WHY SSH IS SO IMPORTANT? IP spoofing IP source routing DNS spoofing Password sniffing Manipulation of transfer data Atack on X11 (sniffing on authorization) . Assem Chelli OpenSSH tricks . . . . .
  • 4. . Install Open SSH SSH is so resricted , OPEN SSH is free! openssh-client , openssh-server sudo apt-get install openssh-client openssh-server sudo yum install openssh-client openssh-server WINDOWS: download & install PuTTY http://www.chiark.greenend.org.uk/ sgtatham/putty/ . Assem Chelli OpenSSH tricks . . . . .
  • 5. . Basic SSH usage Remote login ssh hostname ssh -l user hostname ssh user@hostname cd:41:70:30:48:07:16:81:e5:30:34:66:f1:56:ef:db RSA key fingerprint —> yes / no (Public Key authentification) host’s password: _______ (Password authentification) known hosts ~/.ssh/known_hosts . Assem Chelli OpenSSH tricks . . . . .
  • 6. . Basic SSH usage Remote login ssh hostname ssh -l user hostname ssh user@hostname cd:41:70:30:48:07:16:81:e5:30:34:66:f1:56:ef:db RSA key fingerprint —> yes / no (Public Key authentification) host’s password: _______ (Password authentification) known hosts ~/.ssh/known_hosts . Assem Chelli OpenSSH tricks . . . . .
  • 7. . Omar in the middle! let’s play SERVER role! We put Server offline Someone fix his IP as the same IP of server Now try login again ssh host @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that the RSA host key has just been changed. . Assem Chelli OpenSSH tricks . . . . .
  • 8. . Omar in the middle! let’s play SERVER role! We put Server offline Someone fix his IP as the same IP of server Now try login again ssh host @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that the RSA host key has just been changed. . Assem Chelli OpenSSH tricks . . . . .
  • 9. . SSH replaces telnet. ssh host.domena.pl ssh user@host.domena.pl ssh -l user host.domena.pl . Assem Chelli OpenSSH tricks . . . . .
  • 10. . SSH replaces FTP. sftp host.domena.pl sftp> dir . Assem Chelli OpenSSH tricks . . . . .
  • 11. . SSH replaces r-command . rexec ssh host "cat /etc/passwd" rlogin ssh user@host rcp scp file host.domena.pl . Assem Chelli OpenSSH tricks . . . . .
  • 12. . Executing commands remotely ssh host netstat ssh host "ls -C /bin" ssh host “cat /etc/passwd” ssh host “vi /tmp/foo ” ssh -t host vi /tmp/foo . Assem Chelli OpenSSH tricks . . . . .
  • 13. . Executing commands remotely ssh host netstat ssh host "ls -C /bin" ssh host “cat /etc/passwd” ssh host “vi /tmp/foo ” ssh -t host vi /tmp/foo . Assem Chelli OpenSSH tricks . . . . .
  • 14. . Redirecting commands input and output ssh host "ls /bin | grep -i rm" ssh host "ls /bin" | grep -i rm ssh host "cat /etc/passwd" > remote_passwd ssh host "psql billing" < billing.sql | grep -v ^INFO . Assem Chelli OpenSSH tricks . . . . .
  • 15. . Redirecting commands input and output ssh host "ls /bin | grep -i rm" ssh host "ls /bin" | grep -i rm ssh host "cat /etc/passwd" > remote_passwd ssh host "psql billing" < billing.sql | grep -v ^INFO . Assem Chelli OpenSSH tricks . . . . .
  • 16. . File transfer scp scp [user1@]host1:/path/to/source/file [user2@]host2:/path/to/destination/file scp -r sftp sftp host sftp> cd /usr/share/games sftp> ls sftp> lcd /tmp get c* quit tar-over-ssh ssh host "cd /usr/share/games ; tar cf - ./a*" | > (cd /tmp ; tar xpvf -) rsync rsync -ve ssh host:/bin/c* /tmp . Assem Chelli OpenSSH tricks . . . . .
  • 17. . Public Keys Generate a public key ssh-keygen -t rsa cat ~/.ssh/id_rsa.pub Authentification ssh-add -l Restrictions cat ~/.ssh/authorized_keys . Assem Chelli OpenSSH tricks . . . . .
  • 18. . Default Config Files and SSH Port /etc/ssh/sshd_config - OpenSSH server configuration file. /etc/ssh/ssh_config - OpenSSH client configuration file. ~/.ssh/ - Users ssh configuration directory. ~/.ssh/authorized_keys - Lists the public keys (RSA or DSA) that can be used to log into the users account /etc/nologin - If this file exists, sshd refuses to let anyone except root log in. /etc/hosts.allow and /etc/hosts.deny : Access controls lists that should be enforced by tcp-wrappers are defined here. SSH default port : TCP ?? . Assem Chelli OpenSSH tricks . . . . .
  • 19. . Default Config Files and SSH Port /etc/ssh/sshd_config - OpenSSH server configuration file. /etc/ssh/ssh_config - OpenSSH client configuration file. ~/.ssh/ - Users ssh configuration directory. ~/.ssh/authorized_keys - Lists the public keys (RSA or DSA) that can be used to log into the users account /etc/nologin - If this file exists, sshd refuses to let anyone except root log in. /etc/hosts.allow and /etc/hosts.deny : Access controls lists that should be enforced by tcp-wrappers are defined here. SSH default port : TCP ?? . Assem Chelli OpenSSH tricks . . . . .
  • 20. . Default Config Files and SSH Port /etc/ssh/sshd_config - OpenSSH server configuration file. /etc/ssh/ssh_config - OpenSSH client configuration file. ~/.ssh/ - Users ssh configuration directory. ~/.ssh/authorized_keys - Lists the public keys (RSA or DSA) that can be used to log into the users account /etc/nologin - If this file exists, sshd refuses to let anyone except root log in. /etc/hosts.allow and /etc/hosts.deny : Access controls lists that should be enforced by tcp-wrappers are defined here. SSH default port : TCP ?? . Assem Chelli OpenSSH tricks . . . . .
  • 21. . Default Config Files and SSH Port /etc/ssh/sshd_config - OpenSSH server configuration file. /etc/ssh/ssh_config - OpenSSH client configuration file. ~/.ssh/ - Users ssh configuration directory. ~/.ssh/authorized_keys - Lists the public keys (RSA or DSA) that can be used to log into the users account /etc/nologin - If this file exists, sshd refuses to let anyone except root log in. /etc/hosts.allow and /etc/hosts.deny : Access controls lists that should be enforced by tcp-wrappers are defined here. SSH default port : TCP ?? . Assem Chelli OpenSSH tricks . . . . .
  • 22. . Default Config Files and SSH Port /etc/ssh/sshd_config - OpenSSH server configuration file. /etc/ssh/ssh_config - OpenSSH client configuration file. ~/.ssh/ - Users ssh configuration directory. ~/.ssh/authorized_keys - Lists the public keys (RSA or DSA) that can be used to log into the users account /etc/nologin - If this file exists, sshd refuses to let anyone except root log in. /etc/hosts.allow and /etc/hosts.deny : Access controls lists that should be enforced by tcp-wrappers are defined here. SSH default port : TCP ?? . Assem Chelli OpenSSH tricks . . . . .
  • 23. . Default Config Files and SSH Port /etc/ssh/sshd_config - OpenSSH server configuration file. /etc/ssh/ssh_config - OpenSSH client configuration file. ~/.ssh/ - Users ssh configuration directory. ~/.ssh/authorized_keys - Lists the public keys (RSA or DSA) that can be used to log into the users account /etc/nologin - If this file exists, sshd refuses to let anyone except root log in. /etc/hosts.allow and /etc/hosts.deny : Access controls lists that should be enforced by tcp-wrappers are defined here. SSH default port : TCP ?? . Assem Chelli OpenSSH tricks . . . . .
  • 24. . Default Config Files and SSH Port /etc/ssh/sshd_config - OpenSSH server configuration file. /etc/ssh/ssh_config - OpenSSH client configuration file. ~/.ssh/ - Users ssh configuration directory. ~/.ssh/authorized_keys - Lists the public keys (RSA or DSA) that can be used to log into the users account /etc/nologin - If this file exists, sshd refuses to let anyone except root log in. /etc/hosts.allow and /etc/hosts.deny : Access controls lists that should be enforced by tcp-wrappers are defined here. SSH default port : TCP ?? . Assem Chelli OpenSSH tricks . . . . .
  • 25. . BEST SSH Tricks 1 . Copy ssh keys to user@host to enable password-less ssh logins 1 ssh-copy-id user@host . Start a tunnel from some machines port 80 to your local post 2001 2 ssh -N -L2001:localhost:80 somemachine . Output your microphone to a remote computers speaker 3 dd if=/dev/dsp | ssh -c arcfour -C username@host dd of=/dev/dsp . Compare a remote file with a local file 4 ssh user@host cat /path/to/remotefile | diff /path/to/localfile - . Mount folder/filesystem through SSH 5 ss hfs name@server:/path/to/folder /path/to/mount/point . Assem Chelli OpenSSH tricks . . . . .
  • 26. . BEST SSH Tricks 1 . Copy ssh keys to user@host to enable password-less ssh logins 1 ssh-copy-id user@host . Start a tunnel from some machines port 80 to your local post 2001 2 ssh -N -L2001:localhost:80 somemachine . Output your microphone to a remote computers speaker 3 dd if=/dev/dsp | ssh -c arcfour -C username@host dd of=/dev/dsp . Compare a remote file with a local file 4 ssh user@host cat /path/to/remotefile | diff /path/to/localfile - . Mount folder/filesystem through SSH 5 ss hfs name@server:/path/to/folder /path/to/mount/point . Assem Chelli OpenSSH tricks . . . . .
  • 27. . BEST SSH Tricks 1 . Copy ssh keys to user@host to enable password-less ssh logins 1 ssh-copy-id user@host . Start a tunnel from some machines port 80 to your local post 2001 2 ssh -N -L2001:localhost:80 somemachine . Output your microphone to a remote computers speaker 3 dd if=/dev/dsp | ssh -c arcfour -C username@host dd of=/dev/dsp . Compare a remote file with a local file 4 ssh user@host cat /path/to/remotefile | diff /path/to/localfile - . Mount folder/filesystem through SSH 5 ss hfs name@server:/path/to/folder /path/to/mount/point . Assem Chelli OpenSSH tricks . . . . .
  • 28. . BEST SSH Tricks 1 . Copy ssh keys to user@host to enable password-less ssh logins 1 ssh-copy-id user@host . Start a tunnel from some machines port 80 to your local post 2001 2 ssh -N -L2001:localhost:80 somemachine . Output your microphone to a remote computers speaker 3 dd if=/dev/dsp | ssh -c arcfour -C username@host dd of=/dev/dsp . Compare a remote file with a local file 4 ssh user@host cat /path/to/remotefile | diff /path/to/localfile - . Mount folder/filesystem through SSH 5 ss hfs name@server:/path/to/folder /path/to/mount/point . Assem Chelli OpenSSH tricks . . . . .
  • 29. . BEST SSH Tricks 1 . Copy ssh keys to user@host to enable password-less ssh logins 1 ssh-copy-id user@host . Start a tunnel from some machines port 80 to your local post 2001 2 ssh -N -L2001:localhost:80 somemachine . Output your microphone to a remote computers speaker 3 dd if=/dev/dsp | ssh -c arcfour -C username@host dd of=/dev/dsp . Compare a remote file with a local file 4 ssh user@host cat /path/to/remotefile | diff /path/to/localfile - . Mount folder/filesystem through SSH 5 ss hfs name@server:/path/to/folder /path/to/mount/point . Assem Chelli OpenSSH tricks . . . . .
  • 30. . BEST SSH Tricks 2 . SSH connection through host in the middle 1 ssh -t reachable_host ssh unreachable_host . Copy from host1 to host2, through your host 2 ssh root@host1 cd /somedir/tocopy/ && tar -cf . | ssh root@host2 cd /samedir/tocopyto/ && tar -xf - . Run any GUI program remotely 3 ssh -fX @ . Create a persistent connection to a machine 4 ssh -MNf @ . Attach screen over ssh 5 ssh -t remote_host screen -r . Assem Chelli OpenSSH tricks . . . . .
  • 31. . BEST SSH Tricks 2 . SSH connection through host in the middle 1 ssh -t reachable_host ssh unreachable_host . Copy from host1 to host2, through your host 2 ssh root@host1 cd /somedir/tocopy/ && tar -cf . | ssh root@host2 cd /samedir/tocopyto/ && tar -xf - . Run any GUI program remotely 3 ssh -fX @ . Create a persistent connection to a machine 4 ssh -MNf @ . Attach screen over ssh 5 ssh -t remote_host screen -r . Assem Chelli OpenSSH tricks . . . . .
  • 32. . BEST SSH Tricks 2 . SSH connection through host in the middle 1 ssh -t reachable_host ssh unreachable_host . Copy from host1 to host2, through your host 2 ssh root@host1 cd /somedir/tocopy/ && tar -cf . | ssh root@host2 cd /samedir/tocopyto/ && tar -xf - . Run any GUI program remotely 3 ssh -fX @ . Create a persistent connection to a machine 4 ssh -MNf @ . Attach screen over ssh 5 ssh -t remote_host screen -r . Assem Chelli OpenSSH tricks . . . . .
  • 33. . BEST SSH Tricks 2 . SSH connection through host in the middle 1 ssh -t reachable_host ssh unreachable_host . Copy from host1 to host2, through your host 2 ssh root@host1 cd /somedir/tocopy/ && tar -cf . | ssh root@host2 cd /samedir/tocopyto/ && tar -xf - . Run any GUI program remotely 3 ssh -fX @ . Create a persistent connection to a machine 4 ssh -MNf @ . Attach screen over ssh 5 ssh -t remote_host screen -r . Assem Chelli OpenSSH tricks . . . . .
  • 34. . BEST SSH Tricks 2 . SSH connection through host in the middle 1 ssh -t reachable_host ssh unreachable_host . Copy from host1 to host2, through your host 2 ssh root@host1 cd /somedir/tocopy/ && tar -cf . | ssh root@host2 cd /samedir/tocopyto/ && tar -xf - . Run any GUI program remotely 3 ssh -fX @ . Create a persistent connection to a machine 4 ssh -MNf @ . Attach screen over ssh 5 ssh -t remote_host screen -r . Assem Chelli OpenSSH tricks . . . . .
  • 35. . BEST SSH Tricks 3 . Run complex remote shell cmds over ssh 1 ssh host -l user $( ssh host -l user cat cmd.txt . Resume scp of a big file 2 rsync partial progress rsh=ssh $file_source $user@$host:$destination_file . Analyze traffic remotely over ssh w/ wireshark 3 ssh root@server.com tshark -f port !22 -w - | wireshark -k -i - . Have an ssh session open forever 4 autossh -M50000 -t server.example.com screen -raAd mysession . Harder, Faster, Stronger SSH clients 5 ssh -4 -C -c blowfish-cbc . Assem Chelli OpenSSH tricks . . . . .
  • 36. . BEST SSH Tricks 3 . Run complex remote shell cmds over ssh 1 ssh host -l user $( ssh host -l user cat cmd.txt . Resume scp of a big file 2 rsync partial progress rsh=ssh $file_source $user@$host:$destination_file . Analyze traffic remotely over ssh w/ wireshark 3 ssh root@server.com tshark -f port !22 -w - | wireshark -k -i - . Have an ssh session open forever 4 autossh -M50000 -t server.example.com screen -raAd mysession . Harder, Faster, Stronger SSH clients 5 ssh -4 -C -c blowfish-cbc . Assem Chelli OpenSSH tricks . . . . .
  • 37. . BEST SSH Tricks 3 . Run complex remote shell cmds over ssh 1 ssh host -l user $( ssh host -l user cat cmd.txt . Resume scp of a big file 2 rsync partial progress rsh=ssh $file_source $user@$host:$destination_file . Analyze traffic remotely over ssh w/ wireshark 3 ssh root@server.com tshark -f port !22 -w - | wireshark -k -i - . Have an ssh session open forever 4 autossh -M50000 -t server.example.com screen -raAd mysession . Harder, Faster, Stronger SSH clients 5 ssh -4 -C -c blowfish-cbc . Assem Chelli OpenSSH tricks . . . . .
  • 38. . BEST SSH Tricks 3 . Run complex remote shell cmds over ssh 1 ssh host -l user $( ssh host -l user cat cmd.txt . Resume scp of a big file 2 rsync partial progress rsh=ssh $file_source $user@$host:$destination_file . Analyze traffic remotely over ssh w/ wireshark 3 ssh root@server.com tshark -f port !22 -w - | wireshark -k -i - . Have an ssh session open forever 4 autossh -M50000 -t server.example.com screen -raAd mysession . Harder, Faster, Stronger SSH clients 5 ssh -4 -C -c blowfish-cbc . Assem Chelli OpenSSH tricks . . . . .
  • 39. . BEST SSH Tricks 3 . Run complex remote shell cmds over ssh 1 ssh host -l user $( ssh host -l user cat cmd.txt . Resume scp of a big file 2 rsync partial progress rsh=ssh $file_source $user@$host:$destination_file . Analyze traffic remotely over ssh w/ wireshark 3 ssh root@server.com tshark -f port !22 -w - | wireshark -k -i - . Have an ssh session open forever 4 autossh -M50000 -t server.example.com screen -raAd mysession . Harder, Faster, Stronger SSH clients 5 ssh -4 -C -c blowfish-cbc . Assem Chelli OpenSSH tricks . . . . .
  • 40. . Best SSH tricks 4 . Disable OpenSSH Server 1 apt-get remove openssh-server (ubuntu ) chkconfig sshd off && yum erase openssh-server (fedora) . Force to use SSH protocole 2 because SSH-1 is vulnerable (Man-in-the-middle attacks) 2 in /etc/ssh/sshd_config add the line: Protocol 2 . Limit root or Users’ SSH Access 3 in /etc/ssh/sshd_config find&modify the line: AllowUsers root assem or find&modify the line: DenyUsers omar zaki ali-baba or find&modify the line: PermitRootLogin no or create /etc/nologin . Enable a Warning Banner 4 in /etc/ssh/sshd_config add the line: Banner /etc/issue . Assem Chelli OpenSSH tricks . . . . .
  • 41. . Best SSH tricks 4 . Disable OpenSSH Server 1 apt-get remove openssh-server (ubuntu ) chkconfig sshd off && yum erase openssh-server (fedora) . Force to use SSH protocole 2 because SSH-1 is vulnerable (Man-in-the-middle attacks) 2 in /etc/ssh/sshd_config add the line: Protocol 2 . Limit root or Users’ SSH Access 3 in /etc/ssh/sshd_config find&modify the line: AllowUsers root assem or find&modify the line: DenyUsers omar zaki ali-baba or find&modify the line: PermitRootLogin no or create /etc/nologin . Enable a Warning Banner 4 in /etc/ssh/sshd_config add the line: Banner /etc/issue . Assem Chelli OpenSSH tricks . . . . .
  • 42. . Best SSH tricks 4 . Disable OpenSSH Server 1 apt-get remove openssh-server (ubuntu ) chkconfig sshd off && yum erase openssh-server (fedora) . Force to use SSH protocole 2 because SSH-1 is vulnerable (Man-in-the-middle attacks) 2 in /etc/ssh/sshd_config add the line: Protocol 2 . Limit root or Users’ SSH Access 3 in /etc/ssh/sshd_config find&modify the line: AllowUsers root assem or find&modify the line: DenyUsers omar zaki ali-baba or find&modify the line: PermitRootLogin no or create /etc/nologin . Enable a Warning Banner 4 in /etc/ssh/sshd_config add the line: Banner /etc/issue . Assem Chelli OpenSSH tricks . . . . .
  • 43. . Best SSH tricks 4 . Disable OpenSSH Server 1 apt-get remove openssh-server (ubuntu ) chkconfig sshd off && yum erase openssh-server (fedora) . Force to use SSH protocole 2 because SSH-1 is vulnerable (Man-in-the-middle attacks) 2 in /etc/ssh/sshd_config add the line: Protocol 2 . Limit root or Users’ SSH Access 3 in /etc/ssh/sshd_config find&modify the line: AllowUsers root assem or find&modify the line: DenyUsers omar zaki ali-baba or find&modify the line: PermitRootLogin no or create /etc/nologin . Enable a Warning Banner 4 in /etc/ssh/sshd_config add the line: Banner /etc/issue . Assem Chelli OpenSSH tricks . . . . .
  • 44. . Best SSH tricks 5 . Change SSH port 1 in /etc/ssh/sshd_config find&modify the line: Port 300 . Deny empty passwords 2 in /etc/ssh/sshd_config find&modify the line: PermitEmptyPasswords no . Use SSH as an Internet Proxy 3 Google it ! . Assem Chelli OpenSSH tricks . . . . .
  • 45. . Best SSH tricks 5 . Change SSH port 1 in /etc/ssh/sshd_config find&modify the line: Port 300 . Deny empty passwords 2 in /etc/ssh/sshd_config find&modify the line: PermitEmptyPasswords no . Use SSH as an Internet Proxy 3 Google it ! . Assem Chelli OpenSSH tricks . . . . .
  • 46. . Best SSH tricks 5 . Change SSH port 1 in /etc/ssh/sshd_config find&modify the line: Port 300 . Deny empty passwords 2 in /etc/ssh/sshd_config find&modify the line: PermitEmptyPasswords no . Use SSH as an Internet Proxy 3 Google it ! . Assem Chelli OpenSSH tricks . . . . .
  • 47. . Best SSH tricks 5 . Change SSH port 1 in /etc/ssh/sshd_config find&modify the line: Port 300 . Deny empty passwords 2 in /etc/ssh/sshd_config find&modify the line: PermitEmptyPasswords no . Use SSH as an Internet Proxy 3 Google it ! . Assem Chelli OpenSSH tricks . . . . .
  • 48. . Thwart SSH Crackers DenyHosts Fail2ban security/sshguard security/sshblock . Assem Chelli OpenSSH tricks . . . . .
  • 49. . SSH via Proxy! Proxy Problem! /etc/ssh/ssh_config host * proxyCommand connect -H 10.0.0.1:80 %h %p . Assem Chelli OpenSSH tricks . . . . .
  • 50. . SSH via Proxy! Proxy Problem! /etc/ssh/ssh_config host * proxyCommand connect -H 10.0.0.1:80 %h %p . Assem Chelli OpenSSH tricks . . . . .
  • 51. . forwarding over SSH Agent forwarding ssh -A trustedhost (your privatekeys can be stolen) X11 forwarding ssh -X user@host firefox ssh -Y user@host Port forwarding ssh -L8000:anotherhost:80 somehost . Assem Chelli OpenSSH tricks . . . . .
  • 53. . Security ssh-agent X11 GatewayPorts MITM SSH-1.99 SSH timing attack . Assem Chelli OpenSSH tricks . . . . .
  • 55. Appendix For Further Reading . For Further Reading I SSH tips, tricks & protocol tutorial .Damien Miller , AUUG Winter 2002 . 25 Best SSH Commands / Tricks. http://www.newitperson.com/2012/01/25-ssh-commandstricks/ SSH manpage . Assem Chelli OpenSSH tricks . . . . .