This document discusses OpenSSH and provides tricks for using SSH. It begins by explaining what SSH is and why it is important for secure remote access. It then discusses installing OpenSSH and basic SSH usage like remote login. The document covers additional SSH features like executing commands remotely, file transfers using SCP and SFTP, public key authentication, and default configuration files. It provides examples of SSH port forwarding, comparing remote and local files, and mounting remote folders. The document concludes with a list of "best SSH tricks" including enabling password-less login and starting tunnels.
Slides from a presentation I gave on SSH. Covers basics of ssh, password|keys|host-based authentication, agent/key forwarding, configuration files (global and user-specific), local/remote port forwarding, scp, rsync, and briefly mentions git's support.
Overview of the SSH protocol.
SSH (Secure SHell) is a secure replacement for TELNET, rcp, rlogin, rsh (for login, remote execution of
commands, file transfer).
Security-wise SSH provides confidentiality (nobody can read the message content), integrity (guarantee that data is unaltered in transit) and authentication (of client and server). This provides protection against many of the possible attack vectors like IP spoofing, DNS spoofing, Password interception and eavesdropping.
SSH exists in 2 versions. SSH-2 fixes some of the shortcomings of SSH-1 so it should be used in place of SSH-1.
SSH also comes with features that in itself raise security concerns like tunneling and port forwarding.
Slides from a presentation I gave on SSH. Covers basics of ssh, password|keys|host-based authentication, agent/key forwarding, configuration files (global and user-specific), local/remote port forwarding, scp, rsync, and briefly mentions git's support.
Overview of the SSH protocol.
SSH (Secure SHell) is a secure replacement for TELNET, rcp, rlogin, rsh (for login, remote execution of
commands, file transfer).
Security-wise SSH provides confidentiality (nobody can read the message content), integrity (guarantee that data is unaltered in transit) and authentication (of client and server). This provides protection against many of the possible attack vectors like IP spoofing, DNS spoofing, Password interception and eavesdropping.
SSH exists in 2 versions. SSH-2 fixes some of the shortcomings of SSH-1 so it should be used in place of SSH-1.
SSH also comes with features that in itself raise security concerns like tunneling and port forwarding.
Shell is a protocol that provides authentication, encryption and data integrity to secure network communications. Implementations of Secure Shell offer the following capabilities: a secure command-shell, secure file transfer, and remote access to a variety of TCP/IP applications via a secure tunnel. Secure Shell client and server applications are widely available for most popular operating systems.
Secure Shell (SSH) is a cryptographic network protocol for operating network services securely over an unsecured network. This presentation is made as an assignment during our university course.
SSH is a protocol for secure remote access to a machine over untrusted networks.
SSH is a replacement for telnet, rsh, rlogin and can replace ftp.
Uses Encryption.
SSH is not a shell like Unix Bourne shell and C shell (wildcard expansion and command interpreter)
install hadoop in windows using maven and windows sdk and visual c++ compiler.
To install hadoop on windows see below link step by step guidance.
From version 2.3 hadoop suppot windows also but by default it supports linux and other version. to install in windows need to compile the hadoop source in native windows sdk and then that hadoop distribution generated can be used to run hadoop in windows.
hadoop installation on windows
Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform EnviornmentNagios
Leland Lammert's presentation on Nagios in a Multi-Platform Enviornment.
The presentation was given during the Nagios World Conference North America held Sept 20-Oct 2nd, 2013 in Saint Paul, MN. For more information on the conference (including photos and videos), visit: http://go.nagios.com/nwcna
Shell is a protocol that provides authentication, encryption and data integrity to secure network communications. Implementations of Secure Shell offer the following capabilities: a secure command-shell, secure file transfer, and remote access to a variety of TCP/IP applications via a secure tunnel. Secure Shell client and server applications are widely available for most popular operating systems.
Secure Shell (SSH) is a cryptographic network protocol for operating network services securely over an unsecured network. This presentation is made as an assignment during our university course.
SSH is a protocol for secure remote access to a machine over untrusted networks.
SSH is a replacement for telnet, rsh, rlogin and can replace ftp.
Uses Encryption.
SSH is not a shell like Unix Bourne shell and C shell (wildcard expansion and command interpreter)
install hadoop in windows using maven and windows sdk and visual c++ compiler.
To install hadoop on windows see below link step by step guidance.
From version 2.3 hadoop suppot windows also but by default it supports linux and other version. to install in windows need to compile the hadoop source in native windows sdk and then that hadoop distribution generated can be used to run hadoop in windows.
hadoop installation on windows
Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform EnviornmentNagios
Leland Lammert's presentation on Nagios in a Multi-Platform Enviornment.
The presentation was given during the Nagios World Conference North America held Sept 20-Oct 2nd, 2013 in Saint Paul, MN. For more information on the conference (including photos and videos), visit: http://go.nagios.com/nwcna
Internal knowledge share on SSH setup and usage. Includes some helpful config file options to save time and how to create and use SSH keys for better security and productivity.
Author: Jameel Nabbo
Company: UITSEC
This guide contain a practical hands on Linux privilege escalation techniques and methods. based on a real penetration testing experience.
OpenSSH is a FREE version of the SSH connectivity tools that technical users of the Internet rely on.
This talk will explain the most interesting features of ssh and some info about future developments.
Your SSH server configs are secure, right? If you search for hardening SSH, you can read all day about how this or that option is dangerous, or never use that flag, etc. But what really is the risk of compromise? This talk will explore various (mis)configurations and ways to use the client that perhaps have been deemed risky, but also walk through how exactly to attack them to bypass restrictions on the server or even get a shell. We'll also discuss some options that sound really bad, but more nuance is required to fully grasp what it takes to exploit the issue. You might even learn about some new features that let SSH do things you didn't think were really possible, or worse case you'll get a refresher on many attacks that have been mostly forgotten or ignored. Instead of just looking at a config or script and saying "that's bad, shouldn't do that", after this talk you should be able to demo various attacks yourself.
Proposal of an Advanced Retrieval System for Noble Qur’anAssem CHELLI
Noble Quran is different of all documents that we have known. It’s the sacred book
of Muslims. It contains knowledge of all aspects of life. With this huge quantity of
information, we can extract only a small part manually and this is considered insuffi-
cient compared to the size of knowledge contained by Quran. That raises the need for
a method to extract those information because currently there is no efficient method
except many printed lexicons and many tools of simple sequential search with regular
expression. Due to this limitation, the Quran requires us to find new ways to interact.
The goal through this work is to propose a system for advanced research in all of
the information contained in the Quran by considering the morphology of the Arabic
language and the properties of the Qur’anic text. It should be based on modern meth-
ods of information retrieval for good stability and high speed search. It would be very
useful for researchers and could be generalized to cover all the content in Arabic.
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
2. . What is SSH?
SSH: Secure SHell, a Network protocol Created by Tatu
Ylonen (1995)
Secure logging into remote computer
Public key authentication (!Password),
Authentication of the server (!MAN-IN-THE-MIDDLE )
Encryption,
Integrity
more features:
Stream Compression
Port forwarding
X11 sessions forwarding
File transfer
.
Assem Chelli
OpenSSH tricks
.
.
.
.
.
3. . WHY SSH IS SO IMPORTANT?
IP spoofing
IP source routing
DNS spoofing
Password sniffing
Manipulation of transfer data Atack on X11 (sniffing on
authorization)
.
Assem Chelli
OpenSSH tricks
.
.
.
.
.
4. . Install Open SSH
SSH is so resricted , OPEN SSH is free!
openssh-client , openssh-server
sudo apt-get install openssh-client openssh-server
sudo yum install openssh-client openssh-server
WINDOWS: download & install PuTTY
http://www.chiark.greenend.org.uk/ sgtatham/putty/
.
Assem Chelli
OpenSSH tricks
.
.
.
.
.
7. . Omar in the middle!
let’s play SERVER role!
We put Server offline
Someone fix his IP as the same IP of server
Now try login again
ssh host
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle
attack)!
It is also possible that the RSA host key has just been changed.
.
Assem Chelli
OpenSSH tricks
.
.
.
.
.
8. . Omar in the middle!
let’s play SERVER role!
We put Server offline
Someone fix his IP as the same IP of server
Now try login again
ssh host
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle
attack)!
It is also possible that the RSA host key has just been changed.
.
Assem Chelli
OpenSSH tricks
.
.
.
.
.
16. . File transfer
scp
scp [user1@]host1:/path/to/source/file
[user2@]host2:/path/to/destination/file
scp -r
sftp
sftp host
sftp> cd /usr/share/games
sftp> ls
sftp> lcd /tmp
get c*
quit
tar-over-ssh
ssh host "cd /usr/share/games ; tar cf - ./a*" |
> (cd /tmp ; tar xpvf -)
rsync
rsync -ve ssh host:/bin/c* /tmp
.
Assem Chelli
OpenSSH tricks
.
.
.
.
.
17. . Public Keys
Generate a public key
ssh-keygen -t rsa
cat ~/.ssh/id_rsa.pub
Authentification
ssh-add -l
Restrictions
cat ~/.ssh/authorized_keys
.
Assem Chelli
OpenSSH tricks
.
.
.
.
.
18. . Default Config Files and SSH Port
/etc/ssh/sshd_config - OpenSSH server configuration file.
/etc/ssh/ssh_config - OpenSSH client configuration file.
~/.ssh/ - Users ssh configuration directory.
~/.ssh/authorized_keys - Lists the public keys (RSA or
DSA) that can be used to log into the users account
/etc/nologin - If this file exists, sshd refuses to let anyone
except root log in.
/etc/hosts.allow and /etc/hosts.deny : Access controls
lists that should be enforced by tcp-wrappers are defined here.
SSH default port : TCP ??
.
Assem Chelli
OpenSSH tricks
.
.
.
.
.
19. . Default Config Files and SSH Port
/etc/ssh/sshd_config - OpenSSH server configuration file.
/etc/ssh/ssh_config - OpenSSH client configuration file.
~/.ssh/ - Users ssh configuration directory.
~/.ssh/authorized_keys - Lists the public keys (RSA or
DSA) that can be used to log into the users account
/etc/nologin - If this file exists, sshd refuses to let anyone
except root log in.
/etc/hosts.allow and /etc/hosts.deny : Access controls
lists that should be enforced by tcp-wrappers are defined here.
SSH default port : TCP ??
.
Assem Chelli
OpenSSH tricks
.
.
.
.
.
20. . Default Config Files and SSH Port
/etc/ssh/sshd_config - OpenSSH server configuration file.
/etc/ssh/ssh_config - OpenSSH client configuration file.
~/.ssh/ - Users ssh configuration directory.
~/.ssh/authorized_keys - Lists the public keys (RSA or
DSA) that can be used to log into the users account
/etc/nologin - If this file exists, sshd refuses to let anyone
except root log in.
/etc/hosts.allow and /etc/hosts.deny : Access controls
lists that should be enforced by tcp-wrappers are defined here.
SSH default port : TCP ??
.
Assem Chelli
OpenSSH tricks
.
.
.
.
.
21. . Default Config Files and SSH Port
/etc/ssh/sshd_config - OpenSSH server configuration file.
/etc/ssh/ssh_config - OpenSSH client configuration file.
~/.ssh/ - Users ssh configuration directory.
~/.ssh/authorized_keys - Lists the public keys (RSA or
DSA) that can be used to log into the users account
/etc/nologin - If this file exists, sshd refuses to let anyone
except root log in.
/etc/hosts.allow and /etc/hosts.deny : Access controls
lists that should be enforced by tcp-wrappers are defined here.
SSH default port : TCP ??
.
Assem Chelli
OpenSSH tricks
.
.
.
.
.
22. . Default Config Files and SSH Port
/etc/ssh/sshd_config - OpenSSH server configuration file.
/etc/ssh/ssh_config - OpenSSH client configuration file.
~/.ssh/ - Users ssh configuration directory.
~/.ssh/authorized_keys - Lists the public keys (RSA or
DSA) that can be used to log into the users account
/etc/nologin - If this file exists, sshd refuses to let anyone
except root log in.
/etc/hosts.allow and /etc/hosts.deny : Access controls
lists that should be enforced by tcp-wrappers are defined here.
SSH default port : TCP ??
.
Assem Chelli
OpenSSH tricks
.
.
.
.
.
23. . Default Config Files and SSH Port
/etc/ssh/sshd_config - OpenSSH server configuration file.
/etc/ssh/ssh_config - OpenSSH client configuration file.
~/.ssh/ - Users ssh configuration directory.
~/.ssh/authorized_keys - Lists the public keys (RSA or
DSA) that can be used to log into the users account
/etc/nologin - If this file exists, sshd refuses to let anyone
except root log in.
/etc/hosts.allow and /etc/hosts.deny : Access controls
lists that should be enforced by tcp-wrappers are defined here.
SSH default port : TCP ??
.
Assem Chelli
OpenSSH tricks
.
.
.
.
.
24. . Default Config Files and SSH Port
/etc/ssh/sshd_config - OpenSSH server configuration file.
/etc/ssh/ssh_config - OpenSSH client configuration file.
~/.ssh/ - Users ssh configuration directory.
~/.ssh/authorized_keys - Lists the public keys (RSA or
DSA) that can be used to log into the users account
/etc/nologin - If this file exists, sshd refuses to let anyone
except root log in.
/etc/hosts.allow and /etc/hosts.deny : Access controls
lists that should be enforced by tcp-wrappers are defined here.
SSH default port : TCP ??
.
Assem Chelli
OpenSSH tricks
.
.
.
.
.
25. . BEST SSH Tricks 1
. Copy ssh keys to user@host to enable password-less ssh logins
1
ssh-copy-id user@host
. Start a tunnel from some machines port 80 to your local post
2001
2
ssh -N -L2001:localhost:80 somemachine
. Output your microphone to a remote computers speaker
3
dd if=/dev/dsp | ssh -c arcfour -C username@host dd
of=/dev/dsp
. Compare a remote file with a local file
4
ssh user@host cat /path/to/remotefile | diff /path/to/localfile
-
. Mount folder/filesystem through SSH
5
ss hfs name@server:/path/to/folder /path/to/mount/point
.
Assem Chelli
OpenSSH tricks
.
.
.
.
.
26. . BEST SSH Tricks 1
. Copy ssh keys to user@host to enable password-less ssh logins
1
ssh-copy-id user@host
. Start a tunnel from some machines port 80 to your local post
2001
2
ssh -N -L2001:localhost:80 somemachine
. Output your microphone to a remote computers speaker
3
dd if=/dev/dsp | ssh -c arcfour -C username@host dd
of=/dev/dsp
. Compare a remote file with a local file
4
ssh user@host cat /path/to/remotefile | diff /path/to/localfile
-
. Mount folder/filesystem through SSH
5
ss hfs name@server:/path/to/folder /path/to/mount/point
.
Assem Chelli
OpenSSH tricks
.
.
.
.
.
27. . BEST SSH Tricks 1
. Copy ssh keys to user@host to enable password-less ssh logins
1
ssh-copy-id user@host
. Start a tunnel from some machines port 80 to your local post
2001
2
ssh -N -L2001:localhost:80 somemachine
. Output your microphone to a remote computers speaker
3
dd if=/dev/dsp | ssh -c arcfour -C username@host dd
of=/dev/dsp
. Compare a remote file with a local file
4
ssh user@host cat /path/to/remotefile | diff /path/to/localfile
-
. Mount folder/filesystem through SSH
5
ss hfs name@server:/path/to/folder /path/to/mount/point
.
Assem Chelli
OpenSSH tricks
.
.
.
.
.
28. . BEST SSH Tricks 1
. Copy ssh keys to user@host to enable password-less ssh logins
1
ssh-copy-id user@host
. Start a tunnel from some machines port 80 to your local post
2001
2
ssh -N -L2001:localhost:80 somemachine
. Output your microphone to a remote computers speaker
3
dd if=/dev/dsp | ssh -c arcfour -C username@host dd
of=/dev/dsp
. Compare a remote file with a local file
4
ssh user@host cat /path/to/remotefile | diff /path/to/localfile
-
. Mount folder/filesystem through SSH
5
ss hfs name@server:/path/to/folder /path/to/mount/point
.
Assem Chelli
OpenSSH tricks
.
.
.
.
.
29. . BEST SSH Tricks 1
. Copy ssh keys to user@host to enable password-less ssh logins
1
ssh-copy-id user@host
. Start a tunnel from some machines port 80 to your local post
2001
2
ssh -N -L2001:localhost:80 somemachine
. Output your microphone to a remote computers speaker
3
dd if=/dev/dsp | ssh -c arcfour -C username@host dd
of=/dev/dsp
. Compare a remote file with a local file
4
ssh user@host cat /path/to/remotefile | diff /path/to/localfile
-
. Mount folder/filesystem through SSH
5
ss hfs name@server:/path/to/folder /path/to/mount/point
.
Assem Chelli
OpenSSH tricks
.
.
.
.
.
30. . BEST SSH Tricks 2
. SSH connection through host in the middle
1
ssh -t reachable_host ssh unreachable_host
. Copy from host1 to host2, through your host
2
ssh root@host1 cd /somedir/tocopy/ && tar -cf . | ssh
root@host2 cd /samedir/tocopyto/ && tar -xf -
. Run any GUI program remotely
3
ssh -fX @
. Create a persistent connection to a machine
4
ssh -MNf @
. Attach screen over ssh
5
ssh -t remote_host screen -r
.
Assem Chelli
OpenSSH tricks
.
.
.
.
.
31. . BEST SSH Tricks 2
. SSH connection through host in the middle
1
ssh -t reachable_host ssh unreachable_host
. Copy from host1 to host2, through your host
2
ssh root@host1 cd /somedir/tocopy/ && tar -cf . | ssh
root@host2 cd /samedir/tocopyto/ && tar -xf -
. Run any GUI program remotely
3
ssh -fX @
. Create a persistent connection to a machine
4
ssh -MNf @
. Attach screen over ssh
5
ssh -t remote_host screen -r
.
Assem Chelli
OpenSSH tricks
.
.
.
.
.
32. . BEST SSH Tricks 2
. SSH connection through host in the middle
1
ssh -t reachable_host ssh unreachable_host
. Copy from host1 to host2, through your host
2
ssh root@host1 cd /somedir/tocopy/ && tar -cf . | ssh
root@host2 cd /samedir/tocopyto/ && tar -xf -
. Run any GUI program remotely
3
ssh -fX @
. Create a persistent connection to a machine
4
ssh -MNf @
. Attach screen over ssh
5
ssh -t remote_host screen -r
.
Assem Chelli
OpenSSH tricks
.
.
.
.
.
33. . BEST SSH Tricks 2
. SSH connection through host in the middle
1
ssh -t reachable_host ssh unreachable_host
. Copy from host1 to host2, through your host
2
ssh root@host1 cd /somedir/tocopy/ && tar -cf . | ssh
root@host2 cd /samedir/tocopyto/ && tar -xf -
. Run any GUI program remotely
3
ssh -fX @
. Create a persistent connection to a machine
4
ssh -MNf @
. Attach screen over ssh
5
ssh -t remote_host screen -r
.
Assem Chelli
OpenSSH tricks
.
.
.
.
.
34. . BEST SSH Tricks 2
. SSH connection through host in the middle
1
ssh -t reachable_host ssh unreachable_host
. Copy from host1 to host2, through your host
2
ssh root@host1 cd /somedir/tocopy/ && tar -cf . | ssh
root@host2 cd /samedir/tocopyto/ && tar -xf -
. Run any GUI program remotely
3
ssh -fX @
. Create a persistent connection to a machine
4
ssh -MNf @
. Attach screen over ssh
5
ssh -t remote_host screen -r
.
Assem Chelli
OpenSSH tricks
.
.
.
.
.
35. . BEST SSH Tricks 3
. Run complex remote shell cmds over ssh
1
ssh host -l user $(
ssh host -l user cat cmd.txt
. Resume scp of a big file
2
rsync partial progress rsh=ssh $file_source
$user@$host:$destination_file
. Analyze traffic remotely over ssh w/ wireshark
3
ssh root@server.com tshark -f port !22 -w - | wireshark -k -i -
. Have an ssh session open forever
4
autossh -M50000 -t server.example.com screen -raAd
mysession
. Harder, Faster, Stronger SSH clients
5
ssh -4 -C -c blowfish-cbc
.
Assem Chelli
OpenSSH tricks
.
.
.
.
.
36. . BEST SSH Tricks 3
. Run complex remote shell cmds over ssh
1
ssh host -l user $(
ssh host -l user cat cmd.txt
. Resume scp of a big file
2
rsync partial progress rsh=ssh $file_source
$user@$host:$destination_file
. Analyze traffic remotely over ssh w/ wireshark
3
ssh root@server.com tshark -f port !22 -w - | wireshark -k -i -
. Have an ssh session open forever
4
autossh -M50000 -t server.example.com screen -raAd
mysession
. Harder, Faster, Stronger SSH clients
5
ssh -4 -C -c blowfish-cbc
.
Assem Chelli
OpenSSH tricks
.
.
.
.
.
37. . BEST SSH Tricks 3
. Run complex remote shell cmds over ssh
1
ssh host -l user $(
ssh host -l user cat cmd.txt
. Resume scp of a big file
2
rsync partial progress rsh=ssh $file_source
$user@$host:$destination_file
. Analyze traffic remotely over ssh w/ wireshark
3
ssh root@server.com tshark -f port !22 -w - | wireshark -k -i -
. Have an ssh session open forever
4
autossh -M50000 -t server.example.com screen -raAd
mysession
. Harder, Faster, Stronger SSH clients
5
ssh -4 -C -c blowfish-cbc
.
Assem Chelli
OpenSSH tricks
.
.
.
.
.
38. . BEST SSH Tricks 3
. Run complex remote shell cmds over ssh
1
ssh host -l user $(
ssh host -l user cat cmd.txt
. Resume scp of a big file
2
rsync partial progress rsh=ssh $file_source
$user@$host:$destination_file
. Analyze traffic remotely over ssh w/ wireshark
3
ssh root@server.com tshark -f port !22 -w - | wireshark -k -i -
. Have an ssh session open forever
4
autossh -M50000 -t server.example.com screen -raAd
mysession
. Harder, Faster, Stronger SSH clients
5
ssh -4 -C -c blowfish-cbc
.
Assem Chelli
OpenSSH tricks
.
.
.
.
.
39. . BEST SSH Tricks 3
. Run complex remote shell cmds over ssh
1
ssh host -l user $(
ssh host -l user cat cmd.txt
. Resume scp of a big file
2
rsync partial progress rsh=ssh $file_source
$user@$host:$destination_file
. Analyze traffic remotely over ssh w/ wireshark
3
ssh root@server.com tshark -f port !22 -w - | wireshark -k -i -
. Have an ssh session open forever
4
autossh -M50000 -t server.example.com screen -raAd
mysession
. Harder, Faster, Stronger SSH clients
5
ssh -4 -C -c blowfish-cbc
.
Assem Chelli
OpenSSH tricks
.
.
.
.
.
40. . Best SSH tricks 4
. Disable OpenSSH Server
1
apt-get remove openssh-server (ubuntu )
chkconfig sshd off && yum erase openssh-server (fedora)
. Force to use SSH protocole 2 because SSH-1 is vulnerable
(Man-in-the-middle attacks)
2
in /etc/ssh/sshd_config add the line: Protocol 2
. Limit root or Users’ SSH Access
3
in /etc/ssh/sshd_config
find&modify the line: AllowUsers root assem
or find&modify the line: DenyUsers omar zaki ali-baba
or find&modify the line: PermitRootLogin no
or create /etc/nologin
. Enable a Warning Banner
4
in /etc/ssh/sshd_config add the line: Banner /etc/issue
.
Assem Chelli
OpenSSH tricks
.
.
.
.
.
41. . Best SSH tricks 4
. Disable OpenSSH Server
1
apt-get remove openssh-server (ubuntu )
chkconfig sshd off && yum erase openssh-server (fedora)
. Force to use SSH protocole 2 because SSH-1 is vulnerable
(Man-in-the-middle attacks)
2
in /etc/ssh/sshd_config add the line: Protocol 2
. Limit root or Users’ SSH Access
3
in /etc/ssh/sshd_config
find&modify the line: AllowUsers root assem
or find&modify the line: DenyUsers omar zaki ali-baba
or find&modify the line: PermitRootLogin no
or create /etc/nologin
. Enable a Warning Banner
4
in /etc/ssh/sshd_config add the line: Banner /etc/issue
.
Assem Chelli
OpenSSH tricks
.
.
.
.
.
42. . Best SSH tricks 4
. Disable OpenSSH Server
1
apt-get remove openssh-server (ubuntu )
chkconfig sshd off && yum erase openssh-server (fedora)
. Force to use SSH protocole 2 because SSH-1 is vulnerable
(Man-in-the-middle attacks)
2
in /etc/ssh/sshd_config add the line: Protocol 2
. Limit root or Users’ SSH Access
3
in /etc/ssh/sshd_config
find&modify the line: AllowUsers root assem
or find&modify the line: DenyUsers omar zaki ali-baba
or find&modify the line: PermitRootLogin no
or create /etc/nologin
. Enable a Warning Banner
4
in /etc/ssh/sshd_config add the line: Banner /etc/issue
.
Assem Chelli
OpenSSH tricks
.
.
.
.
.
43. . Best SSH tricks 4
. Disable OpenSSH Server
1
apt-get remove openssh-server (ubuntu )
chkconfig sshd off && yum erase openssh-server (fedora)
. Force to use SSH protocole 2 because SSH-1 is vulnerable
(Man-in-the-middle attacks)
2
in /etc/ssh/sshd_config add the line: Protocol 2
. Limit root or Users’ SSH Access
3
in /etc/ssh/sshd_config
find&modify the line: AllowUsers root assem
or find&modify the line: DenyUsers omar zaki ali-baba
or find&modify the line: PermitRootLogin no
or create /etc/nologin
. Enable a Warning Banner
4
in /etc/ssh/sshd_config add the line: Banner /etc/issue
.
Assem Chelli
OpenSSH tricks
.
.
.
.
.
44. . Best SSH tricks 5
. Change SSH port
1
in /etc/ssh/sshd_config find&modify the line: Port 300
. Deny empty passwords
2
in /etc/ssh/sshd_config find&modify the line:
PermitEmptyPasswords no
. Use SSH as an Internet Proxy
3
Google it !
.
Assem Chelli
OpenSSH tricks
.
.
.
.
.
45. . Best SSH tricks 5
. Change SSH port
1
in /etc/ssh/sshd_config find&modify the line: Port 300
. Deny empty passwords
2
in /etc/ssh/sshd_config find&modify the line:
PermitEmptyPasswords no
. Use SSH as an Internet Proxy
3
Google it !
.
Assem Chelli
OpenSSH tricks
.
.
.
.
.
46. . Best SSH tricks 5
. Change SSH port
1
in /etc/ssh/sshd_config find&modify the line: Port 300
. Deny empty passwords
2
in /etc/ssh/sshd_config find&modify the line:
PermitEmptyPasswords no
. Use SSH as an Internet Proxy
3
Google it !
.
Assem Chelli
OpenSSH tricks
.
.
.
.
.
47. . Best SSH tricks 5
. Change SSH port
1
in /etc/ssh/sshd_config find&modify the line: Port 300
. Deny empty passwords
2
in /etc/ssh/sshd_config find&modify the line:
PermitEmptyPasswords no
. Use SSH as an Internet Proxy
3
Google it !
.
Assem Chelli
OpenSSH tricks
.
.
.
.
.