Table Of Contents
WTF is proxychains?!?
Setting up the launch pad
Configuring proxychains
Attack Scenario #1 (basic tunnel)
Attack Scenario #2 (advanced tunnel)
Attack Scenario #2 (advanced tunnel) explained
— Permalien
For my current project we have Ansible deploy scripts for our handful of services to a set of development servers. This has generally worked well, but occasionally we need to SSH directly to the server to debug an issue. Ideally I'd like to SSH to a server via it's Ansible hostname rather than having to look up its IP or machine name.
— Permalien
You may have heard that the NSA can decrypt SSH at least some of the time. If you have not, then read the latest batch of Snowden documents now. All of it. This post will still be here when you finish. My goal with this post here is to make NSA analysts sad. TL;DR: Scan this post for fixed width fonts, these will be the config file snippets and commands you have to use. || Déjà shaarlié il me semble mais là c'est la bavouille de guigui qu'on rajoute: https://shaarli.guiguishow.info/?qQJoJQ https://pad.lqdn.fr/p/ssh-hardening
— Permalien
Back in December when I revamped the SSH banner and started collecting the fingerprint I noticed an odd behavior. It turns out that a few SSH keys are used a lot more than once. For example, the following SSH fingerprint can be found on more than 250,000 devices!
https://gist.github.com/achillean/07f7f1e6b0e6e113a33c
— Permalien
Voici la suite des « études » des leaks (fuites) de Snowden menées pour NSA-Observer. Dans cet article, nous allons revenir sur les révélations du Spiegel datant de fin décembre lors du 31c3 (Chaos Computer Congress) et du 17 janvier 2015 portant sur les moyens offensifs de la NSA ainsi que d'autres agences concernant la cryptographie.
http://cdn.media.ccc.de/congress/2014/webm-sd/31c3-6258-en-Reconstructing_narratives_webm-sd.webm
BULLRUN est un « programme » de la NSA exploitant différents moyens pour accéder à du contenu chiffré. Le New York Times avait abordé le sujet fin 2013 dans son article « Secret Documents Reveal N.S.A. Campaign Against Encryption » mais sans aucun détail (comme The Guardian ou encore propublica).
— Permalien
TL;DR: Scan this post for fixed width fonts, these will be the config file snippets and commands you have to use. || voire aussi : https://pad.lqdn.fr/p/ssh-hardening
— Permalien
The “TL;DR” summary of what follows below is: If you configure your IPsec based VPN properly, you are not affected. Always use Perfect Forward Secrecy (“pfs=yes” wich is the default in libreswan IPsec) and avoid PreSharedKeys (authby=secret which is not the default in libreswan IPsec). If you really need to use PSK, use a strong shared secret that cannot be brute forced. The NSA has their own version of IKEcrack running on millions of dollars worth of CPU’s. Also, the NSA sneaks into your router to steal your PSK’s so they can decrypt all your traffic.
— Permalien
http://www.spiegel.de/media/media-35515.pdf
http://www.spiegel.de/international/world/nsa-documents-attacks-on-vpn-ssl-tls-ssh-tor-a-1010525.html
— Permalien
f you work a lot on linux and use ssh often, you quickly realize that typing your password every time you connect to a remote host gets annoying.
Not only that, it is not the best solution in terms of security either:
Every time you type a password, a snooper has an extra chance to see it.
Every host you ssh to with which you use your password, well, has to know your password. Or a hash of your password. In any case, you probably have typed your password on that host once or twice in your life (even if just for passwd, for example).
If you are victim of a Man In The Middle attack, your password may get stolen. Sure, you can verify the fingerprint of every host you connect to, and disable authentication without challenge and response in your ssh config. But what if there was a way you didn't have to do that?
This is where key authentication comes into play: instead of using a password to log in a remote host, you can use a pair of keys, and well, ssh-agent.
http://rabexc.org/posts/pitfalls-of-ssh-agents
— Permalien
If you've ever used SSH keys to manage multiple machines, then chances are you've used SSH-agent. This tool is designed to keep a SSH key in memory so that the user doesn't have to type their passphrase in every time. However, this can create some security risk. A user running as root may have the ability to pull the decrypted SSH key from memory and reconstruct it. Due to needing root access, this attack may seem useless. For example, an attacker may be able to install a keylogger and use that to obtain the passphrase for the SSH key. However, this causes the attacker to have to wait for the target to type in their passphrase. This might be hours, days, or weeks, depending on how often the target logs out. This is why obtaining the SSH key from memory is vital to pivoting to other machines in a speedy fashion.
— Permalien
storm is a command line tool to manage your ssh connections. http://stormssh.readthedocs.org/en/master/
— Permalien
zssh (Zmodem SSH) is a program for interactively transferring files to a remote machine while using the secure shell (ssh). It is intended to be a convenient alternative to scp , allowing to transfer files without having to open another session and re-authenticate oneself.
— Permalien
Did you know that when you’re using OpenSSH from the command line you have a variety of escape sequences available to you? SSH somewhere, then type “~” and “?” (tilde, then question mark) to see all the options.
— Permalien
Du tips SSH tUjUrs bon à prendre
— Permalien
Underwear is a library for easily deploying any Python-powered web application to one or more Linux servers. Underwear is configurable by a YAML template and takes care of installing packages, configuring web/WSGI servers, and securing the server.
What Problem Does Underwear Solve?
Despite the advent of configuration management tools such as Puppet, Chef, Ansible, and Salt, it remains difficult to deploy a web application because you have to first learn one of those tools and then write scripts in the tool’s domain-specific language.
Underwear makes deploying to a traditional Linux server stack as easy as deploying to Heroku by providing a pre-packaged, easily configurable library. Deployments can be executed simply by installing Underwear with pip, specifying the IP addresses of the server(s) to deploy to, then running a couple of commands.
— Permalien
SSH is one of the most widely used protocols for connecting to remote shells. While there are numerous SSH clients the most-used still remains OpenSSH's ssh. OpenSSH has been the default ssh client for every major Linux operation, and is trusted by cloud computing providers such as Amazon's EC2 services and web hosting companies like MediaTemple. There is a plethora of tips and tricks that can be used to make your experience even better than it already is. Read on to discover some of the best tweaks to your favorite SSH client.
— Permalien
Imagine you’re developing a web application using a framework like Rails. You’ve got your development server fired up and are regularly reloading http://localhost:3000 to see your changes. All is going well until you want to integrate with some 3rd party service that needs to talk to your application. You’re not really going to deploy to staging on every change, are you?
If you have control over the router, then you can simply forward an external port to your local machine. Bu you’re obviously a cool startup hacker, so of course you’re working in a coffee shop or co-work space. You’ve got no time for outdated ideas like “offices”. What are you to do?
— Permalien
Configuration ssh.
Voire aussi http://mah.everybody.org/docs/ssh
et ssh-agent https://wiki.archlinux.org/index.php/SSH_Keys
— Permalien
Mosh(mobile shell) is Remote terminal application that allows roaming, supports intermittent connectivity, and provides intelligent local echo and line editing of user keystrokes.
Mosh is a replacement for SSH. It's more robust and responsive, especially over Wi-Fi, cellular, and long-distance links.
Mosh is free software, available for GNU/Linux, FreeBSD, Solaris, Mac OS X, and Android.
Mosh Features
Change IP. Stay connected
Mosh automatically roams as you move between Internet connections. Use Wi-Fi on the train, Ethernet in a hotel, and LTE on a beach: you'll stay logged in. Most network programs lose their connections after roaming, including SSH and Web apps like Gmail. Mosh is different.
— Permalien
In this tutorial, we shall see how to allow or deny specific user accounts to do remote login to Linux server.
— Permalien
SSH is a powerful tool. When combined with ssh keys, it becomes easy to automate remote procedures like backups. However leaving key access wide open can be a bad idea. It is possible to use restrict ssh keys to specific commands, even coming from specific hosts. There is this nice little perl script called Authprogs that makes this somewhat easier. Ill show you how to use authprogs for an automated rsync over ssh.
— Permalien
«De nombreux autres usages d’Internet sont empêchés (et ce n’est jamais signalé dans les publicités), et sont parfois même considérés comme anormaux par les opérateurs !»
Pas sans rappeller https://twitter.com/bouyguestelecom/status/201341777708462083
— Permalien
There are many ways to set up a VPN. Setting up a VPN typically requires using privileged access on all hosts involved (in order to create virtual network interfaces via TUN/TAP devices), as well as opening up additional VPN ports on any existing firewall. This is an administrative overhead. If you can configure a VPN over a commonly available SSH tunnel, it will reduce the VPN provisioning overhead.
In this tutorial, I will describe how to set up a VPN over SSH in Linux, by using a command-line tool called sshuttle.
— Permalien
Transparent proxy server that works as a poor man's VPN. Forwards all TCP packets over ssh and
even DNS requests when using --dns option). Doesn't require admin privileges on the server side. Works with Linux and MacOS. Supports DNS tunneling.
====================
Un petit cas pratique en français : http://blog.uggy.org/post/2013/07/28/sshuttle-VPN-/-SSH
— Permalien
docker, ssh X11
— Permalien
Have you ever wondered what the “randomart” or “visual fingerprint” is all about when creating OpenSSH keys or connecting to OpenSSH servers? Surely, you’ve seen them. When generating a key on OpenSSH version 5.1 or later, you will see something like this:
$ ssh-keygen -f test-rsa Generating public/private rsa key pair. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in test-rsa. Your public key has been saved in test-rsa.pub. The key fingerprint is: 18:ff:18:d7:f4:a6:d8:ce:dd:d4:07:0e:e2:c5:f8:45 aaron@kratos The key's randomart image is: +--[ RSA 2048]----+ |
|
---|---|
. . E | |
+ = o | |
. S + = = | |
* .. | |
. + + . + | |
o . o. | |
o . . |
+-----------------+
I’m sure you’ve noticed this, and probably thought, “What’s the point?” or “What’s the algorithm in generating the visual art?” Well, I’m going to answer those questions for you in this post.
This post is an explanation of the algorithm as explained by Dirk Loss, Tobias Limmer, and Alexander von Gernler in their PDF “The drunken bishop: An analysis of the OpenSSH fingerprint visualization algorithm”. You can find their PDF at http://www.dirk-loss.de/sshvis/drunken_bishop.pdf. In the event that link is no longer available, I’ve archived the PDF at http://aarontoponce.org/drunken_bishop.pdf.
http://www.dirk-loss.de/sshvis/drunken_bishop.pdf%E2%80%8E
http://aarontoponce.org/drunken_bishop.pdf
— Permalien
Ever wondered how those key files in ~/.ssh actually work? How secure are they actually?
As you probably do too, I use ssh many times every single day — every git fetch and git push, every deploy, every login to a server. And recently I realised that to me, ssh was just some crypto voodoo that I had become accustomed to using, but I didn’t really understand. That’s a shame — I like to know how stuff works. So I went on a little journey of discovery, and here are some of the things I found.
When you start reading about “crypto stuff”, you very quickly get buried in an avalanche of acronyms. I will briefly mention the acronyms as we go along; they don’t help you understand the concepts, but they are useful in case you want to Google for further details.
— Permalien
Si on veut faire de la messagerie instantanée en utilisant un protocole ouvert, avec du logiciel libre, sans serveur centralisé, la solution est le protocole XMPP, normalisé dans le RFC 6121. XMPP, comme le courrier électronique, repose sur le principe de fédération. Mais bien des réseaux bloquent (stupidement, mais c'est une autre histoire) XMPP en sortie. Si SSH passe, une solution possible est de faire passer XMPP sur SSH.
— Permalien
Summary: Security always requires a multi-layered scheme. SSH is a good example of this. Methods range from simple sshd configuration through the use of PAM to specify who can use SSH, to application of port-knocking techniques, or to hide the fact that SSH access even exists. Applying these techniques can make life much harder for possible intruders, who will have to go past three unusual barriers.
http://www.portknocking.org/
http://www.debian-administration.org/articles/455
http://www.shorewall.net/PortKnocking.html
— Permalien
In my opinion, ldns and sister projects unbound [4] and nsd [5] are
great steps forward sane mainstream DNS software, and I am glad to see
OpenSSH agree. If you are presently using BIND, I strongly recommend you
consider switching to them.
— Permalien