Librenix
Headlines | Linux | Apps | Coding | BSD | Admin | News
Information for Linux System Administration 

ZShaolin: vim, nmap, git, rsync, ssh for Android

Up
vote
Down

Remember ZShaolin? Yep, its that Android ninja tool that gives you zsh and a whole bunch of command-line applications on your Android device, minus the need to root it. read more...
permapage | score:9200 | -finid, November 9, 2012

ssh: Use Linux as a SOCKS5 proxy

Up
vote
Down

Did you know you could use ssh to create a SOCKS5 server?

This article explains how to create a SOCKS5 server in 1 command and how to add ip-based access control to it via iptables and tcp forwarder. read more...
permapage | score:9150 | -pkrumins, May 7, 2010

SSH over Tor

Up
vote
Down

How to encrypt your traffic with SSH and tunnel it through Tor for privacy and security...
For communicating anonymously on the Internet you use Tor. For secure communications, so that nobody can read your private information you use SSH. Combine both, and you have a secure and anonymous communication. In this hack, well show you how to use Tor to anonymize your SSH connections.
read more...
permapage | score:8861 | -Ray, June 4, 2007

sslh ssl/ssh multiplexer

Up
vote
Down

sslh accepts connections on specified ports, and forwards them further based on tests performed on the first data packet sent by the remote client.Probes for HTTP, SSL, SSH, OpenVPN, tinc, XMPP are implemented, and any other protocol that can be tested using a regular expression, can be recognised. A typical use case is to allow serving several services on port 443 (e.g. to connect to ssh from inside a corporate firewall, which almost never block port 443) while still serving HTTPS on that port. read more...
permapage | score:8752 | -gg234, January 9, 2013

Protect SSH from dictionary attacks with pam_abl

Up
vote
Down

Use pam_abl module to stop brute force attacks against your SSH server...
Practically all Unix and Linux servers run an SSH service to let administrators connect securely from remote locations. Unfortunately for security administrators, attacks on SSH services are popular today. In this article I'll show you how can you protect machines running SSH services from brute force attacks using the pam_abl plugin for SSH pluggable authentication modules (PAM).
read more...
permapage | score:8667 | -Ray, March 28, 2007

Tutorial: Set up Kojoney SSH Honeypot on CentOS 5.5

Up
vote
Down

Kojoney is a low level interaction honeypot that emulates an SSH server. The daemon is written in Python using the Twisted Conch libraries. In computer terminology, a honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer, data, or a network site that appears to be part of a network, but is actually isolated, (un)protected, and monitored, and which seems to contain information or a resource of value to attackers. This tutorial shows how you can compile and install an updated version of Kojoney on a CentOS 5.5 server. read more...
mail this link | permapage | score:8648 | -falko, October 4, 2010

Secure your VNC connection with SSH

Up
vote
Down

VNC stands for Virtual Network Computing. It is remote control software which allows you to view and fully interact with one computer desktop using a VNC viewer on another computer desktop anywhere on the LAN or Internet. The two computers don't even have to be the same type, so for example you can use VNC to view a Windows XP desktop at the office on a Linux or Mac computer at home.

Once you are connected, traffic between the viewer and the server is unencrypted, and could be sniffed by someone with access to the intervening network. Is security imported to you, we recommend tunneling the VNC protocol through some more secure channel such as SSH. This workshop describes how to connect from a Windows XP client to a Linux (OpenSuse 10.3) server via VNC and to tunnel this connection using SSH. read more...
mail this link | permapage | score:8628 | -fn-eagle, December 12, 2007

SSH as a SOCKS proxy

Up
vote
Down

Yet another sweet ability of OpenSSH...
The -D arg tells OpenSSH to be a SOCKS proxy. So you simply log in to the endpoint via SSH with the -D arg like:

ssh -D 1234 user@host.example.com

And then tell your web browser to use a SOCKS v5 proxy on localhost at the specified port and bingo, you have a secure connection to your endpoint.
read more...
permapage | score:8584 | -Ray, January 23, 2009

OpenWRT SSH

Up
vote
Down

Build an OpenWRT SSH server on a cheap, diskless, fanless, noiseless and very power-efficient home router...
Now I can tunnel my traffic through SSH using a home router with Linux. It was easy to set up and cheap. And I needed a router at home anyway. I have a basic Linux-like system, and the most interesting for me: OpenSSH. Also, it is small, quiet, power effective and reliable.

There are two popular Linux-based firmware projects for routers: OpenWrt and DD-WRT. The first thing you have to do is to pick the one you want. Check supported hardware before you decide.
read more...
mail this link | permapage | score:8581 | -Ray, December 20, 2010

Tutorial: Kippo SSH Honeypot (CentOS 5.5)

Up
vote
Down

Kippo is a medium interaction SSH honeypot designed to log brute force attacks and, most importantly, the entire shell interaction performed by the attacker. Kippo is inspired, but not based on Kojoney. This tutorial shows how you can compile and install Kippo on a CentOS 5.5 server. read more...
permapage | score:8557 | -falko, April 3, 2011

Secure SSH with WiKID two factor authentication

Up
vote
Down

SSH offers a highly secure channel for remote administration of servers. However, if you face an audit for regulatory or business requirements, such as Visa/Mastercard PCI, you need to be aware of some potential authentication related short-comings that may cause headaches in an audit. For example:

  • There is no way to control which users have public key authorization
  • There is no way to enforce passphrase complexity (or even be sure that one is being used)
  • There is no way to expire a public key
In this document we are going to demonstrate how to combine two-factor authentication from WiKID with an SSH gateway server with hosted private keys to create a highly secure, auditable and easy to use remote access solution.

read more...
mail this link | permapage | score:8520 | -nowen, April 30, 2007

Tutorial: Secure Chat with YTalk and SSH

Up
vote
Down

Encrypting your chat sessions with SSH.
Under normal conditions, when everybody trusts everybody else, YTalk, talk, ntalk, et cetera will work without any problems. Alas, I found the real world a little more difficult and disappointing. It turned out my buddies couldn't reach me because of firewalls. Either their firewall rules would block the UDP connection or my firewall rules would stop it. Then there was the issue of corporate firewalls and even the ISP who sometimes played the big brother by blocking certain ports for the protection of our Windows brethren. Rather than taking the time to reset my firewall to better rules and hoping my buddies could take the same effort for theirs, I opted for another approach: remote logging with SSH and using guest accounts expressly setup for the purpose.
read more...
mail this link | permapage | score:8513 | -Ray, February 19, 2003

Opening SSH and HTTP ports with iptables

Up
vote
Down

How to use the command line to open ports on your iptables firewall under Linux.
I have to look this up from time to time, usually just after installing a new Linux system intended for use as a test server. There are GUI tools for configuring the firewall, but I usually leave the entire windowing system uninstalled.

By default, many Linux distributions will start up sshd and httpd, but you wont be able to connect to them over the network, since the ports will be blocked by iptables. The examples below are for Red Hat or CentOS (which is basically Red Hat), and may vary slightly betweenl distributions.
read more...
mail this link | permapage | score:8490 | -Ray, January 9, 2006

Secure NFS: Tunneling NFS over SSH

Up
vote
Down

The goal of this howto is building an NFS server that works on an SSH tunnel. This way all traffic between your hosts and the file server is encrypted and thus more secure. Normally you should enter a password every time you try to establish an SSH connection but since we could be mounting at bootup we will use ssh-keygen to create a keypair so we can login without entering a password. We will, however, limit that login session to executing just one command. read more...
permapage | score:8397 | -falko, September 28, 2006

Tutorial: Mount remote directories with SSHFS on Ubuntu 11.10

Up
vote
Down

This tutorial explains how you can mount a directory from a remote server on the local server securely using SSHFS. SSHFS (Secure SHell FileSystem) is a filesystem that serves files/directories securely over SSH, and local users can use them just as if the were local files/directories. On the local computer, the remote share is mounted via FUSE (Filesystem in Userspace). I will use Ubuntu 11.10 for both the local and the remote server. read more...
permapage | score:8384 | -falko, December 6, 2011

Tutorial: Disable SSH, use scponly for file transfer (Debian 6)

Up
vote
Down

scponly is an alternate shell that restricts users to SCP and SFTP logins, but disallows SSH logins. It is a wrapper to the OpenSSH suite of applications. With the help of scponly, you can allow your users to use clients such as WinSCP or FileZilla to upload/download files, but you refuse SSH logins (e.g. with PuTTY) so that your users cannot execute files/programs. This tutorial shows how to install and use scponly on Debian Squeeze. read more...
permapage | score:8300 | -falko, August 24, 2011

Restrict users to SCP and SFTP with Chrooted rssh on RHEL

Up
vote
Down

FTP is insecure protocol, but file-transfer is required all time. You can use OpenSSH Server to transfer file using SCP and SFTP (secure ftp) without setting up an FTP server. However, this feature also grants ssh shell access to a user.

In this article series we will help you provide secure restricted file-transfer services to your users without resorting to FTP. It also covers chroot jail setup instructions to lock down users to their own home directories (allow users to transfer files but not browse the entire Linux / UNIX file system of the server) as well as per user configurations. read more...
mail this link | permapage | score:8239 | -nixcraft, January 2, 2008

Anyterm: Remote access without SSH

Up
vote
Down

Browser-based secure terminal access to remote systems...
Anyterm allows you to have secure terminal access to a server without needing any special software on a client machine beyond a Web browser. For example, with Anyterm you can open a terminal into your server from an Internet cafe. Because Anyterm uses a pseudo-terminal for communication with the shell, you can run most command-line tools from an Anyterm terminal running inside a Web browser.
read more...
permapage | score:8232 | -Ray, March 19, 2008

GDB and SSH Tunneling

Up
vote
Down

This article explains how to use GDB and ssh to debug remote processes on embedded systems. The same technique could be used to debug processes running behind firewalls.
Ever debugged a program remotely and felt like telling your computer where to go and how to get there? Hopelessly adding calls to printf() and recompiling as a steady string of explectatives flow from your over-caffeinated brain waves.

Fear not! Help is on the way.
(here are some wave prints) read more...
mail this link | permapage | score:8227 | -Curt Brune, June 13, 2006 (Updated: April 24, 2012)

Set up SSH with Public-Key Authentication

Up
vote
Down

This guide explains how to set up an SSH server on Debian Etch with public-key authorization (and optionally with disabled password logins). SSH is a great tool to control Linux-based computers remotely. It is safe and secure. read more...
permapage | score:8214 | -falko, March 30, 2008
More articles...
Large Framed Abstract Art

Recent headlines

Tutorial: Create an NFS-like Storage Server with GlusterFS on Ubuntu 12.10

10 basic examples of Linux ps command

LG 8-inch G Pad 8.3 Android tablet

Tutorial: Webcam streaming your desktop plus audio with ffmpeg, crtmpserver, Flowplayer

How to install HotShots on Fedora 19 and Ubuntu 13.04

OpenVZ Mount Tutorial: Mount Host Devices, Partitions, Directories in Containers (Debian, Ubuntu)

Tutorial: Debian 7 Samba Server with tdbsam

OpenBSD Tutorial: Configure Ralink USB Wireless Adapter

Install openQRM 5.1 on Debian 7

CoolShip Android all-in-keyboard computer

Dual-boot Windows 7 and Ubuntu 12.04 on a PC with UEFI board, SSD and HDD

Linux find command examples: finding files

Virtual Users/Domains with Postfix/Courier/MySQL/SquirrelMail (Debian 7)

Ubuntu Edge: Is there life after an unsuccessful crowd-funding campaign?

Upgrade Fedora 18 to 19 With FedUp

Elementary OS 0.2 Luna review

Tutorial: Fedora 19 Samba server with tdbsam

Setup Nginx + php-FPM + apc + MariaDB on Debian: The perfect LEMP server

Epoptes Open source computer lab management and monitoring tool

Pipelight Using Silverlight in Linux browsers

Tutorial: Install Debian 7 (testing) with debootstrap from a Grml live Linux

Linux mail command examples: send mails from command line

Sagemath in the Cloud and Sagemath 5.11

Tutorial: Replace Windows with Ubuntu 13.04

Unix: Shell Script Wrapper Examples

Tutorial: Running CS-Cart on Nginx on Debian 7/Ubuntu 13.04

Using Multiple PHP Versions (PHP-FPM FastCGI) With ISPConfig 3 (Ubuntu 12.04)

Hand of Thief trojan and your favorite Linux distribution

Plasma Media Center 1.1 and digiKam 3.3

Linux Iptables Examples

OpenShift Online: a non-developer guide

Nuvola Player: Enjoy all your Cloud music services from one interface

Tutorial: Automatically add a disclaimer to emails with alterMIME (Postfix on Debian 6)

Set up Oneiric PVHVM at Xen 4.1.2 Ubuntu 11.10 Dom0

Ubuntu is not a community distribution

Lynis: Security and system auditing tool

Tahoe Least-Authority File System for secure, distributed data storage

TuxOnIce: Hibernate Linux

Tutorial: Ubuntu Jeos 12.04 LTS Spam Filter Gateway Server

LinSSID Graphical wireless scanning for Linux

 

Firefox sidebar

Site map

Site info

News feed

Features

Login
(to post)

Search

 
Articles are owned by their authors.   © 2000-2012 Ray Yeargin