Librenix
Headlines | Linux | Apps | Coding | BSD | Admin | News
Information for Linux System Administration 

OpenWRT SSH

Up
vote
Down

Build an OpenWRT SSH server on a cheap, diskless, fanless, noiseless and very power-efficient home router...
Now I can tunnel my traffic through SSH using a home router with Linux. It was easy to set up and cheap. And I needed a router at home anyway. I have a basic Linux-like system, and the most interesting for me: OpenSSH. Also, it is small, quiet, power effective and reliable.

There are two popular Linux-based firmware projects for routers: OpenWrt and DD-WRT. The first thing you have to do is to pick the one you want. Check supported hardware before you decide.
read more...
mail this link | permapage | score:8138 | -Ray, December 20, 2010

Tutorial: Set up RAID1 on a remote Linux system vis SSH

Up
vote
Down

RAID-1 allows to create an exact copy of the original drive. Thus, it results into the increased fault tolerance and easy data recovery option for single server. It is true that the best and easy way to setup a RAID 1 is during installation. But if you forget to setup RAID – 1 during installation or if you have added new hard disk after installation, then this how-to covers setting up a RAID-1 mirroring on a running remote Linux system over ssh session. read more...
permapage | score:8134 | -nixcraft, June 21, 2006

WiFi Hotspot Privacy with SSH Tunnelling

Up
vote
Down

Wish you had some privacy while working from a wireless hotspot?
The problem is that for it to be a good hotspot anyone needs to be able to use it. Now you are really “socializing” with the others around you since they can read your email, instant messaging and see what you are web browsing. To use SSH to protect your traffic you use the concept of port-forwarding. Use an encrypted SSH tunnel to a destination you reasonably trust and direct your activities through it. This encrypts your easy to read traffic over the exposed link of the wireless until it comes out of the SSH server and looks like normal traffic originating from there. Now our friends in the coffee shop cannot read our email, instant messaging or web pages
read more...
mail this link | permapage | score:8111 | -Ray, December 13, 2005

HPN-SSH: Multithreaded SSH

Up
vote
Down

This performance-enhanced SSH/SCP variant also dynamically allocates and sizes the receive buffers for substantial performance inprovement.
This cipher mode introduces multi-threading into the OpenSSH application in order to allow it to make full use of CPU resources available on multi-core systems. As the canonical distribution of OpenSSH is unable to make use of more than one core, high performance transfers can be bottlenecked by the cryptographic overhead.
read more...
permapage | score:8110 | -Ray, February 13, 2008

Tutorial: Set up Kojoney SSH Honeypot on CentOS 5.5

Up
vote
Down

Kojoney is a low level interaction honeypot that emulates an SSH server. The daemon is written in Python using the Twisted Conch libraries. In computer terminology, a honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer, data, or a network site that appears to be part of a network, but is actually isolated, (un)protected, and monitored, and which seems to contain information or a resource of value to attackers. This tutorial shows how you can compile and install an updated version of Kojoney on a CentOS 5.5 server. read more...
mail this link | permapage | score:8072 | -falko, October 4, 2010

Tutorial: SMTP over an SSH tunnel

Up
vote
Down

Make your email a little bit more private with the Secure Shell.
It is widely known that POP3 is a very insecure protocol, since it is a plain text protocol that transmits passwords and usernames with no protection. Anyone on a private network can quickly sniff packets and determine all the passwords used on the network. Although advances in POP3 authentication have surfaced (APOP, SSL, etc.) many servers still use the old plain text format.

SSH tunneling is the process of establishing a secure, encrypted tunnel between you and the mail host. This tunnel can be used for anything, but by using the Precommand feature of KMail, I will show you how to use a tunnel for POP3 and SMTP.
read more...
mail this link | permapage | score:8042 | -Ray, May 20, 2001 (Updated: June 8, 2003)

Tutorial: SFTP chroot user jail with OpenSSH 5.x

Up
vote
Down

The OpenSSH 4.9-5.x updates now include built in jailing. It is still a little confusing, so I have written an update to my former 4.x tutorial.

This tutorial shows how to set up a safe chroot for your users. It offers chroot only and will deny all SSH access. It should only take about thirty minutes from start to finish including package download times if you don't already have them.

This method is safer because it doesn't allow the users access to any commands such as a compiler or the perl interpreter.
You will not need to install any extensive libraries or copy hundreds of files for functional use.

The user will be 'jailed' to any directory you choose which will mean that they will see "/home/username/" as just "/" disabling them from seeing your entire server or others users files while still using SECURE FTP. read more...
mail this link | permapage | score:7995 | -GO ILLINI, May 6, 2008

SSHFS: Securely Mount Remote Filesystem in RHEL

Up
vote
Down

It is possible to mount your remote filesystem as a local filesystem on your Red hat/CentOS Linux system using sshfs.

FUSE is a Linux kernel module also available for FreeBSD, OpenSolaris and Mac OS X that allows non-privileged users to create their own file systems without the need to write any kernel code. SSHFS command utilizes FUSE to mount a file system using ssh.

This tutorial will describe installing FUSE, and using sshfs to mount your remote filesystem as a local mount point on your Linux system. read more...
mail this link | permapage | score:7951 | -nixcraft, May 10, 2007

SSH as a SOCKS proxy

Up
vote
Down

Yet another sweet ability of OpenSSH...
The -D arg tells OpenSSH to be a SOCKS proxy. So you simply log in to the endpoint via SSH with the -D arg like:

ssh -D 1234 user@host.example.com

And then tell your web browser to use a SOCKS v5 proxy on localhost at the specified port and bingo, you have a secure connection to your endpoint.
read more...
permapage | score:7921 | -Ray, January 23, 2009

Secure your VNC connection with SSH

Up
vote
Down

VNC stands for Virtual Network Computing. It is remote control software which allows you to view and fully interact with one computer desktop using a VNC viewer on another computer desktop anywhere on the LAN or Internet. The two computers don't even have to be the same type, so for example you can use VNC to view a Windows XP desktop at the office on a Linux or Mac computer at home.

Once you are connected, traffic between the viewer and the server is unencrypted, and could be sniffed by someone with access to the intervening network. Is security imported to you, we recommend tunneling the VNC protocol through some more secure channel such as SSH. This workshop describes how to connect from a Windows XP client to a Linux (OpenSuse 10.3) server via VNC and to tunnel this connection using SSH. read more...
mail this link | permapage | score:7877 | -fn-eagle, December 12, 2007

FreeBSD remote install over Linux via SSH

Up
vote
Down

From the not-intended-for-mass-usage dept., the depenguinator will let you turn your Linux box into a FreeBSD box remotely. Imagine the possibilities for insecure Linux systems turning into FreeBSD systems overnight, much to the surprise of the (original) owners...
Many computer systems around the world have been possessed by penguins; some have even been possessed by dead rats. In light of this, it is desireable to exorcize these evil spirits, and replace them with a nice, friendly daemon.

I've put together some code for building a FreeBSD disk image which will boot into memory, configure the network, set a root password, and enable SSH. This can be used to "depenguinate" a Linux box, without requiring any access beyond a network connection.
read more...
mail this link | permapage | score:7847 | -Ray, January 2, 2004

Tutorial: SSH Port forwarding

Up
vote
Down

This guide will get you up and tunneling your sessions over encrypted network connections.
SSH stands for Secure SHell, and it works very similar to the other login programs (it's based on Rsh, actually) with one important difference - it encrypts the entire communication session. When you enter your login and password they are encrypted before being sent. Likewise, everything you type and everything that comes back to you is encrypted as long as you're within that SSH session. The concept is very similar to how the military scrambles their radio communications to keep them from being intercepted by the enemy.
[If you still have problems in forwarding sessions over encrypted tunnels after reading the guide in the [read more] link below, try alternate SSH tunneling tutorial. -Ed] read more...
mail this link | permapage | score:7841 | -BluNereid, March 18, 2001 (Updated: April 1, 2005)

OpenSSH Cryptography Tutorial

Up
vote
Down

An introduction to OpenSSH on Unix / Linux...
OpenSSH, an OpenBSD project, is an incredibly secure implementation of the SSH protocol, a way of logging into a remote machine. For users of outdated protocols such as RSH, rlogin, and Telnet, it's an updated, secure replacement. For those who have never used anything like it, SSH can become a very valuable tool.

SSH is usually used to access a remote machine's shell, although there are other uses, such as:
read more...
permapage | score:7805 | -Ray, October 16, 2006

Set up SFTP with OpenSSH

Up
vote
Down

Secure file transfer gets too little attention, perhaps because it is too easy. For secure file transfer without the need of special programs or clients, nothing more is needed than to have the OpenSSH server installed and running. It has a built-in SFTP subsystem that is available to any account that can log in. In other words, for basic SFTP access, nothing needs to be done other than have an account accessible via SSH. read more...
permapage | score:7779 | -falko, March 23, 2011

Tutorial: Disable SSH, use scponly for file transfer (Debian 6)

Up
vote
Down

scponly is an alternate shell that restricts users to SCP and SFTP logins, but disallows SSH logins. It is a wrapper to the OpenSSH suite of applications. With the help of scponly, you can allow your users to use clients such as WinSCP or FileZilla to upload/download files, but you refuse SSH logins (e.g. with PuTTY) so that your users cannot execute files/programs. This tutorial shows how to install and use scponly on Debian Squeeze. read more...
permapage | score:7750 | -falko, August 24, 2011

Securing SSH

Up
vote
Down

Yes, even OpenSSH is vulnerable...
Apart from past flaws in the OpenSSH daemon itself that have allowed remote compromise (very rare), most break-ins result from successful brute-force attacks. You can see them in your firewall, system or auth logs, they are an extremely common form of attack. Here is an excerpt from the /var/log/messages file on a CentOS Linux box (the attacking hostname has been obfuscated). You can see multiple attempts to login as users root and ftp. Also note the time between repeated attempts - one second or less, much too quick to be a human. This is an automated attack.
read more...
mail this link | permapage | score:7731 | -Ray, April 25, 2006

Tutorial: No password SSH login

Up
vote
Down

Open SSH is the most widely used SSH server on Linux. Using SSH, one can connect to a remote host and gain a shell access on it in a secure manner as all traffic is encrypted.

A neat feature of open SSH is to authenticate a user using a public/private key pair to log into the remote host. By doing so, you won't be prompted for the remote user's password.

This tutorial will describe how to create a SSH public/private key pair, how to enable key based authentication and finally how to disable password authentication. read more...
mail this link | permapage | score:7723 | -chantra, February 1, 2007

Tutorial: Ultimate OpenSSH / Keychain Howto

Up
vote
Down

The fundamentals, starting with installation.
All right, so maybe this isn't quite the ultimate. But this howto will show you the fundamental ways to use OpenSSH; how to generate public/private key pairs and strong passphrases, and how to use the wonderful Keychain utility to automate your SSH logins. This is exceptionally handy when you log in and out frequently, and don't want to keep entering your passphrase.
read more...
permapage | score:7691 | -Ray, March 4, 2005

SSH Tricks

Up
vote
Down

Useful ssh tips and tricks...
SSH (secure shell) is a program enabling secure access to remote filesystems. Not everyone is aware of other powerful SSH capabilities, such as passwordless login, automatic execution of commands on a remote system or even mounting a remote folder using SSH! In this article we’ll cover these features and much more.
read more...
permapage | score:7631 | -Ray, July 6, 2006

Compiling OpenSSH on Ubuntu Server

Up
vote
Down

Find out how to compile OpenSSH on the latest version of Ubuntu, Ubuntu 7.04 Feisty Fawn Server, to get safely connected to your remote servers.
Installing the OpenSSH client and server on Ubuntu is as easy as typing "sudo apt-get install openssh" at a terminal prompt. However, this will install Portable OpenSSH version 4.3p2[-8ubuntu1]. Unfortunately for users, this version of Portable OpenSSH does not include the "Match" functionality added to the SSH server in version 4.4p1, that "allows some configuration options to be selectively overridden if specific criteria (based on user, group, hostname and/or address) are met."
read more...
mail this link | permapage | score:7566 | -estride, May 31, 2007
More articles...
Buy Abstract Art Prints

Selected articles

The short life and hard times of a Linux virus

Why Programmers are not Software Engineers

Missing the point of the Mac Mini

Apple DIY Repair

Closed Source Linux Distribution Launched

The Network Computer: An opportunity for Linux

The Supreme Court is wrong on Copyright Case

Download: Linux 3D Client for Starship Traders

How to install Ubuntu Linux on the decTOP SFF computer

Mono-culture and the .NETwork effect

Space Tyrant: Multithreading lessons learned on SMP hardware

Linux dominates Windows

Space Tyrant: A threaded game server project in C

The Real Microsoft Monopoly

MiniLesson: An introduction to Linux in ten commands

Shadow.sh: A simple directory shadowing script for Linux

Space Tyrant: A threaded C game project: First Code

Linux vs. Windows: Why Linux will win

Tutorial: Introduction to Linux files

Testing the Digital Ocean $5 Cloud Servers with an MMORPG

Hacker Haiku

Beneficial Computer Viruses

Microsoft to push unlicensed users to Linux

Programming Language Tradeoffs: 3GL vs 4GL

The life cycle of a programmer

Why software sucks

Apple to Intel move no threat to Linux

VPS: Xen vs. OpenVZ

Scripting: A parallel Linux backup script

Space Tyrant: A multiplayer network game for Linux

Graffiti Server Download Page

No, RMS, Linux is not GNU/Linux

Librenix T-Shirts and Coffee Mugs!

 

Firefox sidebar

Site map

Site info

News feed

Features

Login
(to post)

Search

 
Articles are owned by their authors.   © 2000-2012 Ray Yeargin