Librenix
Headlines | Linux | Apps | Coding | BSD | Admin | News
Information for Linux System Administration 

SSH as a SOCKS proxy

Up
vote
Down

Yet another sweet ability of OpenSSH...
The -D arg tells OpenSSH to be a SOCKS proxy. So you simply log in to the endpoint via SSH with the -D arg like:

ssh -D 1234 user@host.example.com

And then tell your web browser to use a SOCKS v5 proxy on localhost at the specified port and bingo, you have a secure connection to your endpoint.
read more...
permapage | score:7977 | -Ray, January 23, 2009

Linux SSH Tutorial

Up
vote
Down

Learn the in's and out's of using SSH on your Linux box from this newly-rewritten tutorial.
This tutorial isn't going to cover how to install SSH, but will cover how to use it for a variety of tasks. Consult your Linux distribution's document for information on how to setup OpenSSH.

Chances are that if you are using a version of Linux that was installed within the last 4 or 5 years that you already have OpenSSH installed. The version of SSH that you will want to use on Linux is called OpenSSH. As of this writing (January 2006), the latest version available is 4.2, but you may encounter versions from 3.6 on up. If you are using anything lower than version 3.9, you should upgrade it.
read more...
mail this link | permapage | score:7928 | -Ray, March 4, 2006

Tutorial: SMTP over an SSH tunnel

Up
vote
Down

Make your email a little bit more private with the Secure Shell.
It is widely known that POP3 is a very insecure protocol, since it is a plain text protocol that transmits passwords and usernames with no protection. Anyone on a private network can quickly sniff packets and determine all the passwords used on the network. Although advances in POP3 authentication have surfaced (APOP, SSL, etc.) many servers still use the old plain text format.

SSH tunneling is the process of establishing a secure, encrypted tunnel between you and the mail host. This tunnel can be used for anything, but by using the Precommand feature of KMail, I will show you how to use a tunnel for POP3 and SMTP.
read more...
mail this link | permapage | score:7919 | -Ray, May 20, 2001 (Updated: June 8, 2003)

Tutorial: SFTP chroot user jail with OpenSSH 5.x

Up
vote
Down

The OpenSSH 4.9-5.x updates now include built in jailing. It is still a little confusing, so I have written an update to my former 4.x tutorial.

This tutorial shows how to set up a safe chroot for your users. It offers chroot only and will deny all SSH access. It should only take about thirty minutes from start to finish including package download times if you don't already have them.

This method is safer because it doesn't allow the users access to any commands such as a compiler or the perl interpreter.
You will not need to install any extensive libraries or copy hundreds of files for functional use.

The user will be 'jailed' to any directory you choose which will mean that they will see "/home/username/" as just "/" disabling them from seeing your entire server or others users files while still using SECURE FTP. read more...
mail this link | permapage | score:7910 | -GO ILLINI, May 6, 2008

Tutorial: Set up Kojoney SSH Honeypot on CentOS 5.5

Up
vote
Down

Kojoney is a low level interaction honeypot that emulates an SSH server. The daemon is written in Python using the Twisted Conch libraries. In computer terminology, a honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer, data, or a network site that appears to be part of a network, but is actually isolated, (un)protected, and monitored, and which seems to contain information or a resource of value to attackers. This tutorial shows how you can compile and install an updated version of Kojoney on a CentOS 5.5 server. read more...
mail this link | permapage | score:7897 | -falko, October 4, 2010

Tutorial: Ultimate OpenSSH / Keychain Howto

Up
vote
Down

The fundamentals, starting with installation.
All right, so maybe this isn't quite the ultimate. But this howto will show you the fundamental ways to use OpenSSH; how to generate public/private key pairs and strong passphrases, and how to use the wonderful Keychain utility to automate your SSH logins. This is exceptionally handy when you log in and out frequently, and don't want to keep entering your passphrase.
read more...
permapage | score:7876 | -Ray, March 4, 2005

Tutorial: Set up RAID1 on a remote Linux system vis SSH

Up
vote
Down

RAID-1 allows to create an exact copy of the original drive. Thus, it results into the increased fault tolerance and easy data recovery option for single server. It is true that the best and easy way to setup a RAID 1 is during installation. But if you forget to setup RAID 1 during installation or if you have added new hard disk after installation, then this how-to covers setting up a RAID-1 mirroring on a running remote Linux system over ssh session. read more...
permapage | score:7858 | -nixcraft, June 21, 2006

Tutorial: OpenSSH Security Practices

Up
vote
Down

OpenSSH is the implementation of the SSH protocol. OpenSSH is recommended for remote login, making backups, remote file transfer via scp or sftp, and much more. SSH is perfect to keep confidentiality and integrity for data exchanged between two networks and systems. However, the main advantage is server authentication, through the use of public key cryptography. From time to time there are rumors about OpenSSH zero day exploit. Here are a few things you need to tweak in order to improve OpenSSH server security. read more...
mail this link | permapage | score:7826 | -nixcraft, July 27, 2009

Encrypted NFS with OpenSSH and Linux

Up
vote
Down

This make NFS over public networks an actual option, performance permitting.
"NFS is a widely deployed, mature, and understood protocol that allows computers to share files over a network. The main problems with NFS are that it relies on the inherently insecure UDP protocol, transactions are not encrypted, hosts and users cannot be easily authenticated, and its difficulty in firewalling. This article provides a solution to most of these problems for Linux clients and servers. These principles may also be applied to any UNIX server with ssh installed. This article assumes basic knowledge of NFS and firewalling for Linux."
read more...
mail this link | permapage | score:7750 | -Ray, February 15, 2002

Set up SSH with Public-Key Authentication

Up
vote
Down

This guide explains how to set up an SSH server on Debian Etch with public-key authorization (and optionally with disabled password logins). SSH is a great tool to control Linux-based computers remotely. It is safe and secure. read more...
permapage | score:7665 | -falko, March 30, 2008

Restrict users to SCP and SFTP with Chrooted rssh on RHEL

Up
vote
Down

FTP is insecure protocol, but file-transfer is required all time. You can use OpenSSH Server to transfer file using SCP and SFTP (secure ftp) without setting up an FTP server. However, this feature also grants ssh shell access to a user.

In this article series we will help you provide secure restricted file-transfer services to your users without resorting to FTP. It also covers chroot jail setup instructions to lock down users to their own home directories (allow users to transfer files but not browse the entire Linux / UNIX file system of the server) as well as per user configurations. read more...
mail this link | permapage | score:7657 | -nixcraft, January 2, 2008

Openssh with AIX chroot

Up
vote
Down

This article describes how to set up an IBM AIX chroot environment and use it with ssh, sftp, and scp. You will also learn about the prerequisites for AIX and openssh, and how to configure and use a chroot environment. read more...
permapage | score:7631 | -BlueVoodoo, May 12, 2008

Advanced SSH security tips

Up
vote
Down

Perhaps the first thing you should do is run sshd on a non-standard port...
By default, SSH listens for connections on port 22. Attackers use port scanner software to see whether hosts are running an SSH service. It's wise to change the SSH port to a number higher than 1024 because most port scanners (including nmap) by default don't scan high ports.
read more...
permapage | score:7566 | -Ray, April 1, 2007

Compiling OpenSSH on Ubuntu Server

Up
vote
Down

Find out how to compile OpenSSH on the latest version of Ubuntu, Ubuntu 7.04 Feisty Fawn Server, to get safely connected to your remote servers.
Installing the OpenSSH client and server on Ubuntu is as easy as typing "sudo apt-get install openssh" at a terminal prompt. However, this will install Portable OpenSSH version 4.3p2[-8ubuntu1]. Unfortunately for users, this version of Portable OpenSSH does not include the "Match" functionality added to the SSH server in version 4.4p1, that "allows some configuration options to be selectively overridden if specific criteria (based on user, group, hostname and/or address) are met."
read more...
mail this link | permapage | score:7565 | -estride, May 31, 2007

Use SSH via HTTP Proxy with Corkscrew

Up
vote
Down

If you want to ssh your vps server or your home computer from your work place (assuming you are using http proxy). You need to use Corkscrew. Corkscrew is a simple tool to tunnel TCP connections through an HTTP proxy supporting the CONNECT method. It reads stdin and writes to stdout during the connection, just like netcat. read more...
permapage | score:7565 | -gg234, December 29, 2008

Restricting SSH commands

Up
vote
Down

Automate rsync backups without opening everything else...
SSH is a powerful tool. When combined with ssh keys, it becomes easy to automate remote procedures like backups. However leaving key access wide open can be a bad idea. It is possible to use restrict ssh keys to specific commands, even comming from specific hosts. There is this nice little perl script called Authprogs that makes this somewhat easier. Ill show you how to use authprogs for an automated rsync over ssh.
read more...
mail this link | permapage | score:7533 | -Ray, February 14, 2008

Tutorial: Disable SSH, use scponly for file transfer (Debian 6)

Up
vote
Down

scponly is an alternate shell that restricts users to SCP and SFTP logins, but disallows SSH logins. It is a wrapper to the OpenSSH suite of applications. With the help of scponly, you can allow your users to use clients such as WinSCP or FileZilla to upload/download files, but you refuse SSH logins (e.g. with PuTTY) so that your users cannot execute files/programs. This tutorial shows how to install and use scponly on Debian Squeeze. read more...
permapage | score:7493 | -falko, August 24, 2011

Tutorial: Set up chrooted SSH/SFTP

Up
vote
Down

This tutorial describes how to give users chrooted SSH and/or chrooted SFTP access on Debian Squeeze. With this setup, you can give your users shell access without having to fear that they can see your whole system. Your users will be jailed in a specific directory which they will not be able to break out of. I will also show how to restrict users to SFTP so that they cannot use SSH (this part is independent from the chroot part of this tutorial). read more...
permapage | score:7468 | -falko, September 6, 2011

Make SSH connections with SSHMenu

Up
vote
Down

SSHMenu overview and usage tips...
SSHMenu is packaged and available in repositories for both Ubuntu (as sshmenu-gnome) and Fedora (gnome-applet-sshmenu). Other SSHMenu packages available for both distributions do not include GNOME support. In those, the button for the SSH menu is started in its own window and an xterm is started when you wish to connect to a host with SSH. If you install the GNOME-aware SSHMenu packages, you can add SSHMenu to your panel by right-clicking the panel and choosing "Add to Panel..." and selecting the "SSH Menu Applet." When using the GNOME-aware SSHMenu, a gnome-terminal is started to handle your SSH connections, and you can select the profile gnome-terminal should use on a per-host basis.
read more...
mail this link | permapage | score:7445 | -Ray, June 18, 2008

Using SSH and SCP without passwords

Up
vote
Down

Setting up SSH user equivalency makes it extremely convenient to propagate files, either manually or via scripts for backups, etc. For some environments, such as Oracle Grid, ssh user equivalency is necessary for some tools to function.
In this article, I show you how to use the scp (secure copy) command without needing to use passwords. I then show you how to use this command in two scripts. One script lets you copy a file to multiple Linux boxes on your network, and the other allows you to back up all of your Linux boxes easily.

[ . . . ]

But what I like best about scp is it's easily scriptable...
read more...
mail this link | permapage | score:7428 | -Ray, October 9, 2005
More articles...
Buy Large Abstract Art Prints

Recent headlines

Virtual Users/Domains with Postfix/Courier/MySQL/SquirrelMail (Debian 7)

Install Apache2, PHP5, MySQL on CentOS 5.7

Python Client/Server Tutorial

Plasma Media Center 1.1 and digiKam 3.3

OpenShift Online: a non-developer guide

Usability, user-friendliness and the Linux desktop

Run Unity desktop on Linux Mint 12

Tutorial: Webcam streaming your desktop plus audio with ffmpeg, crtmpserver, Flowplayer

webOS: The latest Linux distribution

Tutorial: Replace Windows with Pinguy OS 11.10

The Coming HTML 5 Revolution in Linux

HowTo: HTTP Status: 206 Partial Content and Range Requests Using Curl

Tutorial: Run Joomla 1.7 on Nginx on Debian 6, Ubuntu 11.10

PDNSD HowTo: A DNS Caching Personal Server

Tutorial: Install Postfix, Courier, MySQL, SquirrelMail on CentOS 6.2

Reviewing Kali Linux - the distro for security geeks

Using Multiple PHP Versions (PHP-FPM FastCGI) With ISPConfig 3 (Ubuntu 12.04)

GhostBSD 2.5 review

Tutorial: USB-Over-IP server, Client on Ubuntu 10.04

Tutorial: Install Lighttpd, PHP5, MySQL on CentOS 6.0

Set up Ubuntu PV DomU via xen-image-create at Xen 3.3 Ubuntu Dom0 with Novell kernel 2.6.27

Linpus Lite 1.9 review

Install MySQL 5.6, memcached on Ubuntu 12.10

How to install postgresql 9.2 on Ubuntu 13.04 Server

Giada Audio tool for DJs, live performers and electronic musicians

Currency Traders Telnet Game

Stella: RH/CentOS 6.3 based Desktop OS

Tutorial: Replace Windows with Ubuntu 13.04

Arronax: Nautilus Plugin to create and modify Application Launchers

The Debate OS Project

Fedora 16 KDE review

Upgrade Fedora 18 to 19 With FedUp

Pissed Off Penguins: A Free Game Project

Apple DIY Repair

Pear OS Linux Panther 3 screenshot preview

VPS: Xen vs. OpenVZ

Tutorial: Running CS-Cart on Nginx on Debian 7/Ubuntu 13.04

Install Deepin desktop environment on ubuntu 13.04

Tutorial: Install Lighttpd, PHP5, MySQL on CentOS 6.4

Elementary OS 0.2 Luna review

 

Firefox sidebar

Site map

Site info

News feed

Features

Login
(to post)

Search

 
Articles are owned by their authors.   © 2000-2012 Ray Yeargin