SlideShare ist ein Scribd-Unternehmen logo

Advanced open ssh

Dan Kaminsky
Dan Kaminsky
1 von 2
Downloaden Sie, um offline zu lesen
Visit www.syngress.com/hackproofing for great prices on all our Hack Proofing titles 781.681.5151 Fax 781.681.3585 www.syngress.com GIG-5295_4/02_5m Exporting SSH Connectivity to a Client Export access to our SSH daemon to some client’s local port 2022: ssh –R2022:127.0.0.1:22 user@client Connect back through an exported port forward, while verifying the server’s identity: ssh –O HostKeyAlias=backend_host user@127.0.0.1 It’s possible to both import and export, creating a “floating bas- tion host” both hosts meet at. Other Things to Do with OpenSSH Copy a file to a remote host: scp file user@host:/path Copy a file over a local port forward: scp –o ‘HostKeyAlias back- end_host’ –o ‘Port 2022’ file user@backend_host:/tmp Synchronize a file with a remote host (only update what’s neces- sary): rsync –e ssh file user@host:/path/file Specify SSH1 for rsync: rsync –e “ssh –1” file user@host:/path/file Rsync through a HTTP Tunnel Start HTTPTunnel Server: hts 10080 –F 127.0.0.1:22 Start HTTPTunnel Client: htc –F 10022 –P proxy_host:8888 host:10080 Rsync entire directory through file, with details: rsync –v –r –e “ssh –o HostKeyAlias=host path user@127.0.0.1:/path Directly burn a CD over SSH: mkisofs –JR path/ | ssh user@burn- ing_host “cdrecord dev=scsi_id speed=# -“ Burn a CD over SSH after caching the data on the remote host: mkisofs –JR path/ | ssh user@host “cat > /tmp/burn.iso && cdrecord dev=scsi_id speed=# /tmp/burn.iso && rm /tmp/burn.iso” Forward all MP3 data sent to localhost:18001 to an mp3 decoder on a remote server: ssh -L18001:127.0.0.1:18001 effugas@10.0.1.11 “nc -l -p 18001 -e ./plaympg.sh” (plaympg.sh contents: #!/bin/sh -c ‘echo OK; exec mpg123 -) 5295_Syngress Booklet-PostCard 4/11/02 2:48 PM Page 1
Basic SSH Connect to host as user: ssh user@host Connect to host as user, alternate port: ssh –p port user@host OpenSSH Public Key Authentication Generate SSH1 / SSH2 keypair: ssh-keygen / ssh-keygen –t dsa Cause remote host to accept SSH1 keypair in lieu of password: cat ~/.ssh/identity.pub | ssh -1 effugas@10.0.1.10 “cd ~ && umask 077 && mkdir -p .ssh && cat >> ~/.ssh/authorized_keys” Cause remote host to accept SSH2 keypair in lieu of password: cat ~/.ssh/id_dsa.pub | ssh effugas@10.0.1.10 “cd ~ && umask 077 && mkdir -p .ssh && cat >> ~/.ssh/authorized_keys2” Add passphrase to SSH1 / SSH2 key: ssh-keygen.exe –p / ssh-keygen.exe -d –p Start SSH key agent (prevents you from having to type passphrase each time): ssh-agent bash Add SSH1 / SSH2 key to agent: ssh-add / ssh-add ~/.ssh/id_dsa OpenSSH Command Forwarding Execute command remotely: ssh user@host command Pipe output from remote command into local command: ssh user@host “remote_command” | “local_command” Get File: ssh user@host “cat file” > file Put File: cat file | ssh user@host “cat > file” List Directory: ssh user@host ls /path Get Many Files: ssh user@host “tar cf - /path” | tar –xf – Put Many Files: tar –cf - /path | ssh user@host“tar –xf –” Resume a download: ssh user@host “tail –c remote_filesize –local_filesize file” >> file Resume an upload: tail –c local_filesize-remote_filesize file >> file Safely switch users: ssh user@host -t “/bin/su –l user2” OpenSSH Port Forwarding Forward local port 6667 to some random host’s port 6667 as accessed through an SSH daemon: ssh user@host -L6667:remotely_visible_host:6667 Dynamically forward local port 1080 to some application specified host and port, accessed through an SSH daemon: ssh user@host -D1080 Forward remote port 5900 to some random host’s port 5900 as accessible by our own SSH client: ssh user@host -R5900:locally_visible_host:5900 Using OpenSSH ProxyCommands Basic Usage: ssh –o ProxyCommand=”command” user@port Use netcat instead of internal TCP socket to connect to remote host. ssh -o ProxyCommand=”nc %h %p” user@host Use Goto’s connect.c to route through SOCKS4 daemon on proxy_host:20080 to connect to remote host: ssh -o ProxyCommand=”connect -4 -S proxy_user@proxy:20080 %h %p” user@host Use Goto’s connect.c to route through SOCKS5 daemon on proxy_host:20080 to connect to remote host: ssh -o ProxyCommand=”connect -5 -S proxy_user@proxy:20080 %h %p” user@host Use Goto’s connect.c to route through HTTP daemon on proxy_host:20080 to connect to remote host: ssh -o ProxyCommand=”connect -H proxy_user@proxy:20080 %h %p” user@host Using HTTPTunnel with OpenSSH Forward HTTP traffic from local port 10080 to the SSH daemon on local- host: hts 10080 -F 127.0.0.1:22 Listen for SSH traffic on port 10022, translate it into HTTP-friendly pack- ets and throw it through the proxy on proxy_host:8888, and have it deliv- ered to the httptunnel server on host:10080: htc -F 10022 -P proxy_host:8888 host:10080 Send traffic to localhost port 10022, but make sure we verify our eventual forwarding to the final host: ssh -o HostKeyAlias=host -o Port=10022 user@127.0.0.1 Importing Access from a Bastion Host Set up a local forward to an SSH daemon accessible through a bastion host: ssh L2022:backend_host:22 user@bastion Independently connect to the SSH daemon made accessible above: ssh -o HostKeyAlias=backend_host –p 2022 root@127.0.0.1 Set up a dynamic forwarder to access the network visible behind some bas- tion host: ssh –D1080 user@bastion Connect to some SSH daemon visible to the bastion host connected to above: ssh -o ProxyCommand=”connect -4 -S 127.0.0.1:1080 %h %p” user@back- end_host Set up no advance forwarder; directly issue a command to the bastion host to link you with some backend host: ssh -o ProxyCommand=”ssh user@bas- tion nc %h %p” user@backend_host (continued on back) 5295_Syngress Booklet-PostCard 4/11/02 2:48 PM Page 2

Empfohlen

Tomáš Čorej - OpenSSH
Tomáš Čorej - OpenSSHTomáš Čorej - OpenSSH
Tomáš Čorej - OpenSSHwebelement
 
Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform Enviornment
Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform EnviornmentNagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform Enviornment
Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform EnviornmentNagios
 
SSH Tunneling Recipes
SSH Tunneling RecipesSSH Tunneling Recipes
SSH Tunneling RecipesOSOCO
 
Ssh tunnel
Ssh tunnelSsh tunnel
Ssh tunnelAmandeep Singh
 
XoxzoテレフォニーAPI入門2017
XoxzoテレフォニーAPI入門2017XoxzoテレフォニーAPI入門2017
XoxzoテレフォニーAPI入門2017Xoxzo Inc.
 
初心者のためのPythonによるWebAPI活用方入門
初心者のためのPythonによるWebAPI活用方入門初心者のためのPythonによるWebAPI活用方入門
初心者のためのPythonによるWebAPI活用方入門Xoxzo Inc.
 
LibreSSL, one year later
LibreSSL, one year laterLibreSSL, one year later
LibreSSL, one year laterGiovanni Bechis
 
Ssh and sshfp dns records v04
Ssh and sshfp dns records v04Ssh and sshfp dns records v04
Ssh and sshfp dns records v04Bob Novas
 

Empfohlen

Tomáš Čorej - OpenSSH
Tomáš Čorej - OpenSSHTomáš Čorej - OpenSSH
Tomáš Čorej - OpenSSHwebelement
 
Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform Enviornment
Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform EnviornmentNagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform Enviornment
Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform EnviornmentNagios
 
SSH Tunneling Recipes
SSH Tunneling RecipesSSH Tunneling Recipes
SSH Tunneling RecipesOSOCO
 
Ssh tunnel
Ssh tunnelSsh tunnel
Ssh tunnelAmandeep Singh
 
XoxzoテレフォニーAPI入門2017
XoxzoテレフォニーAPI入門2017XoxzoテレフォニーAPI入門2017
XoxzoテレフォニーAPI入門2017Xoxzo Inc.
 
初心者のためのPythonによるWebAPI活用方入門
初心者のためのPythonによるWebAPI活用方入門初心者のためのPythonによるWebAPI活用方入門
初心者のためのPythonによるWebAPI活用方入門Xoxzo Inc.
 
LibreSSL, one year later
LibreSSL, one year laterLibreSSL, one year later
LibreSSL, one year laterGiovanni Bechis
 
Ssh and sshfp dns records v04
Ssh and sshfp dns records v04Ssh and sshfp dns records v04
Ssh and sshfp dns records v04Bob Novas
 
Setting ubuntu server sebagai pc router
Setting ubuntu server sebagai pc routerSetting ubuntu server sebagai pc router
Setting ubuntu server sebagai pc routerNimrod Leon Scott Kenedy
 
OpenSSH: keep your secrets safe
OpenSSH: keep your secrets safeOpenSSH: keep your secrets safe
OpenSSH: keep your secrets safeGiovanni Bechis
 
September Ethereum Berlin Workshop
September Ethereum Berlin WorkshopSeptember Ethereum Berlin Workshop
September Ethereum Berlin Workshopaeronbuchanan
 
What happens when I press enter?
What happens when I press enter?What happens when I press enter?
What happens when I press enter?tobiassjosten
 
ClusterDesktop Socks5 Proxy
ClusterDesktop Socks5 ProxyClusterDesktop Socks5 Proxy
ClusterDesktop Socks5 ProxyEmil Parashkevov
 
FLOSS UK DEVOPS Spring 2015 Enhancing ssh config
FLOSS UK DEVOPS Spring 2015 Enhancing ssh configFLOSS UK DEVOPS Spring 2015 Enhancing ssh config
FLOSS UK DEVOPS Spring 2015 Enhancing ssh configdmp1304
 
OpenSMTPD: we deliver !!
OpenSMTPD: we deliver !!OpenSMTPD: we deliver !!
OpenSMTPD: we deliver !!Giovanni Bechis
 
openssh portforwarding and linux firewall
openssh portforwarding and linux firewallopenssh portforwarding and linux firewall
openssh portforwarding and linux firewallKhubaib Mahar
 
SIP Attack Handling (Kamailio World 2021)
SIP Attack Handling (Kamailio World 2021)SIP Attack Handling (Kamailio World 2021)
SIP Attack Handling (Kamailio World 2021)Fred Posner
 
Getting started with RDO Havana
Getting started with RDO HavanaGetting started with RDO Havana
Getting started with RDO HavanaDan Radez
 
Network programming using python
Network programming using pythonNetwork programming using python
Network programming using pythonAli Nezhad
 
Secure Communications with VisualWorks - CSTUC 2006
Secure Communications with VisualWorks - CSTUC 2006Secure Communications with VisualWorks - CSTUC 2006
Secure Communications with VisualWorks - CSTUC 2006Martin Kobetic
 
Bash Scripting Workshop
Bash Scripting WorkshopBash Scripting Workshop
Bash Scripting WorkshopAhmed Magdy Ezzeldin, MSc.
 
SSH - Secure Shell
SSH - Secure ShellSSH - Secure Shell
SSH - Secure ShellPeter R. Egli
 
SSH Tunneling Recipes
SSH Tunneling RecipesSSH Tunneling Recipes
SSH Tunneling RecipesRafael Luque Leiva
 
Actor Based Asyncronous IO in Akka
Actor Based Asyncronous IO in AkkaActor Based Asyncronous IO in Akka
Actor Based Asyncronous IO in Akkadrewhk
 
Introduction to SSH
Introduction to SSHIntroduction to SSH
Introduction to SSHHemant Shah
 
Introduction to SSH & PGP
Introduction to SSH & PGPIntroduction to SSH & PGP
Introduction to SSH & PGPSarang Ananda Rao
 
Clojure@Nuday
Clojure@NudayClojure@Nuday
Clojure@NudayJosh Glover
 
Dmk blackops2006
Dmk blackops2006Dmk blackops2006
Dmk blackops2006Dan Kaminsky
 
Dmk bo2 k7_web
Dmk bo2 k7_webDmk bo2 k7_web
Dmk bo2 k7_webDan Kaminsky
 
Interpolique
InterpoliqueInterpolique
InterpoliqueDan Kaminsky
 

Weitere ähnliche Inhalte

Was ist angesagt?

OpenSSH: keep your secrets safe
OpenSSH: keep your secrets safeOpenSSH: keep your secrets safe
OpenSSH: keep your secrets safeGiovanni Bechis
 
September Ethereum Berlin Workshop
September Ethereum Berlin WorkshopSeptember Ethereum Berlin Workshop
September Ethereum Berlin Workshopaeronbuchanan
 
What happens when I press enter?
What happens when I press enter?What happens when I press enter?
What happens when I press enter?tobiassjosten
 
ClusterDesktop Socks5 Proxy
ClusterDesktop Socks5 ProxyClusterDesktop Socks5 Proxy
ClusterDesktop Socks5 ProxyEmil Parashkevov
 
FLOSS UK DEVOPS Spring 2015 Enhancing ssh config
FLOSS UK DEVOPS Spring 2015 Enhancing ssh configFLOSS UK DEVOPS Spring 2015 Enhancing ssh config
FLOSS UK DEVOPS Spring 2015 Enhancing ssh configdmp1304
 
OpenSMTPD: we deliver !!
OpenSMTPD: we deliver !!OpenSMTPD: we deliver !!
OpenSMTPD: we deliver !!Giovanni Bechis
 
openssh portforwarding and linux firewall
openssh portforwarding and linux firewallopenssh portforwarding and linux firewall
openssh portforwarding and linux firewallKhubaib Mahar
 
SIP Attack Handling (Kamailio World 2021)
SIP Attack Handling (Kamailio World 2021)SIP Attack Handling (Kamailio World 2021)
SIP Attack Handling (Kamailio World 2021)Fred Posner
 
Getting started with RDO Havana
Getting started with RDO HavanaGetting started with RDO Havana
Getting started with RDO HavanaDan Radez
 
Network programming using python
Network programming using pythonNetwork programming using python
Network programming using pythonAli Nezhad
 
Secure Communications with VisualWorks - CSTUC 2006
Secure Communications with VisualWorks - CSTUC 2006Secure Communications with VisualWorks - CSTUC 2006
Secure Communications with VisualWorks - CSTUC 2006Martin Kobetic
 
Actor Based Asyncronous IO in Akka
Actor Based Asyncronous IO in AkkaActor Based Asyncronous IO in Akka
Actor Based Asyncronous IO in Akkadrewhk
 
Introduction to SSH
Introduction to SSHIntroduction to SSH
Introduction to SSHHemant Shah
 

Was ist angesagt? (19)

Setting ubuntu server sebagai pc router
Setting ubuntu server sebagai pc routerSetting ubuntu server sebagai pc router
Setting ubuntu server sebagai pc router
 
OpenSSH: keep your secrets safe
OpenSSH: keep your secrets safeOpenSSH: keep your secrets safe
OpenSSH: keep your secrets safe
 
September Ethereum Berlin Workshop
September Ethereum Berlin WorkshopSeptember Ethereum Berlin Workshop
September Ethereum Berlin Workshop
 
What happens when I press enter?
What happens when I press enter?What happens when I press enter?
What happens when I press enter?
 
ClusterDesktop Socks5 Proxy
ClusterDesktop Socks5 ProxyClusterDesktop Socks5 Proxy
ClusterDesktop Socks5 Proxy
 
FLOSS UK DEVOPS Spring 2015 Enhancing ssh config
FLOSS UK DEVOPS Spring 2015 Enhancing ssh configFLOSS UK DEVOPS Spring 2015 Enhancing ssh config
FLOSS UK DEVOPS Spring 2015 Enhancing ssh config
 
OpenSMTPD: we deliver !!
OpenSMTPD: we deliver !!OpenSMTPD: we deliver !!
OpenSMTPD: we deliver !!
 
openssh portforwarding and linux firewall
openssh portforwarding and linux firewallopenssh portforwarding and linux firewall
openssh portforwarding and linux firewall
 
SIP Attack Handling (Kamailio World 2021)
SIP Attack Handling (Kamailio World 2021)SIP Attack Handling (Kamailio World 2021)
SIP Attack Handling (Kamailio World 2021)
 
Getting started with RDO Havana
Getting started with RDO HavanaGetting started with RDO Havana
Getting started with RDO Havana
 
Network programming using python
Network programming using pythonNetwork programming using python
Network programming using python
 
Secure Communications with VisualWorks - CSTUC 2006
Secure Communications with VisualWorks - CSTUC 2006Secure Communications with VisualWorks - CSTUC 2006
Secure Communications with VisualWorks - CSTUC 2006
 
Bash Scripting Workshop
Bash Scripting WorkshopBash Scripting Workshop
Bash Scripting Workshop
 
SSH - Secure Shell
SSH - Secure ShellSSH - Secure Shell
SSH - Secure Shell
 
SSH Tunneling Recipes
SSH Tunneling RecipesSSH Tunneling Recipes
SSH Tunneling Recipes
 
Actor Based Asyncronous IO in Akka
Actor Based Asyncronous IO in AkkaActor Based Asyncronous IO in Akka
Actor Based Asyncronous IO in Akka
 
Introduction to SSH
Introduction to SSHIntroduction to SSH
Introduction to SSH
 
Introduction to SSH & PGP
Introduction to SSH & PGPIntroduction to SSH & PGP
Introduction to SSH & PGP
 
Clojure@Nuday
Clojure@NudayClojure@Nuday
Clojure@Nuday
 

Andere mochten auch

Bh fed-03-kaminsky
Bh fed-03-kaminskyBh fed-03-kaminsky
Bh fed-03-kaminskyDan Kaminsky
 
120424 l blanco-urgoiti - productos químicos, reach y gas no convencional
120424 l blanco-urgoiti - productos químicos, reach y gas no convencional120424 l blanco-urgoiti - productos químicos, reach y gas no convencional
120424 l blanco-urgoiti - productos químicos, reach y gas no convencionalLuis Blanco Urgoiti
 
Love Creation Conference 2 Day Event!
Love Creation Conference 2 Day Event!Love Creation Conference 2 Day Event!
Love Creation Conference 2 Day Event!Mahastee
 
Haydon Kerk motion systems linear motion presentation 2010
Haydon Kerk motion systems linear motion presentation 2010Haydon Kerk motion systems linear motion presentation 2010
Haydon Kerk motion systems linear motion presentation 2010Electromate
 
LGMEDIA - 3 - INTERACTIVIDADE
LGMEDIA - 3 - INTERACTIVIDADELGMEDIA - 3 - INTERACTIVIDADE
LGMEDIA - 3 - INTERACTIVIDADEManuel Gago
 
ESIC - Professional Update - Social Media
ESIC - Professional Update - Social MediaESIC - Professional Update - Social Media
ESIC - Professional Update - Social MediaCoque Pons
 
Red de comunicaciones convergentes IP. El sistema nervioso del Hospital
Red de comunicaciones convergentes IP. El sistema nervioso del HospitalRed de comunicaciones convergentes IP. El sistema nervioso del Hospital
Red de comunicaciones convergentes IP. El sistema nervioso del HospitalAgustin Argelich Casals
 
232 md5-considered-harmful-slides
232 md5-considered-harmful-slides232 md5-considered-harmful-slides
232 md5-considered-harmful-slidesDan Kaminsky
 
Black ops of tcp2005 japan
Black ops of tcp2005 japanBlack ops of tcp2005 japan
Black ops of tcp2005 japanDan Kaminsky
 

Andere mochten auch (20)

Dmk blackops2006
Dmk blackops2006Dmk blackops2006
Dmk blackops2006
 
Dmk bo2 k7_web
Dmk bo2 k7_webDmk bo2 k7_web
Dmk bo2 k7_web
 
Interpolique
InterpoliqueInterpolique
Interpolique
 
Bh fed-03-kaminsky
Bh fed-03-kaminskyBh fed-03-kaminsky
Bh fed-03-kaminsky
 
Dmk neut toor
Dmk neut toorDmk neut toor
Dmk neut toor
 
120424 l blanco-urgoiti - productos químicos, reach y gas no convencional
120424 l blanco-urgoiti - productos químicos, reach y gas no convencional120424 l blanco-urgoiti - productos químicos, reach y gas no convencional
120424 l blanco-urgoiti - productos químicos, reach y gas no convencional
 
Love Creation Conference 2 Day Event!
Love Creation Conference 2 Day Event!Love Creation Conference 2 Day Event!
Love Creation Conference 2 Day Event!
 
Monografia my.. copia
Monografia my.. copiaMonografia my.. copia
Monografia my.. copia
 
Haydon Kerk motion systems linear motion presentation 2010
Haydon Kerk motion systems linear motion presentation 2010Haydon Kerk motion systems linear motion presentation 2010
Haydon Kerk motion systems linear motion presentation 2010
 
LGMEDIA - 3 - INTERACTIVIDADE
LGMEDIA - 3 - INTERACTIVIDADELGMEDIA - 3 - INTERACTIVIDADE
LGMEDIA - 3 - INTERACTIVIDADE
 
ESIC - Professional Update - Social Media
ESIC - Professional Update - Social MediaESIC - Professional Update - Social Media
ESIC - Professional Update - Social Media
 
Original Room Script
Original Room ScriptOriginal Room Script
Original Room Script
 
Red de comunicaciones convergentes IP. El sistema nervioso del Hospital
Red de comunicaciones convergentes IP. El sistema nervioso del HospitalRed de comunicaciones convergentes IP. El sistema nervioso del Hospital
Red de comunicaciones convergentes IP. El sistema nervioso del Hospital
 
Investigacion de incendios Dr.Javier Mata Vargas UANL
Investigacion de incendios Dr.Javier Mata Vargas UANLInvestigacion de incendios Dr.Javier Mata Vargas UANL
Investigacion de incendios Dr.Javier Mata Vargas UANL
 
232 md5-considered-harmful-slides
232 md5-considered-harmful-slides232 md5-considered-harmful-slides
232 md5-considered-harmful-slides
 
Dmk shmoo2007
Dmk shmoo2007Dmk shmoo2007
Dmk shmoo2007
 
Dmk bo2 k8_bh_fed
Dmk bo2 k8_bh_fedDmk bo2 k8_bh_fed
Dmk bo2 k8_bh_fed
 
Confidence web
Confidence webConfidence web
Confidence web
 
Black ops of tcp2005 japan
Black ops of tcp2005 japanBlack ops of tcp2005 japan
Black ops of tcp2005 japan
 
Bh eu 05-kaminsky
Bh eu 05-kaminskyBh eu 05-kaminsky
Bh eu 05-kaminsky
 

Ähnlich wie Advanced open ssh

Up and Running SSH Service - Part 2
Up and Running SSH Service - Part 2Up and Running SSH Service - Part 2
Up and Running SSH Service - Part 2GLC Networks
 
An introduction to SSH
An introduction to SSHAn introduction to SSH
An introduction to SSHnussbauml
 
Unit 13 network client
Unit 13 network clientUnit 13 network client
Unit 13 network clientroot_fibo
 
Plug-ins: Building, Shipping, Storing, and Running - Nandhini Santhanam and T...
Plug-ins: Building, Shipping, Storing, and Running - Nandhini Santhanam and T...Plug-ins: Building, Shipping, Storing, and Running - Nandhini Santhanam and T...
Plug-ins: Building, Shipping, Storing, and Running - Nandhini Santhanam and T...Docker, Inc.
 
Ssh
SshSsh
Sshgh02
 
青云虚拟机部署私有Docker Registry
青云虚拟机部署私有Docker Registry青云虚拟机部署私有Docker Registry
青云虚拟机部署私有Docker RegistryZhichao Liang
 
Compliance as Code: Velocity with Security - Fraser Pollock, Chef
Compliance as Code: Velocity with Security - Fraser Pollock, ChefCompliance as Code: Velocity with Security - Fraser Pollock, Chef
Compliance as Code: Velocity with Security - Fraser Pollock, ChefAlert Logic
 
Defeating The Network Security Infrastructure V1.0
Defeating The Network Security Infrastructure V1.0Defeating The Network Security Infrastructure V1.0
Defeating The Network Security Infrastructure V1.0Philippe Bogaerts
 
Using Secure Shell on Linux: What Everyone Should Know
Using Secure Shell on Linux: What Everyone Should KnowUsing Secure Shell on Linux: What Everyone Should Know
Using Secure Shell on Linux: What Everyone Should KnowNovell
 
SSH for pen-testers
SSH for pen-testersSSH for pen-testers
SSH for pen-testersE D Williams
 
Ondřej Šika: Docker, Traefik a CI - Mějte nasazené všeny větve na kterých pra...
Ondřej Šika: Docker, Traefik a CI - Mějte nasazené všeny větve na kterých pra...Ondřej Šika: Docker, Traefik a CI - Mějte nasazené všeny větve na kterých pra...
Ondřej Šika: Docker, Traefik a CI - Mějte nasazené všeny větve na kterých pra...Develcz
 
SSH: Seguranca no Acesso Remoto
SSH: Seguranca no Acesso RemotoSSH: Seguranca no Acesso Remoto
SSH: Seguranca no Acesso RemotoTiago Cruz
 

Ähnlich wie Advanced open ssh (20)

Ssh cookbook v2
Ssh cookbook v2Ssh cookbook v2
Ssh cookbook v2
 
Ssh cookbook
Ssh cookbookSsh cookbook
Ssh cookbook
 
Up and Running SSH Service - Part 2
Up and Running SSH Service - Part 2Up and Running SSH Service - Part 2
Up and Running SSH Service - Part 2
 
SSH.pdf
SSH.pdfSSH.pdf
SSH.pdf
 
An introduction to SSH
An introduction to SSHAn introduction to SSH
An introduction to SSH
 
Unit 13 network client
Unit 13 network clientUnit 13 network client
Unit 13 network client
 
Intro to SSH
Intro to SSHIntro to SSH
Intro to SSH
 
Sshstuff
SshstuffSshstuff
Sshstuff
 
Plug-ins: Building, Shipping, Storing, and Running - Nandhini Santhanam and T...
Plug-ins: Building, Shipping, Storing, and Running - Nandhini Santhanam and T...Plug-ins: Building, Shipping, Storing, and Running - Nandhini Santhanam and T...
Plug-ins: Building, Shipping, Storing, and Running - Nandhini Santhanam and T...
 
tutorial-ssh.pdf
tutorial-ssh.pdftutorial-ssh.pdf
tutorial-ssh.pdf
 
Ssh
SshSsh
Ssh
 
3-sdn-lab.pdf
3-sdn-lab.pdf3-sdn-lab.pdf
3-sdn-lab.pdf
 
青云虚拟机部署私有Docker Registry
青云虚拟机部署私有Docker Registry青云虚拟机部署私有Docker Registry
青云虚拟机部署私有Docker Registry
 
Compliance as Code: Velocity with Security - Fraser Pollock, Chef
Compliance as Code: Velocity with Security - Fraser Pollock, ChefCompliance as Code: Velocity with Security - Fraser Pollock, Chef
Compliance as Code: Velocity with Security - Fraser Pollock, Chef
 
Defeating The Network Security Infrastructure V1.0
Defeating The Network Security Infrastructure V1.0Defeating The Network Security Infrastructure V1.0
Defeating The Network Security Infrastructure V1.0
 
Linuxserver harden
Linuxserver hardenLinuxserver harden
Linuxserver harden
 
Using Secure Shell on Linux: What Everyone Should Know
Using Secure Shell on Linux: What Everyone Should KnowUsing Secure Shell on Linux: What Everyone Should Know
Using Secure Shell on Linux: What Everyone Should Know
 
SSH for pen-testers
SSH for pen-testersSSH for pen-testers
SSH for pen-testers
 
Ondřej Šika: Docker, Traefik a CI - Mějte nasazené všeny větve na kterých pra...
Ondřej Šika: Docker, Traefik a CI - Mějte nasazené všeny větve na kterých pra...Ondřej Šika: Docker, Traefik a CI - Mějte nasazené všeny větve na kterých pra...
Ondřej Šika: Docker, Traefik a CI - Mějte nasazené všeny větve na kterých pra...
 
SSH: Seguranca no Acesso Remoto
SSH: Seguranca no Acesso RemotoSSH: Seguranca no Acesso Remoto
SSH: Seguranca no Acesso Remoto
 

Mehr von Dan Kaminsky

Bugs Aren't Random
Bugs Aren't RandomBugs Aren't Random
Bugs Aren't RandomDan Kaminsky
 
Wo defensive trickery_13mar2017
Wo defensive trickery_13mar2017Wo defensive trickery_13mar2017
Wo defensive trickery_13mar2017Dan Kaminsky
 
Move Fast and Fix Things
Move Fast and Fix ThingsMove Fast and Fix Things
Move Fast and Fix ThingsDan Kaminsky
 
A Technical Dive into Defensive Trickery
A Technical Dive into Defensive TrickeryA Technical Dive into Defensive Trickery
A Technical Dive into Defensive TrickeryDan Kaminsky
 
I Want These * Bugs Off My * Internet
I Want These * Bugs Off My * InternetI Want These * Bugs Off My * Internet
I Want These * Bugs Off My * InternetDan Kaminsky
 
Yet Another Dan Kaminsky Talk (Black Ops 2014)
Yet Another Dan Kaminsky Talk (Black Ops 2014)Yet Another Dan Kaminsky Talk (Black Ops 2014)
Yet Another Dan Kaminsky Talk (Black Ops 2014)Dan Kaminsky
 
Chicken Chicken Chicken Chicken
Chicken Chicken Chicken ChickenChicken Chicken Chicken Chicken
Chicken Chicken Chicken ChickenDan Kaminsky
 
Some Thoughts On Bitcoin
Some Thoughts On BitcoinSome Thoughts On Bitcoin
Some Thoughts On BitcoinDan Kaminsky
 
Black Ops of TCP/IP 2011 (Black Hat USA 2011)
Black Ops of TCP/IP 2011 (Black Hat USA 2011)Black Ops of TCP/IP 2011 (Black Hat USA 2011)
Black Ops of TCP/IP 2011 (Black Hat USA 2011)Dan Kaminsky
 
Showing How Security Has (And Hasn't) Improved, After Ten Years Of Trying
Showing How Security Has (And Hasn't) Improved, After Ten Years Of TryingShowing How Security Has (And Hasn't) Improved, After Ten Years Of Trying
Showing How Security Has (And Hasn't) Improved, After Ten Years Of TryingDan Kaminsky
 
Domain Key Infrastructure (From Black Hat USA)
Domain Key Infrastructure (From Black Hat USA)Domain Key Infrastructure (From Black Hat USA)
Domain Key Infrastructure (From Black Hat USA)Dan Kaminsky
 
Dmk sb2010 web_defense
Dmk sb2010 web_defenseDmk sb2010 web_defense
Dmk sb2010 web_defenseDan Kaminsky
 
Bh us-02-kaminsky-blackops
Bh us-02-kaminsky-blackopsBh us-02-kaminsky-blackops
Bh us-02-kaminsky-blackopsDan Kaminsky
 

Mehr von Dan Kaminsky (20)

Bugs Aren't Random
Bugs Aren't RandomBugs Aren't Random
Bugs Aren't Random
 
Wo defensive trickery_13mar2017
Wo defensive trickery_13mar2017Wo defensive trickery_13mar2017
Wo defensive trickery_13mar2017
 
Move Fast and Fix Things
Move Fast and Fix ThingsMove Fast and Fix Things
Move Fast and Fix Things
 
A Technical Dive into Defensive Trickery
A Technical Dive into Defensive TrickeryA Technical Dive into Defensive Trickery
A Technical Dive into Defensive Trickery
 
Chicken
ChickenChicken
Chicken
 
I Want These * Bugs Off My * Internet
I Want These * Bugs Off My * InternetI Want These * Bugs Off My * Internet
I Want These * Bugs Off My * Internet
 
Yet Another Dan Kaminsky Talk (Black Ops 2014)
Yet Another Dan Kaminsky Talk (Black Ops 2014)Yet Another Dan Kaminsky Talk (Black Ops 2014)
Yet Another Dan Kaminsky Talk (Black Ops 2014)
 
Chicken Chicken Chicken Chicken
Chicken Chicken Chicken ChickenChicken Chicken Chicken Chicken
Chicken Chicken Chicken Chicken
 
Black ops 2012
Black ops 2012Black ops 2012
Black ops 2012
 
Some Thoughts On Bitcoin
Some Thoughts On BitcoinSome Thoughts On Bitcoin
Some Thoughts On Bitcoin
 
Black Ops of TCP/IP 2011 (Black Hat USA 2011)
Black Ops of TCP/IP 2011 (Black Hat USA 2011)Black Ops of TCP/IP 2011 (Black Hat USA 2011)
Black Ops of TCP/IP 2011 (Black Hat USA 2011)
 
Showing How Security Has (And Hasn't) Improved, After Ten Years Of Trying
Showing How Security Has (And Hasn't) Improved, After Ten Years Of TryingShowing How Security Has (And Hasn't) Improved, After Ten Years Of Trying
Showing How Security Has (And Hasn't) Improved, After Ten Years Of Trying
 
Domain Key Infrastructure (From Black Hat USA)
Domain Key Infrastructure (From Black Hat USA)Domain Key Infrastructure (From Black Hat USA)
Domain Key Infrastructure (From Black Hat USA)
 
Interpolique
InterpoliqueInterpolique
Interpolique
 
Dmk sb2010 web_defense
Dmk sb2010 web_defenseDmk sb2010 web_defense
Dmk sb2010 web_defense
 
Black opspki 2
Black opspki 2Black opspki 2
Black opspki 2
 
Bh us-02-kaminsky-blackops
Bh us-02-kaminsky-blackopsBh us-02-kaminsky-blackops
Bh us-02-kaminsky-blackops
 
Bh eu 05-kaminsky
Bh eu 05-kaminskyBh eu 05-kaminsky
Bh eu 05-kaminsky
 
Dmk audioviz
Dmk audiovizDmk audioviz
Dmk audioviz
 
Bo2004
Bo2004Bo2004
Bo2004
 

Advanced open ssh

  • 1. Visit www.syngress.com/hackproofing for great prices on all our Hack Proofing titles 781.681.5151 Fax 781.681.3585 www.syngress.com GIG-5295_4/02_5m Exporting SSH Connectivity to a Client Export access to our SSH daemon to some client’s local port 2022: ssh –R2022:127.0.0.1:22 user@client Connect back through an exported port forward, while verifying the server’s identity: ssh –O HostKeyAlias=backend_host user@127.0.0.1 It’s possible to both import and export, creating a “floating bas- tion host” both hosts meet at. Other Things to Do with OpenSSH Copy a file to a remote host: scp file user@host:/path Copy a file over a local port forward: scp –o ‘HostKeyAlias back- end_host’ –o ‘Port 2022’ file user@backend_host:/tmp Synchronize a file with a remote host (only update what’s neces- sary): rsync –e ssh file user@host:/path/file Specify SSH1 for rsync: rsync –e “ssh –1” file user@host:/path/file Rsync through a HTTP Tunnel Start HTTPTunnel Server: hts 10080 –F 127.0.0.1:22 Start HTTPTunnel Client: htc –F 10022 –P proxy_host:8888 host:10080 Rsync entire directory through file, with details: rsync –v –r –e “ssh –o HostKeyAlias=host path user@127.0.0.1:/path Directly burn a CD over SSH: mkisofs –JR path/ | ssh user@burn- ing_host “cdrecord dev=scsi_id speed=# -“ Burn a CD over SSH after caching the data on the remote host: mkisofs –JR path/ | ssh user@host “cat > /tmp/burn.iso && cdrecord dev=scsi_id speed=# /tmp/burn.iso && rm /tmp/burn.iso” Forward all MP3 data sent to localhost:18001 to an mp3 decoder on a remote server: ssh -L18001:127.0.0.1:18001 effugas@10.0.1.11 “nc -l -p 18001 -e ./plaympg.sh” (plaympg.sh contents: #!/bin/sh -c ‘echo OK; exec mpg123 -) 5295_Syngress Booklet-PostCard 4/11/02 2:48 PM Page 1
  • 2. Basic SSH Connect to host as user: ssh user@host Connect to host as user, alternate port: ssh –p port user@host OpenSSH Public Key Authentication Generate SSH1 / SSH2 keypair: ssh-keygen / ssh-keygen –t dsa Cause remote host to accept SSH1 keypair in lieu of password: cat ~/.ssh/identity.pub | ssh -1 effugas@10.0.1.10 “cd ~ && umask 077 && mkdir -p .ssh && cat >> ~/.ssh/authorized_keys” Cause remote host to accept SSH2 keypair in lieu of password: cat ~/.ssh/id_dsa.pub | ssh effugas@10.0.1.10 “cd ~ && umask 077 && mkdir -p .ssh && cat >> ~/.ssh/authorized_keys2” Add passphrase to SSH1 / SSH2 key: ssh-keygen.exe –p / ssh-keygen.exe -d –p Start SSH key agent (prevents you from having to type passphrase each time): ssh-agent bash Add SSH1 / SSH2 key to agent: ssh-add / ssh-add ~/.ssh/id_dsa OpenSSH Command Forwarding Execute command remotely: ssh user@host command Pipe output from remote command into local command: ssh user@host “remote_command” | “local_command” Get File: ssh user@host “cat file” > file Put File: cat file | ssh user@host “cat > file” List Directory: ssh user@host ls /path Get Many Files: ssh user@host “tar cf - /path” | tar –xf – Put Many Files: tar –cf - /path | ssh user@host“tar –xf –” Resume a download: ssh user@host “tail –c remote_filesize –local_filesize file” >> file Resume an upload: tail –c local_filesize-remote_filesize file >> file Safely switch users: ssh user@host -t “/bin/su –l user2” OpenSSH Port Forwarding Forward local port 6667 to some random host’s port 6667 as accessed through an SSH daemon: ssh user@host -L6667:remotely_visible_host:6667 Dynamically forward local port 1080 to some application specified host and port, accessed through an SSH daemon: ssh user@host -D1080 Forward remote port 5900 to some random host’s port 5900 as accessible by our own SSH client: ssh user@host -R5900:locally_visible_host:5900 Using OpenSSH ProxyCommands Basic Usage: ssh –o ProxyCommand=”command” user@port Use netcat instead of internal TCP socket to connect to remote host. ssh -o ProxyCommand=”nc %h %p” user@host Use Goto’s connect.c to route through SOCKS4 daemon on proxy_host:20080 to connect to remote host: ssh -o ProxyCommand=”connect -4 -S proxy_user@proxy:20080 %h %p” user@host Use Goto’s connect.c to route through SOCKS5 daemon on proxy_host:20080 to connect to remote host: ssh -o ProxyCommand=”connect -5 -S proxy_user@proxy:20080 %h %p” user@host Use Goto’s connect.c to route through HTTP daemon on proxy_host:20080 to connect to remote host: ssh -o ProxyCommand=”connect -H proxy_user@proxy:20080 %h %p” user@host Using HTTPTunnel with OpenSSH Forward HTTP traffic from local port 10080 to the SSH daemon on local- host: hts 10080 -F 127.0.0.1:22 Listen for SSH traffic on port 10022, translate it into HTTP-friendly pack- ets and throw it through the proxy on proxy_host:8888, and have it deliv- ered to the httptunnel server on host:10080: htc -F 10022 -P proxy_host:8888 host:10080 Send traffic to localhost port 10022, but make sure we verify our eventual forwarding to the final host: ssh -o HostKeyAlias=host -o Port=10022 user@127.0.0.1 Importing Access from a Bastion Host Set up a local forward to an SSH daemon accessible through a bastion host: ssh L2022:backend_host:22 user@bastion Independently connect to the SSH daemon made accessible above: ssh -o HostKeyAlias=backend_host –p 2022 root@127.0.0.1 Set up a dynamic forwarder to access the network visible behind some bas- tion host: ssh –D1080 user@bastion Connect to some SSH daemon visible to the bastion host connected to above: ssh -o ProxyCommand=”connect -4 -S 127.0.0.1:1080 %h %p” user@back- end_host Set up no advance forwarder; directly issue a command to the bastion host to link you with some backend host: ssh -o ProxyCommand=”ssh user@bas- tion nc %h %p” user@backend_host (continued on back) 5295_Syngress Booklet-PostCard 4/11/02 2:48 PM Page 2