Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
SlideShare a Scribd company logo

OpenSSH tricks

This document discusses OpenSSH and provides tricks for using SSH. It begins by explaining what SSH is and why it is important for secure remote access. It then discusses installing OpenSSH and basic SSH usage like remote login. The document covers additional SSH features like executing commands remotely, file transfers using SCP and SFTP, public key authentication, and default configuration files. It provides examples of SSH port forwarding, comparing remote and local files, and mounting remote folders. The document concludes with a list of "best SSH tricks" including enabling password-less login and starting tunnels.

1 of 55
Download to read offline

1

. . OpenSSH tricks Assem Chelli assem.ch@gmail.com (@assem_ch) Hacknowledge Contest Algeria 2013 . Assem Chelli OpenSSH tricks . . . . .

2

. What is SSH? SSH: Secure SHell, a Network protocol Created by Tatu Ylonen (1995) Secure logging into remote computer Public key authentication (!Password), Authentication of the server (!MAN-IN-THE-MIDDLE ) Encryption, Integrity more features: Stream Compression Port forwarding X11 sessions forwarding File transfer . Assem Chelli OpenSSH tricks . . . . .

3

. WHY SSH IS SO IMPORTANT? IP spoofing IP source routing DNS spoofing Password sniffing Manipulation of transfer data Atack on X11 (sniffing on authorization) . Assem Chelli OpenSSH tricks . . . . .

4

. Install Open SSH SSH is so resricted , OPEN SSH is free! openssh-client , openssh-server sudo apt-get install openssh-client openssh-server sudo yum install openssh-client openssh-server WINDOWS: download & install PuTTY http://www.chiark.greenend.org.uk/ sgtatham/putty/ . Assem Chelli OpenSSH tricks . . . . .

5

. Basic SSH usage Remote login ssh hostname ssh -l user hostname ssh user@hostname cd:41:70:30:48:07:16:81:e5:30:34:66:f1:56:ef:db RSA key fingerprint —> yes / no (Public Key authentification) host’s password: _______ (Password authentification) known hosts ~/.ssh/known_hosts . Assem Chelli OpenSSH tricks . . . . .

6

. Basic SSH usage Remote login ssh hostname ssh -l user hostname ssh user@hostname cd:41:70:30:48:07:16:81:e5:30:34:66:f1:56:ef:db RSA key fingerprint —> yes / no (Public Key authentification) host’s password: _______ (Password authentification) known hosts ~/.ssh/known_hosts . Assem Chelli OpenSSH tricks . . . . .

7

. Omar in the middle! let’s play SERVER role! We put Server offline Someone fix his IP as the same IP of server Now try login again ssh host @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that the RSA host key has just been changed. . Assem Chelli OpenSSH tricks . . . . .

8

. Omar in the middle! let’s play SERVER role! We put Server offline Someone fix his IP as the same IP of server Now try login again ssh host @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that the RSA host key has just been changed. . Assem Chelli OpenSSH tricks . . . . .

9

. SSH replaces telnet. ssh host.domena.pl ssh user@host.domena.pl ssh -l user host.domena.pl . Assem Chelli OpenSSH tricks . . . . .

10

. SSH replaces FTP. sftp host.domena.pl sftp> dir . Assem Chelli OpenSSH tricks . . . . .

11

. SSH replaces r-command . rexec ssh host "cat /etc/passwd" rlogin ssh user@host rcp scp file host.domena.pl . Assem Chelli OpenSSH tricks . . . . .

12

. Executing commands remotely ssh host netstat ssh host "ls -C /bin" ssh host “cat /etc/passwd” ssh host “vi /tmp/foo ” ssh -t host vi /tmp/foo . Assem Chelli OpenSSH tricks . . . . .

13

. Executing commands remotely ssh host netstat ssh host "ls -C /bin" ssh host “cat /etc/passwd” ssh host “vi /tmp/foo ” ssh -t host vi /tmp/foo . Assem Chelli OpenSSH tricks . . . . .

14

. Redirecting commands input and output ssh host "ls /bin | grep -i rm" ssh host "ls /bin" | grep -i rm ssh host "cat /etc/passwd" > remote_passwd ssh host "psql billing" < billing.sql | grep -v ^INFO . Assem Chelli OpenSSH tricks . . . . .

15

. Redirecting commands input and output ssh host "ls /bin | grep -i rm" ssh host "ls /bin" | grep -i rm ssh host "cat /etc/passwd" > remote_passwd ssh host "psql billing" < billing.sql | grep -v ^INFO . Assem Chelli OpenSSH tricks . . . . .

16

. File transfer scp scp [user1@]host1:/path/to/source/file [user2@]host2:/path/to/destination/file scp -r sftp sftp host sftp> cd /usr/share/games sftp> ls sftp> lcd /tmp get c* quit tar-over-ssh ssh host "cd /usr/share/games ; tar cf - ./a*" | > (cd /tmp ; tar xpvf -) rsync rsync -ve ssh host:/bin/c* /tmp . Assem Chelli OpenSSH tricks . . . . .

17

. Public Keys Generate a public key ssh-keygen -t rsa cat ~/.ssh/id_rsa.pub Authentification ssh-add -l Restrictions cat ~/.ssh/authorized_keys . Assem Chelli OpenSSH tricks . . . . .

18

. Default Config Files and SSH Port /etc/ssh/sshd_config - OpenSSH server configuration file. /etc/ssh/ssh_config - OpenSSH client configuration file. ~/.ssh/ - Users ssh configuration directory. ~/.ssh/authorized_keys - Lists the public keys (RSA or DSA) that can be used to log into the users account /etc/nologin - If this file exists, sshd refuses to let anyone except root log in. /etc/hosts.allow and /etc/hosts.deny : Access controls lists that should be enforced by tcp-wrappers are defined here. SSH default port : TCP ?? . Assem Chelli OpenSSH tricks . . . . .

19

. Default Config Files and SSH Port /etc/ssh/sshd_config - OpenSSH server configuration file. /etc/ssh/ssh_config - OpenSSH client configuration file. ~/.ssh/ - Users ssh configuration directory. ~/.ssh/authorized_keys - Lists the public keys (RSA or DSA) that can be used to log into the users account /etc/nologin - If this file exists, sshd refuses to let anyone except root log in. /etc/hosts.allow and /etc/hosts.deny : Access controls lists that should be enforced by tcp-wrappers are defined here. SSH default port : TCP ?? . Assem Chelli OpenSSH tricks . . . . .

20

. Default Config Files and SSH Port /etc/ssh/sshd_config - OpenSSH server configuration file. /etc/ssh/ssh_config - OpenSSH client configuration file. ~/.ssh/ - Users ssh configuration directory. ~/.ssh/authorized_keys - Lists the public keys (RSA or DSA) that can be used to log into the users account /etc/nologin - If this file exists, sshd refuses to let anyone except root log in. /etc/hosts.allow and /etc/hosts.deny : Access controls lists that should be enforced by tcp-wrappers are defined here. SSH default port : TCP ?? . Assem Chelli OpenSSH tricks . . . . .

21

. Default Config Files and SSH Port /etc/ssh/sshd_config - OpenSSH server configuration file. /etc/ssh/ssh_config - OpenSSH client configuration file. ~/.ssh/ - Users ssh configuration directory. ~/.ssh/authorized_keys - Lists the public keys (RSA or DSA) that can be used to log into the users account /etc/nologin - If this file exists, sshd refuses to let anyone except root log in. /etc/hosts.allow and /etc/hosts.deny : Access controls lists that should be enforced by tcp-wrappers are defined here. SSH default port : TCP ?? . Assem Chelli OpenSSH tricks . . . . .

22

. Default Config Files and SSH Port /etc/ssh/sshd_config - OpenSSH server configuration file. /etc/ssh/ssh_config - OpenSSH client configuration file. ~/.ssh/ - Users ssh configuration directory. ~/.ssh/authorized_keys - Lists the public keys (RSA or DSA) that can be used to log into the users account /etc/nologin - If this file exists, sshd refuses to let anyone except root log in. /etc/hosts.allow and /etc/hosts.deny : Access controls lists that should be enforced by tcp-wrappers are defined here. SSH default port : TCP ?? . Assem Chelli OpenSSH tricks . . . . .

23

. Default Config Files and SSH Port /etc/ssh/sshd_config - OpenSSH server configuration file. /etc/ssh/ssh_config - OpenSSH client configuration file. ~/.ssh/ - Users ssh configuration directory. ~/.ssh/authorized_keys - Lists the public keys (RSA or DSA) that can be used to log into the users account /etc/nologin - If this file exists, sshd refuses to let anyone except root log in. /etc/hosts.allow and /etc/hosts.deny : Access controls lists that should be enforced by tcp-wrappers are defined here. SSH default port : TCP ?? . Assem Chelli OpenSSH tricks . . . . .

24

. Default Config Files and SSH Port /etc/ssh/sshd_config - OpenSSH server configuration file. /etc/ssh/ssh_config - OpenSSH client configuration file. ~/.ssh/ - Users ssh configuration directory. ~/.ssh/authorized_keys - Lists the public keys (RSA or DSA) that can be used to log into the users account /etc/nologin - If this file exists, sshd refuses to let anyone except root log in. /etc/hosts.allow and /etc/hosts.deny : Access controls lists that should be enforced by tcp-wrappers are defined here. SSH default port : TCP ?? . Assem Chelli OpenSSH tricks . . . . .

25

. BEST SSH Tricks 1 . Copy ssh keys to user@host to enable password-less ssh logins 1 ssh-copy-id user@host . Start a tunnel from some machines port 80 to your local post 2001 2 ssh -N -L2001:localhost:80 somemachine . Output your microphone to a remote computers speaker 3 dd if=/dev/dsp | ssh -c arcfour -C username@host dd of=/dev/dsp . Compare a remote file with a local file 4 ssh user@host cat /path/to/remotefile | diff /path/to/localfile - . Mount folder/filesystem through SSH 5 ss hfs name@server:/path/to/folder /path/to/mount/point . Assem Chelli OpenSSH tricks . . . . .

26

. BEST SSH Tricks 1 . Copy ssh keys to user@host to enable password-less ssh logins 1 ssh-copy-id user@host . Start a tunnel from some machines port 80 to your local post 2001 2 ssh -N -L2001:localhost:80 somemachine . Output your microphone to a remote computers speaker 3 dd if=/dev/dsp | ssh -c arcfour -C username@host dd of=/dev/dsp . Compare a remote file with a local file 4 ssh user@host cat /path/to/remotefile | diff /path/to/localfile - . Mount folder/filesystem through SSH 5 ss hfs name@server:/path/to/folder /path/to/mount/point . Assem Chelli OpenSSH tricks . . . . .

27

. BEST SSH Tricks 1 . Copy ssh keys to user@host to enable password-less ssh logins 1 ssh-copy-id user@host . Start a tunnel from some machines port 80 to your local post 2001 2 ssh -N -L2001:localhost:80 somemachine . Output your microphone to a remote computers speaker 3 dd if=/dev/dsp | ssh -c arcfour -C username@host dd of=/dev/dsp . Compare a remote file with a local file 4 ssh user@host cat /path/to/remotefile | diff /path/to/localfile - . Mount folder/filesystem through SSH 5 ss hfs name@server:/path/to/folder /path/to/mount/point . Assem Chelli OpenSSH tricks . . . . .

28

. BEST SSH Tricks 1 . Copy ssh keys to user@host to enable password-less ssh logins 1 ssh-copy-id user@host . Start a tunnel from some machines port 80 to your local post 2001 2 ssh -N -L2001:localhost:80 somemachine . Output your microphone to a remote computers speaker 3 dd if=/dev/dsp | ssh -c arcfour -C username@host dd of=/dev/dsp . Compare a remote file with a local file 4 ssh user@host cat /path/to/remotefile | diff /path/to/localfile - . Mount folder/filesystem through SSH 5 ss hfs name@server:/path/to/folder /path/to/mount/point . Assem Chelli OpenSSH tricks . . . . .

29

. BEST SSH Tricks 1 . Copy ssh keys to user@host to enable password-less ssh logins 1 ssh-copy-id user@host . Start a tunnel from some machines port 80 to your local post 2001 2 ssh -N -L2001:localhost:80 somemachine . Output your microphone to a remote computers speaker 3 dd if=/dev/dsp | ssh -c arcfour -C username@host dd of=/dev/dsp . Compare a remote file with a local file 4 ssh user@host cat /path/to/remotefile | diff /path/to/localfile - . Mount folder/filesystem through SSH 5 ss hfs name@server:/path/to/folder /path/to/mount/point . Assem Chelli OpenSSH tricks . . . . .

30

. BEST SSH Tricks 2 . SSH connection through host in the middle 1 ssh -t reachable_host ssh unreachable_host . Copy from host1 to host2, through your host 2 ssh root@host1 cd /somedir/tocopy/ && tar -cf . | ssh root@host2 cd /samedir/tocopyto/ && tar -xf - . Run any GUI program remotely 3 ssh -fX @ . Create a persistent connection to a machine 4 ssh -MNf @ . Attach screen over ssh 5 ssh -t remote_host screen -r . Assem Chelli OpenSSH tricks . . . . .

31

. BEST SSH Tricks 2 . SSH connection through host in the middle 1 ssh -t reachable_host ssh unreachable_host . Copy from host1 to host2, through your host 2 ssh root@host1 cd /somedir/tocopy/ && tar -cf . | ssh root@host2 cd /samedir/tocopyto/ && tar -xf - . Run any GUI program remotely 3 ssh -fX @ . Create a persistent connection to a machine 4 ssh -MNf @ . Attach screen over ssh 5 ssh -t remote_host screen -r . Assem Chelli OpenSSH tricks . . . . .

32

. BEST SSH Tricks 2 . SSH connection through host in the middle 1 ssh -t reachable_host ssh unreachable_host . Copy from host1 to host2, through your host 2 ssh root@host1 cd /somedir/tocopy/ && tar -cf . | ssh root@host2 cd /samedir/tocopyto/ && tar -xf - . Run any GUI program remotely 3 ssh -fX @ . Create a persistent connection to a machine 4 ssh -MNf @ . Attach screen over ssh 5 ssh -t remote_host screen -r . Assem Chelli OpenSSH tricks . . . . .

33

. BEST SSH Tricks 2 . SSH connection through host in the middle 1 ssh -t reachable_host ssh unreachable_host . Copy from host1 to host2, through your host 2 ssh root@host1 cd /somedir/tocopy/ && tar -cf . | ssh root@host2 cd /samedir/tocopyto/ && tar -xf - . Run any GUI program remotely 3 ssh -fX @ . Create a persistent connection to a machine 4 ssh -MNf @ . Attach screen over ssh 5 ssh -t remote_host screen -r . Assem Chelli OpenSSH tricks . . . . .

34

. BEST SSH Tricks 2 . SSH connection through host in the middle 1 ssh -t reachable_host ssh unreachable_host . Copy from host1 to host2, through your host 2 ssh root@host1 cd /somedir/tocopy/ && tar -cf . | ssh root@host2 cd /samedir/tocopyto/ && tar -xf - . Run any GUI program remotely 3 ssh -fX @ . Create a persistent connection to a machine 4 ssh -MNf @ . Attach screen over ssh 5 ssh -t remote_host screen -r . Assem Chelli OpenSSH tricks . . . . .

35

. BEST SSH Tricks 3 . Run complex remote shell cmds over ssh 1 ssh host -l user $( ssh host -l user cat cmd.txt . Resume scp of a big file 2 rsync partial progress rsh=ssh $file_source $user@$host:$destination_file . Analyze traffic remotely over ssh w/ wireshark 3 ssh root@server.com tshark -f port !22 -w - | wireshark -k -i - . Have an ssh session open forever 4 autossh -M50000 -t server.example.com screen -raAd mysession . Harder, Faster, Stronger SSH clients 5 ssh -4 -C -c blowfish-cbc . Assem Chelli OpenSSH tricks . . . . .

36

. BEST SSH Tricks 3 . Run complex remote shell cmds over ssh 1 ssh host -l user $( ssh host -l user cat cmd.txt . Resume scp of a big file 2 rsync partial progress rsh=ssh $file_source $user@$host:$destination_file . Analyze traffic remotely over ssh w/ wireshark 3 ssh root@server.com tshark -f port !22 -w - | wireshark -k -i - . Have an ssh session open forever 4 autossh -M50000 -t server.example.com screen -raAd mysession . Harder, Faster, Stronger SSH clients 5 ssh -4 -C -c blowfish-cbc . Assem Chelli OpenSSH tricks . . . . .

37

. BEST SSH Tricks 3 . Run complex remote shell cmds over ssh 1 ssh host -l user $( ssh host -l user cat cmd.txt . Resume scp of a big file 2 rsync partial progress rsh=ssh $file_source $user@$host:$destination_file . Analyze traffic remotely over ssh w/ wireshark 3 ssh root@server.com tshark -f port !22 -w - | wireshark -k -i - . Have an ssh session open forever 4 autossh -M50000 -t server.example.com screen -raAd mysession . Harder, Faster, Stronger SSH clients 5 ssh -4 -C -c blowfish-cbc . Assem Chelli OpenSSH tricks . . . . .

38

. BEST SSH Tricks 3 . Run complex remote shell cmds over ssh 1 ssh host -l user $( ssh host -l user cat cmd.txt . Resume scp of a big file 2 rsync partial progress rsh=ssh $file_source $user@$host:$destination_file . Analyze traffic remotely over ssh w/ wireshark 3 ssh root@server.com tshark -f port !22 -w - | wireshark -k -i - . Have an ssh session open forever 4 autossh -M50000 -t server.example.com screen -raAd mysession . Harder, Faster, Stronger SSH clients 5 ssh -4 -C -c blowfish-cbc . Assem Chelli OpenSSH tricks . . . . .

39

. BEST SSH Tricks 3 . Run complex remote shell cmds over ssh 1 ssh host -l user $( ssh host -l user cat cmd.txt . Resume scp of a big file 2 rsync partial progress rsh=ssh $file_source $user@$host:$destination_file . Analyze traffic remotely over ssh w/ wireshark 3 ssh root@server.com tshark -f port !22 -w - | wireshark -k -i - . Have an ssh session open forever 4 autossh -M50000 -t server.example.com screen -raAd mysession . Harder, Faster, Stronger SSH clients 5 ssh -4 -C -c blowfish-cbc . Assem Chelli OpenSSH tricks . . . . .

40

. Best SSH tricks 4 . Disable OpenSSH Server 1 apt-get remove openssh-server (ubuntu ) chkconfig sshd off && yum erase openssh-server (fedora) . Force to use SSH protocole 2 because SSH-1 is vulnerable (Man-in-the-middle attacks) 2 in /etc/ssh/sshd_config add the line: Protocol 2 . Limit root or Users’ SSH Access 3 in /etc/ssh/sshd_config find&modify the line: AllowUsers root assem or find&modify the line: DenyUsers omar zaki ali-baba or find&modify the line: PermitRootLogin no or create /etc/nologin . Enable a Warning Banner 4 in /etc/ssh/sshd_config add the line: Banner /etc/issue . Assem Chelli OpenSSH tricks . . . . .

41

. Best SSH tricks 4 . Disable OpenSSH Server 1 apt-get remove openssh-server (ubuntu ) chkconfig sshd off && yum erase openssh-server (fedora) . Force to use SSH protocole 2 because SSH-1 is vulnerable (Man-in-the-middle attacks) 2 in /etc/ssh/sshd_config add the line: Protocol 2 . Limit root or Users’ SSH Access 3 in /etc/ssh/sshd_config find&modify the line: AllowUsers root assem or find&modify the line: DenyUsers omar zaki ali-baba or find&modify the line: PermitRootLogin no or create /etc/nologin . Enable a Warning Banner 4 in /etc/ssh/sshd_config add the line: Banner /etc/issue . Assem Chelli OpenSSH tricks . . . . .

42

. Best SSH tricks 4 . Disable OpenSSH Server 1 apt-get remove openssh-server (ubuntu ) chkconfig sshd off && yum erase openssh-server (fedora) . Force to use SSH protocole 2 because SSH-1 is vulnerable (Man-in-the-middle attacks) 2 in /etc/ssh/sshd_config add the line: Protocol 2 . Limit root or Users’ SSH Access 3 in /etc/ssh/sshd_config find&modify the line: AllowUsers root assem or find&modify the line: DenyUsers omar zaki ali-baba or find&modify the line: PermitRootLogin no or create /etc/nologin . Enable a Warning Banner 4 in /etc/ssh/sshd_config add the line: Banner /etc/issue . Assem Chelli OpenSSH tricks . . . . .

43

. Best SSH tricks 4 . Disable OpenSSH Server 1 apt-get remove openssh-server (ubuntu ) chkconfig sshd off && yum erase openssh-server (fedora) . Force to use SSH protocole 2 because SSH-1 is vulnerable (Man-in-the-middle attacks) 2 in /etc/ssh/sshd_config add the line: Protocol 2 . Limit root or Users’ SSH Access 3 in /etc/ssh/sshd_config find&modify the line: AllowUsers root assem or find&modify the line: DenyUsers omar zaki ali-baba or find&modify the line: PermitRootLogin no or create /etc/nologin . Enable a Warning Banner 4 in /etc/ssh/sshd_config add the line: Banner /etc/issue . Assem Chelli OpenSSH tricks . . . . .

44

. Best SSH tricks 5 . Change SSH port 1 in /etc/ssh/sshd_config find&modify the line: Port 300 . Deny empty passwords 2 in /etc/ssh/sshd_config find&modify the line: PermitEmptyPasswords no . Use SSH as an Internet Proxy 3 Google it ! . Assem Chelli OpenSSH tricks . . . . .

45

. Best SSH tricks 5 . Change SSH port 1 in /etc/ssh/sshd_config find&modify the line: Port 300 . Deny empty passwords 2 in /etc/ssh/sshd_config find&modify the line: PermitEmptyPasswords no . Use SSH as an Internet Proxy 3 Google it ! . Assem Chelli OpenSSH tricks . . . . .

46

. Best SSH tricks 5 . Change SSH port 1 in /etc/ssh/sshd_config find&modify the line: Port 300 . Deny empty passwords 2 in /etc/ssh/sshd_config find&modify the line: PermitEmptyPasswords no . Use SSH as an Internet Proxy 3 Google it ! . Assem Chelli OpenSSH tricks . . . . .

47

. Best SSH tricks 5 . Change SSH port 1 in /etc/ssh/sshd_config find&modify the line: Port 300 . Deny empty passwords 2 in /etc/ssh/sshd_config find&modify the line: PermitEmptyPasswords no . Use SSH as an Internet Proxy 3 Google it ! . Assem Chelli OpenSSH tricks . . . . .

48

. Thwart SSH Crackers DenyHosts Fail2ban security/sshguard security/sshblock . Assem Chelli OpenSSH tricks . . . . .

49

. SSH via Proxy! Proxy Problem! /etc/ssh/ssh_config host * proxyCommand connect -H 10.0.0.1:80 %h %p . Assem Chelli OpenSSH tricks . . . . .

50

. SSH via Proxy! Proxy Problem! /etc/ssh/ssh_config host * proxyCommand connect -H 10.0.0.1:80 %h %p . Assem Chelli OpenSSH tricks . . . . .

51

. forwarding over SSH Agent forwarding ssh -A trustedhost (your privatekeys can be stolen) X11 forwarding ssh -X user@host firefox ssh -Y user@host Port forwarding ssh -L8000:anotherhost:80 somehost . Assem Chelli OpenSSH tricks . . . . .

52

. Tunneling types LocalForward RemoteForward DynamicForward ProxyCommand ForwardX11/ForwardX11Trusted Tunnel ControlMaster . Assem Chelli OpenSSH tricks . . . . .

53

. Security ssh-agent X11 GatewayPorts MITM SSH-1.99 SSH timing attack . Assem Chelli OpenSSH tricks . . . . .

54

Appendix . Questions Questions? . Assem Chelli OpenSSH tricks . . . . .

55

Appendix For Further Reading . For Further Reading I SSH tips, tricks & protocol tutorial .Damien Miller , AUUG Winter 2002 . 25 Best SSH Commands / Tricks. http://www.newitperson.com/2012/01/25-ssh-commandstricks/ SSH manpage . Assem Chelli OpenSSH tricks . . . . .

More Related Content

OpenSSH tricks

  • 1. . . OpenSSH tricks Assem Chelli assem.ch@gmail.com (@assem_ch) Hacknowledge Contest Algeria 2013 . Assem Chelli OpenSSH tricks . . . . .
  • 2. . What is SSH? SSH: Secure SHell, a Network protocol Created by Tatu Ylonen (1995) Secure logging into remote computer Public key authentication (!Password), Authentication of the server (!MAN-IN-THE-MIDDLE ) Encryption, Integrity more features: Stream Compression Port forwarding X11 sessions forwarding File transfer . Assem Chelli OpenSSH tricks . . . . .
  • 3. . WHY SSH IS SO IMPORTANT? IP spoofing IP source routing DNS spoofing Password sniffing Manipulation of transfer data Atack on X11 (sniffing on authorization) . Assem Chelli OpenSSH tricks . . . . .
  • 4. . Install Open SSH SSH is so resricted , OPEN SSH is free! openssh-client , openssh-server sudo apt-get install openssh-client openssh-server sudo yum install openssh-client openssh-server WINDOWS: download & install PuTTY http://www.chiark.greenend.org.uk/ sgtatham/putty/ . Assem Chelli OpenSSH tricks . . . . .
  • 5. . Basic SSH usage Remote login ssh hostname ssh -l user hostname ssh user@hostname cd:41:70:30:48:07:16:81:e5:30:34:66:f1:56:ef:db RSA key fingerprint —> yes / no (Public Key authentification) host’s password: _______ (Password authentification) known hosts ~/.ssh/known_hosts . Assem Chelli OpenSSH tricks . . . . .
  • 6. . Basic SSH usage Remote login ssh hostname ssh -l user hostname ssh user@hostname cd:41:70:30:48:07:16:81:e5:30:34:66:f1:56:ef:db RSA key fingerprint —> yes / no (Public Key authentification) host’s password: _______ (Password authentification) known hosts ~/.ssh/known_hosts . Assem Chelli OpenSSH tricks . . . . .
  • 7. . Omar in the middle! let’s play SERVER role! We put Server offline Someone fix his IP as the same IP of server Now try login again ssh host @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that the RSA host key has just been changed. . Assem Chelli OpenSSH tricks . . . . .
  • 8. . Omar in the middle! let’s play SERVER role! We put Server offline Someone fix his IP as the same IP of server Now try login again ssh host @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that the RSA host key has just been changed. . Assem Chelli OpenSSH tricks . . . . .
  • 9. . SSH replaces telnet. ssh host.domena.pl ssh user@host.domena.pl ssh -l user host.domena.pl . Assem Chelli OpenSSH tricks . . . . .
  • 10. . SSH replaces FTP. sftp host.domena.pl sftp> dir . Assem Chelli OpenSSH tricks . . . . .
  • 11. . SSH replaces r-command . rexec ssh host "cat /etc/passwd" rlogin ssh user@host rcp scp file host.domena.pl . Assem Chelli OpenSSH tricks . . . . .
  • 12. . Executing commands remotely ssh host netstat ssh host "ls -C /bin" ssh host “cat /etc/passwd” ssh host “vi /tmp/foo ” ssh -t host vi /tmp/foo . Assem Chelli OpenSSH tricks . . . . .
  • 13. . Executing commands remotely ssh host netstat ssh host "ls -C /bin" ssh host “cat /etc/passwd” ssh host “vi /tmp/foo ” ssh -t host vi /tmp/foo . Assem Chelli OpenSSH tricks . . . . .
  • 14. . Redirecting commands input and output ssh host "ls /bin | grep -i rm" ssh host "ls /bin" | grep -i rm ssh host "cat /etc/passwd" > remote_passwd ssh host "psql billing" < billing.sql | grep -v ^INFO . Assem Chelli OpenSSH tricks . . . . .
  • 15. . Redirecting commands input and output ssh host "ls /bin | grep -i rm" ssh host "ls /bin" | grep -i rm ssh host "cat /etc/passwd" > remote_passwd ssh host "psql billing" < billing.sql | grep -v ^INFO . Assem Chelli OpenSSH tricks . . . . .
  • 16. . File transfer scp scp [user1@]host1:/path/to/source/file [user2@]host2:/path/to/destination/file scp -r sftp sftp host sftp> cd /usr/share/games sftp> ls sftp> lcd /tmp get c* quit tar-over-ssh ssh host "cd /usr/share/games ; tar cf - ./a*" | > (cd /tmp ; tar xpvf -) rsync rsync -ve ssh host:/bin/c* /tmp . Assem Chelli OpenSSH tricks . . . . .
  • 17. . Public Keys Generate a public key ssh-keygen -t rsa cat ~/.ssh/id_rsa.pub Authentification ssh-add -l Restrictions cat ~/.ssh/authorized_keys . Assem Chelli OpenSSH tricks . . . . .
  • 18. . Default Config Files and SSH Port /etc/ssh/sshd_config - OpenSSH server configuration file. /etc/ssh/ssh_config - OpenSSH client configuration file. ~/.ssh/ - Users ssh configuration directory. ~/.ssh/authorized_keys - Lists the public keys (RSA or DSA) that can be used to log into the users account /etc/nologin - If this file exists, sshd refuses to let anyone except root log in. /etc/hosts.allow and /etc/hosts.deny : Access controls lists that should be enforced by tcp-wrappers are defined here. SSH default port : TCP ?? . Assem Chelli OpenSSH tricks . . . . .
  • 19. . Default Config Files and SSH Port /etc/ssh/sshd_config - OpenSSH server configuration file. /etc/ssh/ssh_config - OpenSSH client configuration file. ~/.ssh/ - Users ssh configuration directory. ~/.ssh/authorized_keys - Lists the public keys (RSA or DSA) that can be used to log into the users account /etc/nologin - If this file exists, sshd refuses to let anyone except root log in. /etc/hosts.allow and /etc/hosts.deny : Access controls lists that should be enforced by tcp-wrappers are defined here. SSH default port : TCP ?? . Assem Chelli OpenSSH tricks . . . . .
  • 20. . Default Config Files and SSH Port /etc/ssh/sshd_config - OpenSSH server configuration file. /etc/ssh/ssh_config - OpenSSH client configuration file. ~/.ssh/ - Users ssh configuration directory. ~/.ssh/authorized_keys - Lists the public keys (RSA or DSA) that can be used to log into the users account /etc/nologin - If this file exists, sshd refuses to let anyone except root log in. /etc/hosts.allow and /etc/hosts.deny : Access controls lists that should be enforced by tcp-wrappers are defined here. SSH default port : TCP ?? . Assem Chelli OpenSSH tricks . . . . .
  • 21. . Default Config Files and SSH Port /etc/ssh/sshd_config - OpenSSH server configuration file. /etc/ssh/ssh_config - OpenSSH client configuration file. ~/.ssh/ - Users ssh configuration directory. ~/.ssh/authorized_keys - Lists the public keys (RSA or DSA) that can be used to log into the users account /etc/nologin - If this file exists, sshd refuses to let anyone except root log in. /etc/hosts.allow and /etc/hosts.deny : Access controls lists that should be enforced by tcp-wrappers are defined here. SSH default port : TCP ?? . Assem Chelli OpenSSH tricks . . . . .
  • 22. . Default Config Files and SSH Port /etc/ssh/sshd_config - OpenSSH server configuration file. /etc/ssh/ssh_config - OpenSSH client configuration file. ~/.ssh/ - Users ssh configuration directory. ~/.ssh/authorized_keys - Lists the public keys (RSA or DSA) that can be used to log into the users account /etc/nologin - If this file exists, sshd refuses to let anyone except root log in. /etc/hosts.allow and /etc/hosts.deny : Access controls lists that should be enforced by tcp-wrappers are defined here. SSH default port : TCP ?? . Assem Chelli OpenSSH tricks . . . . .
  • 23. . Default Config Files and SSH Port /etc/ssh/sshd_config - OpenSSH server configuration file. /etc/ssh/ssh_config - OpenSSH client configuration file. ~/.ssh/ - Users ssh configuration directory. ~/.ssh/authorized_keys - Lists the public keys (RSA or DSA) that can be used to log into the users account /etc/nologin - If this file exists, sshd refuses to let anyone except root log in. /etc/hosts.allow and /etc/hosts.deny : Access controls lists that should be enforced by tcp-wrappers are defined here. SSH default port : TCP ?? . Assem Chelli OpenSSH tricks . . . . .
  • 24. . Default Config Files and SSH Port /etc/ssh/sshd_config - OpenSSH server configuration file. /etc/ssh/ssh_config - OpenSSH client configuration file. ~/.ssh/ - Users ssh configuration directory. ~/.ssh/authorized_keys - Lists the public keys (RSA or DSA) that can be used to log into the users account /etc/nologin - If this file exists, sshd refuses to let anyone except root log in. /etc/hosts.allow and /etc/hosts.deny : Access controls lists that should be enforced by tcp-wrappers are defined here. SSH default port : TCP ?? . Assem Chelli OpenSSH tricks . . . . .
  • 25. . BEST SSH Tricks 1 . Copy ssh keys to user@host to enable password-less ssh logins 1 ssh-copy-id user@host . Start a tunnel from some machines port 80 to your local post 2001 2 ssh -N -L2001:localhost:80 somemachine . Output your microphone to a remote computers speaker 3 dd if=/dev/dsp | ssh -c arcfour -C username@host dd of=/dev/dsp . Compare a remote file with a local file 4 ssh user@host cat /path/to/remotefile | diff /path/to/localfile - . Mount folder/filesystem through SSH 5 ss hfs name@server:/path/to/folder /path/to/mount/point . Assem Chelli OpenSSH tricks . . . . .
  • 26. . BEST SSH Tricks 1 . Copy ssh keys to user@host to enable password-less ssh logins 1 ssh-copy-id user@host . Start a tunnel from some machines port 80 to your local post 2001 2 ssh -N -L2001:localhost:80 somemachine . Output your microphone to a remote computers speaker 3 dd if=/dev/dsp | ssh -c arcfour -C username@host dd of=/dev/dsp . Compare a remote file with a local file 4 ssh user@host cat /path/to/remotefile | diff /path/to/localfile - . Mount folder/filesystem through SSH 5 ss hfs name@server:/path/to/folder /path/to/mount/point . Assem Chelli OpenSSH tricks . . . . .
  • 27. . BEST SSH Tricks 1 . Copy ssh keys to user@host to enable password-less ssh logins 1 ssh-copy-id user@host . Start a tunnel from some machines port 80 to your local post 2001 2 ssh -N -L2001:localhost:80 somemachine . Output your microphone to a remote computers speaker 3 dd if=/dev/dsp | ssh -c arcfour -C username@host dd of=/dev/dsp . Compare a remote file with a local file 4 ssh user@host cat /path/to/remotefile | diff /path/to/localfile - . Mount folder/filesystem through SSH 5 ss hfs name@server:/path/to/folder /path/to/mount/point . Assem Chelli OpenSSH tricks . . . . .
  • 28. . BEST SSH Tricks 1 . Copy ssh keys to user@host to enable password-less ssh logins 1 ssh-copy-id user@host . Start a tunnel from some machines port 80 to your local post 2001 2 ssh -N -L2001:localhost:80 somemachine . Output your microphone to a remote computers speaker 3 dd if=/dev/dsp | ssh -c arcfour -C username@host dd of=/dev/dsp . Compare a remote file with a local file 4 ssh user@host cat /path/to/remotefile | diff /path/to/localfile - . Mount folder/filesystem through SSH 5 ss hfs name@server:/path/to/folder /path/to/mount/point . Assem Chelli OpenSSH tricks . . . . .
  • 29. . BEST SSH Tricks 1 . Copy ssh keys to user@host to enable password-less ssh logins 1 ssh-copy-id user@host . Start a tunnel from some machines port 80 to your local post 2001 2 ssh -N -L2001:localhost:80 somemachine . Output your microphone to a remote computers speaker 3 dd if=/dev/dsp | ssh -c arcfour -C username@host dd of=/dev/dsp . Compare a remote file with a local file 4 ssh user@host cat /path/to/remotefile | diff /path/to/localfile - . Mount folder/filesystem through SSH 5 ss hfs name@server:/path/to/folder /path/to/mount/point . Assem Chelli OpenSSH tricks . . . . .
  • 30. . BEST SSH Tricks 2 . SSH connection through host in the middle 1 ssh -t reachable_host ssh unreachable_host . Copy from host1 to host2, through your host 2 ssh root@host1 cd /somedir/tocopy/ && tar -cf . | ssh root@host2 cd /samedir/tocopyto/ && tar -xf - . Run any GUI program remotely 3 ssh -fX @ . Create a persistent connection to a machine 4 ssh -MNf @ . Attach screen over ssh 5 ssh -t remote_host screen -r . Assem Chelli OpenSSH tricks . . . . .
  • 31. . BEST SSH Tricks 2 . SSH connection through host in the middle 1 ssh -t reachable_host ssh unreachable_host . Copy from host1 to host2, through your host 2 ssh root@host1 cd /somedir/tocopy/ && tar -cf . | ssh root@host2 cd /samedir/tocopyto/ && tar -xf - . Run any GUI program remotely 3 ssh -fX @ . Create a persistent connection to a machine 4 ssh -MNf @ . Attach screen over ssh 5 ssh -t remote_host screen -r . Assem Chelli OpenSSH tricks . . . . .
  • 32. . BEST SSH Tricks 2 . SSH connection through host in the middle 1 ssh -t reachable_host ssh unreachable_host . Copy from host1 to host2, through your host 2 ssh root@host1 cd /somedir/tocopy/ && tar -cf . | ssh root@host2 cd /samedir/tocopyto/ && tar -xf - . Run any GUI program remotely 3 ssh -fX @ . Create a persistent connection to a machine 4 ssh -MNf @ . Attach screen over ssh 5 ssh -t remote_host screen -r . Assem Chelli OpenSSH tricks . . . . .
  • 33. . BEST SSH Tricks 2 . SSH connection through host in the middle 1 ssh -t reachable_host ssh unreachable_host . Copy from host1 to host2, through your host 2 ssh root@host1 cd /somedir/tocopy/ && tar -cf . | ssh root@host2 cd /samedir/tocopyto/ && tar -xf - . Run any GUI program remotely 3 ssh -fX @ . Create a persistent connection to a machine 4 ssh -MNf @ . Attach screen over ssh 5 ssh -t remote_host screen -r . Assem Chelli OpenSSH tricks . . . . .
  • 34. . BEST SSH Tricks 2 . SSH connection through host in the middle 1 ssh -t reachable_host ssh unreachable_host . Copy from host1 to host2, through your host 2 ssh root@host1 cd /somedir/tocopy/ && tar -cf . | ssh root@host2 cd /samedir/tocopyto/ && tar -xf - . Run any GUI program remotely 3 ssh -fX @ . Create a persistent connection to a machine 4 ssh -MNf @ . Attach screen over ssh 5 ssh -t remote_host screen -r . Assem Chelli OpenSSH tricks . . . . .
  • 35. . BEST SSH Tricks 3 . Run complex remote shell cmds over ssh 1 ssh host -l user $( ssh host -l user cat cmd.txt . Resume scp of a big file 2 rsync partial progress rsh=ssh $file_source $user@$host:$destination_file . Analyze traffic remotely over ssh w/ wireshark 3 ssh root@server.com tshark -f port !22 -w - | wireshark -k -i - . Have an ssh session open forever 4 autossh -M50000 -t server.example.com screen -raAd mysession . Harder, Faster, Stronger SSH clients 5 ssh -4 -C -c blowfish-cbc . Assem Chelli OpenSSH tricks . . . . .
  • 36. . BEST SSH Tricks 3 . Run complex remote shell cmds over ssh 1 ssh host -l user $( ssh host -l user cat cmd.txt . Resume scp of a big file 2 rsync partial progress rsh=ssh $file_source $user@$host:$destination_file . Analyze traffic remotely over ssh w/ wireshark 3 ssh root@server.com tshark -f port !22 -w - | wireshark -k -i - . Have an ssh session open forever 4 autossh -M50000 -t server.example.com screen -raAd mysession . Harder, Faster, Stronger SSH clients 5 ssh -4 -C -c blowfish-cbc . Assem Chelli OpenSSH tricks . . . . .
  • 37. . BEST SSH Tricks 3 . Run complex remote shell cmds over ssh 1 ssh host -l user $( ssh host -l user cat cmd.txt . Resume scp of a big file 2 rsync partial progress rsh=ssh $file_source $user@$host:$destination_file . Analyze traffic remotely over ssh w/ wireshark 3 ssh root@server.com tshark -f port !22 -w - | wireshark -k -i - . Have an ssh session open forever 4 autossh -M50000 -t server.example.com screen -raAd mysession . Harder, Faster, Stronger SSH clients 5 ssh -4 -C -c blowfish-cbc . Assem Chelli OpenSSH tricks . . . . .
  • 38. . BEST SSH Tricks 3 . Run complex remote shell cmds over ssh 1 ssh host -l user $( ssh host -l user cat cmd.txt . Resume scp of a big file 2 rsync partial progress rsh=ssh $file_source $user@$host:$destination_file . Analyze traffic remotely over ssh w/ wireshark 3 ssh root@server.com tshark -f port !22 -w - | wireshark -k -i - . Have an ssh session open forever 4 autossh -M50000 -t server.example.com screen -raAd mysession . Harder, Faster, Stronger SSH clients 5 ssh -4 -C -c blowfish-cbc . Assem Chelli OpenSSH tricks . . . . .
  • 39. . BEST SSH Tricks 3 . Run complex remote shell cmds over ssh 1 ssh host -l user $( ssh host -l user cat cmd.txt . Resume scp of a big file 2 rsync partial progress rsh=ssh $file_source $user@$host:$destination_file . Analyze traffic remotely over ssh w/ wireshark 3 ssh root@server.com tshark -f port !22 -w - | wireshark -k -i - . Have an ssh session open forever 4 autossh -M50000 -t server.example.com screen -raAd mysession . Harder, Faster, Stronger SSH clients 5 ssh -4 -C -c blowfish-cbc . Assem Chelli OpenSSH tricks . . . . .
  • 40. . Best SSH tricks 4 . Disable OpenSSH Server 1 apt-get remove openssh-server (ubuntu ) chkconfig sshd off && yum erase openssh-server (fedora) . Force to use SSH protocole 2 because SSH-1 is vulnerable (Man-in-the-middle attacks) 2 in /etc/ssh/sshd_config add the line: Protocol 2 . Limit root or Users’ SSH Access 3 in /etc/ssh/sshd_config find&modify the line: AllowUsers root assem or find&modify the line: DenyUsers omar zaki ali-baba or find&modify the line: PermitRootLogin no or create /etc/nologin . Enable a Warning Banner 4 in /etc/ssh/sshd_config add the line: Banner /etc/issue . Assem Chelli OpenSSH tricks . . . . .
  • 41. . Best SSH tricks 4 . Disable OpenSSH Server 1 apt-get remove openssh-server (ubuntu ) chkconfig sshd off && yum erase openssh-server (fedora) . Force to use SSH protocole 2 because SSH-1 is vulnerable (Man-in-the-middle attacks) 2 in /etc/ssh/sshd_config add the line: Protocol 2 . Limit root or Users’ SSH Access 3 in /etc/ssh/sshd_config find&modify the line: AllowUsers root assem or find&modify the line: DenyUsers omar zaki ali-baba or find&modify the line: PermitRootLogin no or create /etc/nologin . Enable a Warning Banner 4 in /etc/ssh/sshd_config add the line: Banner /etc/issue . Assem Chelli OpenSSH tricks . . . . .
  • 42. . Best SSH tricks 4 . Disable OpenSSH Server 1 apt-get remove openssh-server (ubuntu ) chkconfig sshd off && yum erase openssh-server (fedora) . Force to use SSH protocole 2 because SSH-1 is vulnerable (Man-in-the-middle attacks) 2 in /etc/ssh/sshd_config add the line: Protocol 2 . Limit root or Users’ SSH Access 3 in /etc/ssh/sshd_config find&modify the line: AllowUsers root assem or find&modify the line: DenyUsers omar zaki ali-baba or find&modify the line: PermitRootLogin no or create /etc/nologin . Enable a Warning Banner 4 in /etc/ssh/sshd_config add the line: Banner /etc/issue . Assem Chelli OpenSSH tricks . . . . .
  • 43. . Best SSH tricks 4 . Disable OpenSSH Server 1 apt-get remove openssh-server (ubuntu ) chkconfig sshd off && yum erase openssh-server (fedora) . Force to use SSH protocole 2 because SSH-1 is vulnerable (Man-in-the-middle attacks) 2 in /etc/ssh/sshd_config add the line: Protocol 2 . Limit root or Users’ SSH Access 3 in /etc/ssh/sshd_config find&modify the line: AllowUsers root assem or find&modify the line: DenyUsers omar zaki ali-baba or find&modify the line: PermitRootLogin no or create /etc/nologin . Enable a Warning Banner 4 in /etc/ssh/sshd_config add the line: Banner /etc/issue . Assem Chelli OpenSSH tricks . . . . .
  • 44. . Best SSH tricks 5 . Change SSH port 1 in /etc/ssh/sshd_config find&modify the line: Port 300 . Deny empty passwords 2 in /etc/ssh/sshd_config find&modify the line: PermitEmptyPasswords no . Use SSH as an Internet Proxy 3 Google it ! . Assem Chelli OpenSSH tricks . . . . .
  • 45. . Best SSH tricks 5 . Change SSH port 1 in /etc/ssh/sshd_config find&modify the line: Port 300 . Deny empty passwords 2 in /etc/ssh/sshd_config find&modify the line: PermitEmptyPasswords no . Use SSH as an Internet Proxy 3 Google it ! . Assem Chelli OpenSSH tricks . . . . .
  • 46. . Best SSH tricks 5 . Change SSH port 1 in /etc/ssh/sshd_config find&modify the line: Port 300 . Deny empty passwords 2 in /etc/ssh/sshd_config find&modify the line: PermitEmptyPasswords no . Use SSH as an Internet Proxy 3 Google it ! . Assem Chelli OpenSSH tricks . . . . .
  • 47. . Best SSH tricks 5 . Change SSH port 1 in /etc/ssh/sshd_config find&modify the line: Port 300 . Deny empty passwords 2 in /etc/ssh/sshd_config find&modify the line: PermitEmptyPasswords no . Use SSH as an Internet Proxy 3 Google it ! . Assem Chelli OpenSSH tricks . . . . .
  • 48. . Thwart SSH Crackers DenyHosts Fail2ban security/sshguard security/sshblock . Assem Chelli OpenSSH tricks . . . . .
  • 49. . SSH via Proxy! Proxy Problem! /etc/ssh/ssh_config host * proxyCommand connect -H 10.0.0.1:80 %h %p . Assem Chelli OpenSSH tricks . . . . .
  • 50. . SSH via Proxy! Proxy Problem! /etc/ssh/ssh_config host * proxyCommand connect -H 10.0.0.1:80 %h %p . Assem Chelli OpenSSH tricks . . . . .
  • 51. . forwarding over SSH Agent forwarding ssh -A trustedhost (your privatekeys can be stolen) X11 forwarding ssh -X user@host firefox ssh -Y user@host Port forwarding ssh -L8000:anotherhost:80 somehost . Assem Chelli OpenSSH tricks . . . . .
  • 53. . Security ssh-agent X11 GatewayPorts MITM SSH-1.99 SSH timing attack . Assem Chelli OpenSSH tricks . . . . .
  • 55. Appendix For Further Reading . For Further Reading I SSH tips, tricks & protocol tutorial .Damien Miller , AUUG Winter 2002 . 25 Best SSH Commands / Tricks. http://www.newitperson.com/2012/01/25-ssh-commandstricks/ SSH manpage . Assem Chelli OpenSSH tricks . . . . .