Archive for the ‘SSH’ Category
Posted by jpluimers on 2018/01/17
Thanks for the excellent comment explaining how to use hardware tokens as a comment to [WayBack] Using hardware security tokens cross-platform is only slightly more complicated than piloting a Space Shuttle. ##sarcasm – Jan Wildeboer – Google+
Jan Wildeboer:
+Jeroen Wiert Pluimers OK. Let’s look a bit at how this works. There are several competing standards/ways to use a security token. Typically you’ll decide between the two most used ones. As a CCID device AKA SmartCard with OpenSC or using gpg-agent. And that’s an either/or question. Some of the security tokens can only work with gpg-agent, some can do both (but not at the same time) and some are only useful as CCID style (e.g. the Nitrokey HSM).
OK. So now we look at platforms. CCID using OpenSC mostly works everywhere, but you might need to install some additional software depending on your OS. Older versions of MacOS X were notoriously bad, since (High) Sierra it has become better.
On Linux it again really depends. The gnome-keyring-agent that is active in a Gnome session really messes everything up, so better deactivate that. Which is not really trivial. But you have to have a socket for ssh-agent to pick up the key, so some stuff goes to your .bash.rc and you have to make some changes to Gnome config.
If you want to use a Yubikey for 2FA, note that it cannot do TOTP (Time based One Time Password) which Amazon wants for AWS auth. So you need another helper app on your computer.
Here’s some articles that explain it in detail:
The middle two links are actually part of the series [WayBack] Yubikey All The Things | EngineerBetter | More than Cloud Foundry specialists which has a third post [WayBack] Yubikeys for Static Secrets | EngineerBetter | More than Cloud Foundry specialists
–jeroen
Posted in *nix, *nix-tools, Communications Development, Development, Internet protocol suite, Power User, Security, SSH, TCP | Leave a Comment »
Posted by jpluimers on 2017/12/14
Yes, there are still static web-sites. A long time ago, they were uploaded over FTP. Now many use more secure protocols.
So here are some links and notes to allow this on a Linux based host running OpenSSH.
I got to the above via these two links:
An alternative might be web-dave, but that would probably mean some hassle to separate uploading the site from accessing the site.
[Archive.is]Â How To Set Up WebDAV With Apache2 On OpenSUSE 12.2
–jeroen
Posted in *nix, Communications Development, Development, Internet protocol suite, Linux, openSuSE, Power User, SSH, SuSE Linux, TCP | Leave a Comment »
Posted by jpluimers on 2017/11/15
If you ever ssh into something and immediately get the immediate Too many authentication failures message, then you’ve probably mixed your authentication methods.
Follow the steps in [WayBack] ssh – Too many authentication failures for username – Super User (thanks [WayBack] John T and [WayBack] Ben West).
First check out whats wrong by slowly increasing the number of -v parameters to make output more verbose:
ssh -v
ssh -v -v
ssh -v -v -v
Then try to find out which authentication method fails: usually it’s a private key that’s wrong.
I’ve had success in various cases where I screwed up with these ssh parameters:
-o PubkeyAuthentication=no
-i some_id_rsa -o IdentitiesOnly=yes
–jeroen
Posted in *nix, Communications Development, Development, Internet protocol suite, Power User, Software Development, SSH, TCP | Leave a Comment »
Posted by jpluimers on 2017/06/12
You know the drill: site that limits incoming traffic and has painful VPN. Luckily this time outgoing ssh traffic on port 22 was allowed (because they do SFTP which is SSH File Transfer).
Since I’ve outside Linux boxes and could run a Linux VM there (all Tumbleweed based), this allowed me to do a reverse SSH tunnel. Those are always a bit confusing, but this set of drawings really helps: What’s ssh port forwarding and what’s the difference between ssh local and remote port forwarding – Unix & Linux Stack Exchange [WayBack].
Which brings me to a statement like this:
ssh -o "ExitOnForwardFailure yes" -R :3389:192.168.199.114:3389 -p 33322 93.184.216.34
That didn’t work: a remote machine could not RDP to port 3389, but a local telnet localhost 3389 would. The reason is that by default sshd binds a remote port to the local address only and not the wildcard addres.
So you have to open up the remote config a bit: at least /etc/sshd_config and most likely also your firewall.
Read the rest of this entry »
Posted in *nix, Communications Development, Development, Internet protocol suite, Linux, openSuSE, Power User, SSH, SuSE Linux, TCP, Tumbleweed | Leave a Comment »
Posted by jpluimers on 2017/05/09
Building libssh2 for Windows (Win32/Win64) is a lot harder than I hoped for.
There were no instructions on their website, there was the occasional “use CMake” at #IRC and that was about it.
Of course running just CMake doesn’t work and getting it working involves a lot of non-descriptive error messages, cursing and fruitless searches for them just bumping into “me too” threads not really providing the solution.
I tried building OpenSSL but after building, no `lib` directory appears so I cannot satisfy the dependencies. Not sure what OpenSSL would bring as I could not find any documentation about it either, so I’ll leave it at that.
Might be that `make test` for OpenSSL doesn’t succeed because some vague non-explained error which is odd when doing this on an almost prestine VS 2015 Community Edition VM.
But I’ll take that up with the OpenSSL people one day.
Oh the joy of Open Source…
Below are the steps (below the –more– mark a gist with the most recent version).
The core are these:
- you need git, Visual Studio and CMake
- use CMake to generate project files, msbuild to build (CBuild cannot build any more)
- After a Win64 build you have to reset the platform to create a Win32 build
These links helped a lot some in the positive, others in the negative sense:
Source: Building libssh2 for Windows (Win32/Win64) is a lot harder than I hoped for
–jeroen
Read the rest of this entry »
Posted in Communications Development, Development, Internet protocol suite, OpenSSL, Power User, Security, SSH, TCP | Leave a Comment »
Posted by jpluimers on 2017/04/28
The story isn’t a catch-22, but it is still fun to read:
SSH port is 22. The history of how I (Tatu Ylonen) got it. How to configure it through firewalls and iptables.
It also shows how agile the Internet was back then.
Source: [Archive.is]Â SSH Port
Via:Â [WayBack] “The SSH (Secure Shell) port is 22. It is not a co-incidence. This is a story I (Tatu Ylonen) haven’t told before.” https://www.ssh.com/ssh/port – This is why I Code – Google+
–jeroen
Posted in Development, History, Internet protocol suite, Software Development, SSH, TCP | Leave a Comment »
Posted by jpluimers on 2016/12/01
In a quest to perform SFTP in Delphi next to FTP, I first researched what I was up against. A tiny voice in the back of my head said “SFTP is totally unlike FTP” and it was right: SFTP means SSH File Transfer Protocol, not Simple File Transfer Protocol nor FTP over SSH nor FTP over SSL aka FTPS – the latter is supported by Indy but the former isn’t.
I decided against SecureBlackBox (providing SFTPBlackbox) and IPWorks (SSH) as I tried both a while ago for S/MIME support and was disappointed about both the lack of features and documentation; in the end I went for wrapping OpenSSL for the “encrypt-then-sign” process and Indy for the SSMTP part. The merger of the SecureBlackBox and IPWorks made me even less happy.
The Chilkat alternative for SFTPÂ isn’t too compelling either: ActiveX or DLL black-box without a lot of insight on how many people do use it.
So when I had to do SFTP and knew there are no free or open source SFTP components for Delphi available I opted for thinking outside the Delphi realm.
My basic idea was to embed either of these:
- Filezilla (as Filezilla on Windows is waaaay faster than WinSCP)
- WinSCPÂ (a Windows SCP and SFTP client written in C++ Builder)
- PSFTP (the Putty SFTP client)
FileZilla
FileZilla internally uses FzSFtp.exe which is based on PSFTP code (but with some buffers making it faster than PSFTP or WinSCP).
According to the author, neither FzSFtp.exe nor FileZilla can be automated:
FileZilla cannot make any automated transfers at all. Neither FileZilla.exe nor fzsftp.exe (is for SFTP) can be used for any batch processing.
Source: run filezilla tzsftp from batch command line – FileZilla Forums
The WinSCP author commented in a similar fashion:
FileZilla does not have any command line arguments (nor any other way) that allow automatic transfer.
Source: windows – Command line option to download file in FileZilla – Stack Overflow
In addition, FileZilla is always a GUI program, so running it as a console app (which I’d prefer) would be impossible.
WinSCP
WinSCP can be automated in two ways:
- The WinSCP.exe command-line allows for a
/console and /script switch enabling scripting mode that you can use for Scripting and Task Automation :: WinSCP
- A wrapper around WinSCP.exe is availble as WinSCP .NET Assembly and COM Library :: WinSCP which requires both .NET to be installed and (from Delphi) calling through COM which I don’t like much
Since I already had good Delphi wrapping code round starting/waiting-for running processes, I’d opt for using WinSCP.com scripting.
There used to be wrapping code around:Â Use with Delphi :: Support Forum :: WinSCP
PSFTP
These Using PSFTP to transfer files securely links should get me going:
Chapter 6: Using PSFTP to transfer files securely
Practical examples:
Source locations
For my own reference, the open source locations:
Some semi-random Delphi SSL related postss
During the search above I found the below links that will be useful to me one day:
–jeroen
Posted in .NET, Delphi, Development, Software Development, SSH, TCP | 5 Comments »
Posted by jpluimers on 2016/11/14
Boy I wish I had known about screen and tmux years ago. Screen is such a generic term that I never bumped into it, but tmux is easier to find and I like it more. When on the road, I regularly loose SSH sessions, so I’ve been starting tmux ever since I discovered it and reattach to it whenever needed thereby getting the same exact she’ll I was connected to.
http://unix.stackexchange.com/q/598/69111
–jeroen
Posted in *nix, *nix-tools, Communications Development, Development, Linux, openSuSE, Power User, SSH, SuSE Linux, TCP | Leave a Comment »
Posted by jpluimers on 2016/10/25
I’m using Linux (centos) machine, I already connected to the other system using ssh. Now my question is how can I copy files from one system to another system?
Source: How to copy files from one machine to another using ssh – Unix & Linux Stack Exchange
Nice question, uh? In my opinion the best answer is “Use scp to avoid going through hoops with complex configurations to re-use your existing ssh connection” like this:
To copy a file from B to A while logged into B:
scp /path/to/file username@A:/path/to/destination
To copy a file from B to A while logged into A:
scp username@B:/path/to/file /path/to/destination
Source: DopeGhoti answering How to copy files from one machine to another using ssh – Unix & Linux Stack Exchange
Instead the question is marked duplicate of SSH easily copy file to local system – Unix & Linux Stack Exchange where (contrary to the ‘easily’ part of the question) go through hoops and loops with all kinds of fancy ssh settings and port forwards.
Recursive
For recursive, use the -r option, as per [WayBack] shell – How to copy a folder from remote to local using scp? – Stack Overflow:
scp -r user@your.server.example.com:/path/to/foo /home/user/Desktop/
From man scp (See online manual)
-r Recursively copy entire directories
Related:
Read the rest of this entry »
Posted in *nix, *nix-tools, bash, Communications Development, Development, Internet protocol suite, Power User, Scripting, Software Development, SSH, TCP | Leave a Comment »
Posted by jpluimers on 2016/10/21
Not sure why yet, but on a gigabit network between a Windows 2008 R2 Server and a Proxmox KVM machine, WinSCP gets around 10 megabit/second and FileZilla > 30 megabit/second.
Others seem to agree that filezilla faster than winscp.
–jeroen
Posted in Communications Development, Development, Internet protocol suite, Power User, Proxmox, SSH, TCP, Virtualization, VMware, Windows, Windows Server 2008, Windows Server 2008 R2 | 1 Comment »
The Wiert Corner - irregular stream of stuff 
