Posted by jpluimers on 2020/05/18
This looks like an ssh equivalent to testssl.sh: [WayBack] GitHub – arthepsy/ssh-audit: SSH server auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc).
It is on my list of things to try, so I’ve put a watch on the repository changes.
–jeroen
Posted in Communications Development, Development, Encryption, Internet protocol suite, Power User, Security, SSH, TCP | Leave a Comment »
Posted by jpluimers on 2020/05/11
Interesting to monitor (it has a nice RSS feed!) so you can ensure your systems get patched sooner rather than later:
The Exploit Database – Exploits, Shellcode, 0days, Remote Exploits, Local Exploits, Web Apps, Vulnerability Reports, Security Articles, Tutorials and more.
–jeroen
Posted in Power User, Security | Leave a Comment »
Posted by jpluimers on 2020/05/04
Often, hotspots only allow http/https traffic. Other traffic – like SSH – is blocked. Nowadays, fewer hotspots block that, but too many still do.
So it can be worth a while to route your SSH server through HTTPS (I don’t like Web-based SSH that much as terminal emulation in browsers isn’t that well yet, but that seems to change rapidly, more on that in the “Further reading” section below).
After some background reading at apache – Tunnel over HTTPS – Stack Overflow, here are a few links that help you do it:
You need:
Read more at DAG: Tunneling SSH over HTTP(S) and SSH over SSL, a quick and minimal config..
Steps:
Read more at Using SSH over the HTTPS port · GitHub Help.
Using Putty and an HTTP proxy to ssh anywhere through firewalls | Me in IT.
Tunneling SSH through HTTP proxies using HTTP Connect – ArchWiki.
Not all proxy configurations and hotspots support this. But it might be worth a look: SSH Over Proxy.
SSH plugins for browsers:
Web based SSH:
–jeroen
Posted in Communications Development, Development, Encryption, HTTP, https, HTTPS/TLS security, Internet protocol suite, Power User, Security, SSH, TCP | Leave a Comment »
Posted by jpluimers on 2020/05/01
Verify [WayBack] OpenSSH: Key generation before generating keys.
At the time of grabbing it was this (for the mozilla tag; use another tag if you prefer):
# RSA keys are favored over ECDSA keys when backward compatibility ''is required'',
# thus, newly generated keys are always either ED25519 or RSA (NOT ECDSA or DSA).
$ ssh-keygen -t rsa -b 4096 -f ~/.ssh/id_rsa_mozilla_$(date +%Y-%m-%d) -C "Mozilla key for xyz"
# ED25519 keys are favored over RSA keys when backward compatibility ''is not required''.
# This is only compatible with OpenSSH 6.5+ and fixed-size (256 bytes).
$ ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519_mozilla_$(date +%Y-%m-%d) -C "Mozilla key for xyz"
This was not changed based on [WayBack] Key generation: pass-a and -o argument? · Issue #68 · mozilla/wikimo_content · GitHub: a discussion on the KDF rounds (-a parameter) and storage format (-o parameter).
This is slightly less strong than in [WayBack] Upgrade Your SSH Key to Ed25519 | Programming Journal, but seems to be OK when writing this in 2018.
For comparison, a similar discussion is at [WayBack] public key – How many KDF rounds for an SSH key? – Cryptography Stack Exchange.
In practice, I am not for one ssh ID per host, but I use different tags depending on where the ssh ID applies. More discussion on this is at [WayBack] privacy – Best Practice: ”separate ssh-key per host and user“ vs. ”one ssh-key for all hosts“ – Information Security Stack Exchange
Based on the above, I also learned about this password generator: [WayBack] GitHub – gdestuynder/pwgen
–jeroen
Posted in *nix, *nix-tools, Encryption, Hashing, Power User, Security, ssh/sshd | Leave a Comment »
Posted by jpluimers on 2020/04/10
A few links for my archive:
–jeroen
Posted in Communications Development, Development, Internet protocol suite, Security, SSH, TCP | Leave a Comment »
Posted by jpluimers on 2020/03/10
In a lot of ssh-keygen related posts, you still see DSA being mentioned, though that has been deprecated and later removed from OpenSSH.
I wondered why, so I did some digging.
TL;DR: it’s complicated:
Some of the related topics cannot be archived in the WayBack machine or refuse being archived at Archive.is, so here is a list of partially archived relevant links:
–jeroen
Posted in Communications Development, Development, Internet protocol suite, Power User, Security, SSH, TCP | Leave a Comment »
Posted by jpluimers on 2020/03/03
From 5 years ago, but now more relevant than it ever was: [WayBack] The Toxic Smog of the Information Age | Literary Hub
SCROOGLED
Give me six lines written by the most honorable of men, and I will find an excuse in them to hang him. –Cardinal Richelieu
We don’t know enough about you. –Google CEO Eric Schmidt
Via:
–jeroen
Posted in History, Opinions, Security | Leave a Comment »
Posted by jpluimers on 2020/03/03
For me this is still a primary starting point in case I need to know something about security which has clear pictures: [WayBack] Appendix A. Introduction to TCP/IP security (sg245383.pdf/ftp://ftp.www.ibm.com/…/sg245383.pdf, thanks to Jac Las) all on one web page.
The links are to the “Digital signatures” portion, as that’s what I needed at the time, but they are just anchors in the page.
These were the diagrams I was after:
If you want much more in-depth slide then, then go for [WayBack] Cryptography, from Theory to Practice which you can find back searching for IBM “Cryptography, from Theory to Practice” or “sign then hash” or “hash then sign”.
It is very different from the equally interesting presentation
–jeroen
Posted in Development, Encryption, Power User, Security, Software Development | 2 Comments »
Posted by jpluimers on 2020/02/24
When you have physical access to a machine, assume it is compromised.
Sometimes the compromise can be as simple as a HID device access:
–jeroen
Posted in Power User, Security | Leave a Comment »
Posted by jpluimers on 2020/02/19
For my link archive: [WayBack] Does anyone knows a existing implementation of bcrypt or scrypt for delphi? – Fabian S. Biehn – Google+:
–jeroen
Posted in Delphi, Development, Encryption, Power User, Security, Software Development | Leave a Comment »
The Wiert Corner - irregular stream of stuff 