linsec.ca blog » openssh

Two-factor SSH authentication via Google secures Linux logins

vdanen — Sat, 25 Jun 2011 15:35:11 +0000

Last week’s TechMail was Two-factor SSH authentication via Google secures Linux logins which talks about using Google two-factor authentication with SSH (and PAM in general). I really like it and it works quite well although the comments in the TechMail indicate another option called Duo for two-factor authentication that sounds really interesting as well.

Tips and tricks to help you do more with OpenSSH

vdanen — Sun, 30 Jan 2011 17:02:55 +0000

Last week’s techmail was Tips and tricks to help you do more with OpenSSH which is a followup to the previous tip that talked about OpenSSH key management. This one gives you a few one-liner tips to stimulate the imagination (yet are useful on their own) with the kinds of things you can do with OpenSSH, such as encrypted tunnels to remote hosts, creating a SOCKS5 proxy with OpenSSH, and running remote X applications.

What you need to know about OpenSSH key management

vdanen — Thu, 20 Jan 2011 18:22:44 +0000

This week’s techmail is What you need to know about OpenSSH key management which looks at a few tips and tricks in using OpenSSH public/private keys. It talks about generating keys, using ssh-copy-id to copy keys to servers, and using hashed representations of host keys to obscure what machines you connect to in case someone is able to look at your known_hosts file. If you’re not familiar with OpenSSH or want to move beyond just the simple basics, this tip will help you get started.

Using Corkscrew to tunnel SSH over HTTP

vdanen — Tue, 06 Oct 2009 22:49:30 +0000

This week’s TechMail is Using Corkscrew to tunnel SSH over HTTP which talks about creating an SSH tunnel using HTTP and the Corkscrew tool. Very cool and interesting stuff. Fortunately I’ve never been in such a restrictive environment where I’ve needed to use it, but it’s good to know in case I’m stuck in a hotel or something that has silly firewall rules.

Get network versatility with SSH tunneling and netcat

vdanen — Wed, 30 Sep 2009 05:10:14 +0000

This week’s TechMail is Get network versatility with SSH tunneling and netcat which talks about using netcat as a proxy tool to bounce transparently through a bastion host to a secure end point. It’s not something that you may use a lot, but if you need to be able to do something like this in a pinch, openssh and netcat are two tools that are almost always available and it’s cool stuff to know anyways. =)

Secure remote firewall administration via SSH

vdanen — Tue, 04 Aug 2009 22:07:42 +0000

This week’s TechMail is Secure remote firewall administration via SSH which talks about using ssh to create a secure tunnel to a remote network/system to use with configuring a remote firewall. I use this quite a bit with remotely-deployed pfSense boxen to configure it using the web interface and it works great. Of course, the nice thing with ssh tunnels is you can use them for darn near everything, but this is one practical example.

Realize the flexibility of OpenSSH

vdanen — Mon, 16 Jun 2008 18:15:00 +0000

The last TechMail is Realize the flexibility of OpenSSH which talks about some of the basics of using OpenSSH, from setting up keys to modifying sshd_config for user/group access controls and different features per group/user. OpenSSH is another of my favourite tools. Of course, there’s also the linsec wiki page Optimizing OpenSSH that goes into a lot more depth about using OpenSSH. It does, however, need to be updated to note the many new features recent OpenSSH versions provide.