Tag Archives: ssh

Home »  Tag: ssh

PCI-DSS 3.2 has one major new requirement which is 2-factor authentication. There are many ways to get that done in an Enterprise environment. But how about a standalone webserver for E-commerce or DMZ without central auth? When a ssh-key authentication is not enough, the quickest solution for a server could be to make ssh to ask for 2-factor token when logging in. 2-factor authentication is based on one part where you need to know the password plus something you need to have additionally. You can create a separate key on an external device like a tablet or mobile phone. There are also devices like RSA token but that’s not part of this. Here I plan to use Android tools like FreeOTP, Authy or Google Authenticator for the passkey. They usually produce every 30 seconds a new key based on OATH. Let’s secure the ssh access now. Setup: Firstly we need to […]

Situation: For whatsoever reason neither NFS nor SMB/CIFS are a runner on the environment. However I need to get permanent access to a shared filesystem. Solution: sshfs http://en.wikipedia.org/wiki/SSHFS It is more than likely that ssh is running and any kind of authentication is setup. Sshfs is an userspace filesystem (fuse) mounting a remote directory over ssh using sftp. In fuse  every user could mount his own filesystem through sshfs without the need of being root. In the below example I do it as root and share it with other users but it could be any other user. Note: This is a quick and dirty proof of concept. For further security needs please use this as a starting point and apply your own security needs (ssh keys, user auth, limited access, etc) With the below how-to I was able to make it fly under CentOS 6.x, Debian 7 and Ubuntu 13.04. […]

A Very quick and dirty howto guide for setting up rsh a remote shell to execute commands remotely from one Linux host to another. This might be useful for scripts to run something on the remote host. This assumes having already setup a ssh key between the hosts so there is no password request on the remote shell. However this is not mandatory and might be a security issue. In case you like to setup  a ssh key have a look here. This setup assumes there is no /etc/host.allow or /etc/host.deny setup for the remote server and the remote command shall be executed as user root. We have host Alpha to execute the command on Host Bravo the remote host where the command shall run on. All commands are to be run as root Starting with Bravo 1.1 Install rsh-server yum install rsh-server chkconfig rsh on 1.2 give rsh and the remote host all permissions needed. this needs to be […]

I do it on a regular base but everytime need to go back to my cheat sheet to jumpstart my memory. Whenever I need to reach one system from another without asking me for a password: First login on Server Alpha as the user desired to have the password free ssh and generate a pair of authentication keys. I would advise not to enter a passphrase but I leave that to you: user@Alpha:~> ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/user/.ssh/id_rsa): Created directory ‘/home/user/.ssh’. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/user/.ssh/id_rsa. Your public key has been saved in /home/user/.ssh/id_rsa.pub. The key fingerprint is: xx:xx:xx:xx:xx:xx:xx:xx:… user@Alpha The key’s randomart image is: …..xxxxxx.x.x.x..x.xx.whatever We need to create on the Server Bravo a user’s home subdirectory .ssh. (The directory may already exist, which is […]

%d bloggers like this: