A collection of wrapper scripts that make it easy to run some of the more obscure ssh features without having to read the manpage every time.
In the AUR.
CryptoLyzer is a fast and flexible server cryptographic settings analyzer library for Python with an easy-to-use command line interface with both human- and machine-readable output. It works with multiple cryptographic protocols (SSL/TLS, opportunistic TLS, SSH) and analyzes
additional security mechanisms (web security related HTTP response header fields, JA3 tag).
This repo contains the PDF book The Cyber Plumber's Handbook - The definitive guide to Secure Shell (SSH) tunneling, port redirection, and bending traffic like a boss. The book was first published in October 2018 for purchase, but now I'm providing it for FREE to anyone interested in learning more about the magic of SSH tunnels and port redirection.
Repo contains the PDF for download. CC-BY-NCv4
ssh-audit is a tool for ssh server and client configuration auditing. Analyzes client and server configuration, connection negotiation parameters, and cryptographic settings and outputs a security report. Has no dependencies.
Prefer using SSH over HTTP(S) for git.
In your ~/.gitconfig file:
[url "git@github.com:"]
insteadOf = http://github.com/
insteadOf = https://github.com/
Wants to be the "cryptographic right answers" document, but for SSH.
Archived.
Maybe have Glitch monitor it?
/etc/ssh/sshd_config:
Protocol 2
AuthenticationMethods publickey
PasswordAuthentication no
PermitEmptyPasswords no
X11Forwarding no
AllowAgentForwarding no
# The problem with having "MaxAuthTries 2" is, the more keys your
# SSH agent has, the more chances you'll have to get locked out.
# I set it to <my number of SSH keys> +2.
MaxAuthTries 10
MaxSessions 10
HostbasedAuthentication no
IgnoreRhosts yes
PermitRootLogin no
KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
Eternal Terminal (ET) is a remote shell that automatically reconnects without interrupting the session. A layer in between an application and unix TCP sockets that make the sockets robust to TCP disconnects including roaming and connection failure. Implements some of the tmux user experience, even works with the tmux control center (tmux -CC
). Buffers bytes written and read so they can be replayed in the event of a disconnection. Starts with SSH to make the initial connection and authentication. After that, it uses its own encrypted network protocol.
Apache Guacamole is a clientless remote desktop gateway. It supports standard protocols like VNC, RDP, and SSH.
We call it clientless because no plugins or client software are required.
Thanks to HTML5, once Guacamole is installed on a server, all you need to access your desktops is a web browser.
The original tilde?
Homepage of one of the tildes out there.
A good blog post about using SSH's little-known proxy functionality to tunnel traffic back through your home network to prevent eavesdropping. The best thing is, you don't have to set up a proxy on the other end because SSH does it for you.
Have you ever tried to SSH into one of your boxes, only to get dropped with a "Too many authentication failures" error? Here's how to fix it (it's a server side problem).
How to run FTP over an SSH tunnel to another server. It involves setting up a couple of port forwards and FTP in passive mode.
A remote login utility that is mobile aware, i.e., your link can drop (say, if you're on a cellphone) and come back up later, and your session will still be running. It's kind of like GNU Screen, actually. Also allows editing of lines prior to sending with the enter key. Adapts to network latency.
How to set up an Ubuntu machine to require Google Authenticator to SSH in.
A list of default usernames for Linux AMI's in Amazon's EC2.
Several different ways of configuring SSH on servers to use multiple authentication methods in succession for greater security.
An experimental ssh and telnet server daemon written in python, meant for developing things like a BBS, a MUD, or a MOO. Built on top of Miniboa, Blessed, SQLitedict, Paramiko, and web.py. web CURSES enabled. Supports ANSI art.
A quick and easy chat server written in golang that you access through ssh. It's pretty basic and straightforward, and might make a good easter egg.