@black3dynamite said in Copy SSH public key to ssem behind a jump box: # From your host to your JUMPBOX # Not needed if your public key is already in placed cat ~/.ssh/id_ed25519.pub | ssh jump.domain.com 'umask 0077; mkdir -p .ssh; cat >> .ssh/authorized_keys' ssh-copy-id should do this

@Romo said in Does Windows 2016 Server have SSH?: @Pete-S start and type winver Awesome! Unfortunately it's a version 1607 build 14393.3243. So I can't install with powershell according to the article above.

@JaredBusch said in SSH Access to Windows 10 Pro Workstations: @DustinB3403 said in SSH Access to Windows 10 Pro Workstations: @scottalanmiller said in SSH Access to Windows 10 Pro Workstations: On Server, no issue. SSH the same as with Linux. SSH on Windows 10 is "single user" just like anything else on Windows 10. So then why would they have the statement about "usually to correct problems" as to me this would be a two person use. One who is using the desktop and the other administrator who is working on fixing an issue via ssh (presumably while the other user is using said system). I'm not bothering to reread anything, but MS has long allowed admin connections. Yes this has been a known fact for as long as i can remember... Admins are exempt for administrative purposes.

@scottalanmiller said in Why does some key combinations not work over ssh?: @Pete-S said in Why does some key combinations not work over ssh?: @scottalanmiller said in Why does some key combinations not work over ssh?: So the issue is that SSH uses the ASCII definitions for what can be passed, and things like Control-Shift aren't defined in the ASCII C0 control set. https://en.wikipedia.org/w/index.php?title=C0_and_C1_control_codes&oldid=869654887#C0_controls So they aren't passed because they aren't part of the character set of the protocol. So yes, it's SSH not passing it because it doesn't exist to SSH That's too bad. Do you have any link where it says that ssh uses these definitions? Maybe there is a way around it. Can't find one, not with OpenSSH. Tectia supports it, but is crap in general. If you search on it, everyone talks about the ASCII limits of SSH. You'll find SFTP / SCP have the ASCII / Binary option for connections because of the underlying ASCII protocol in use. Thanks, I'll dig around and see if I can find something. Otherwise I'll just have accept that it is what it is

@scottalanmiller said in Tracking Down Ubuntu BASH Session Closing: @matteo-nunziati said in Tracking Down Ubuntu BASH Session Closing: @scottalanmiller said in Tracking Down Ubuntu BASH Session Closing: If I use zsh, I'm good. If I enter BASH from zsh, I get kicked out after several seconds. Definitely is something to do with BASH. Stupid tryout: use bash and then enter zsh before being kicked out. Still out? To understand if it is the firing of bash itself or the stay in bash... No, the underlying bash remains until the ZSH closes. Same as if you were running top from it, for example. So basically bash is able to run long running jobs with your user... It's the interactivity with the shell to be broken... Meh. Sorry the thread is long, did you mention any test from zsh with: Bash <-- ok this kills the session Bash -i any difference??? Bash -l ??? bash --norc bash --noprofile From bashman page

@JaredBusch said in VPS injected ssh keys: Under no circumstances do I actually want anyone's key tied to the root user. It negates all accountability. It's for pre-production setup. Not for deploying straight to production.

@JaredBusch said in SSH Hardening: [sshd] # To use more aggressive sshd modes set filter parameter "mode" in jail.local: # normal (default), ddos, extra or aggressive (combines all). # See "tests/files/logs/sshd" or "filter.d/sshd.conf" for usage example and details. #mode = normal Note, the commented out #mode = normal. If you change that to ddos, it will also cause fail2ban to log failed attempts to the disabled root account, and valid users with invalid, or no, key.

@black3dynamite said in Hats off cmder: @Emad-R said in Hats off cmder: notepad= notepad++ I preferred to use Visual Studio Code instead. It's just a steam and video machine. The one-liner quick installs with chocolatey as he likely does is best in that case. No need to get fancy.

Okay so figured it out with this guide. From Windows administrative Powershell ssh-keygen type C:\Users\<username>\.ssh\id_rsa.pub | ssh [email protected] 'cat >> .ssh/authorized_keys' Exit administrative Powershell Open Powershell ssh [email protected] Logged in.

@dafyre said in SSH-Copy-ID Being prompted for password: @DustinB3403 said in SSH-Copy-ID Being prompted for password: @dafyre said in SSH-Copy-ID Being prompted for password: What I've seen is that ssh-copy-id will request your password since the remote machine doesn' thave you ID. After entering your password, it transfers the id, and you should be good to go. Which password, the password for the local server that I'm running the copy from, the user password for that server? The user password for the remote server. That makes literally no sense, as it asks for the remote computer credentials after the 3rd Password prompt. . .

And it should be noted, that unlike SMB or NFS shares that would be generally frowned upon to use over the Internet, SFTP is heavily encrypted and very secure and is often used over public networks.

@IRJ said in Cannot SSH using public key: RSA key working on Nessus, too. Thanks @DustinB3403 for calming me down You're welcome.

@Obsolesce said in PowerShell: Running the Get-Command command in a remote session reported the following error: @scottalanmiller said in PowerShell: Running the Get-Command command in a remote session reported the following error: @JasGot said in PowerShell: Running the Get-Command command in a remote session reported the following error: and lastly, is WinRM running? or need to be restarted? Was running. But restarted just in case, but no change. Is it just one PC it's not working on? Does it work on others? Only one to run it on. I'll have to find another machine to test against. It exists only for that machine.

@IRJ said in How to screen record the session: @black3dynamite said in How to screen record the session: @IRJ said in How to screen record the session: @black3dynamite said in How to screen record the session: Using the script command can make typescript of terminal session. https://www.tecmint.com/record-and-replay-linux-terminal-session-commands-using-script/ https://noise.getoto.net/2016/06/14/how-to-record-ssh-sessions-established-through-a-bastion-host/ https://unix.stackexchange.com/questions/25639/how-to-automatically-record-all-your-terminal-sessions-with-script-utility#25725 User can easily delete though What about using something like chattr or SELinux to prevent deletion? https://serverfault.com/questions/448891/how-to-prevent-file-owner-from-changing-deleting-their-own-file-linux-centos Do you think using auditd would be better? https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/security_guide/sec-configuring_pam_for_auditing Looks a lot less complicating to use.

@FATeknollogee said in KVM host: refusing connection on ports 22 & 9090: Still looking for a fix!! Can you ping out from it? Is the gateway missing or wrong? Subnet missing or wrong?

@scottalanmiller said in Trading a VPN for an SSH Tunnel: @JasGot said in Trading a VPN for an SSH Tunnel: @scottalanmiller said in Trading a VPN for an SSH Tunnel: @JasGot said in Trading a VPN for an SSH Tunnel: Put a RouterBoardOS RB260GS at each house and use a free ddns service. $35each and yo're done. Or a Ubiquiti Edge Router Lite will work too, just more expensive. I use the Ubiquiti ERL for IPSec into my house from the office, my phone, and my laptop. Love it. All more work and more money than easy and free. Easy is relative. $70 for the two is only $10 more than he is currently paying for one year. Starting with month 15, it is free! Comparing to a bad decision is misleading. You have to throw money away today, and ignore better options, to them create the "savings" of spending money. That's a false decision matrix. The real comparison is against something free. That's the baseline to beat. Otherwise, nothing is costly compared to any contrived more expensive decision. Example: I want a laser light show for my house, I don't need it, I just want it. The free option is to not buy one. Buying one is normally $100. But I could find one that is $200 and then say that the $100 is "free" or even "saving me money." But this is false, it's still costing $100 no matter how many more expensive alternatives we find. It's like the 'sale' problem. The shirt was on sale for 50% off, I saved 50%!! No, you still bought a shirt you didn't need, money was lost versus the free baseline. The wife gets mad when I tell her you save 100% if you don't buy anything.

Good stuff.

@bbigford I'll second that

@black3dynamite said in Allowing Root Password Login via SSH to Dragonfly BSD: @scottalanmiller said in Allowing Root Password Login via SSH to Dragonfly BSD: Dragonfly is tough by default because unless you use something like Salt, you can't connect to it to get keys to it in the first place. You can curl keys to it, of course. But you need totally different processes than you would typically use with any other OS to get it set up. That means it's not even Ansible friendly. Pretty much agent-based tools like Puppet, Salt, etc... is the way to go. Yup, unless you have some way to push the Ansible key ahead of time, like in a curl. So back to the beginning there

@fateknollogee said in KVM host: Failed login attempts: My bad, my bad.... Last week I was doing some testing & I set a port forward on port 22 to this host. Ooops, I forgot to remove the rule. This is why I only allow RSA key based authentication. No root login, no password login. Disable all other methods.

@bigbear said in Windows 10 Now Includes SSH Client and Server Out of the Box: FireSSH Looks like FireSSH is not compatible with Firefox Quantum. https://addons.mozilla.org/en-US/firefox/addon/firessh/

All fixed. Did a full update, then had to modify the /root/.profile file from this line... mesg n || true To this line... tty -s && mesg n || true

And easy enough to resolve once I look. @EddieJennings you should have reminded me to look more earlier.. /etc/sudoers has it commented out. ## Allows people in group wheel to run all commands # %wheel ALL=(ALL) ALL ## Same thing without a password # %wheel ALL=(ALL) NOPASSWD: ALL

@scottalanmiller said in Out of Band Management - does it mean no keyboard at all: @JaredBusch said in Out of Band Management - does it mean no keyboard at all: @scottalanmiller said in Out of Band Management - does it mean no keyboard at all: @Carnival-Boy said in Out of Band Management - does it mean no keyboard at all: Well, I'm glad that's been cleared up. You can probably delete the thread now I don't even know what the original thread was! And that is why you have no concept of what you posted being completely wrong for the context of the thread. Honestly, it is pretty straight forward if you read the first post. https://mangolassi.it/topic/13595/out-of-band-management-does-it-mean-no-keyboard-at-all The first post also contains links back to the thread that @DustinB3403 pulled this from. I was responding the post quoted, though. Which was in the context of the entire thread. If you want to cherry pick something, then clearly, state as much. You did not.

@aidan_walsh said in Android OS: ConnectBot: @gjacobse IIRC thats an optional extra for creating an account to sync your auth details between devices. Yepp. And also, generating SSH keys, I'd imagine, but I may be off base on that. I have the paid version, and it's cheap, so I bought it since I use it so much.