@krisleslie said in Linux Copy a Disk Over SSH with DD: @scottalanmiller can this be used while on XCP-NG host? Can be used on every non-Windows system.

@stacksofplates said in Termius cross platform sync: @scottalanmiller said in Termius cross platform sync: @stacksofplates said in Termius cross platform sync: @scottalanmiller said in Termius cross platform sync: @JaredBusch said in Termius cross platform sync: @stacksofplates said in Termius cross platform sync: @gjacobse said in Termius cross platform sync: @stacksofplates said in Termius cross platform sync: @IRJ said in Termius cross platform sync: Remina is great on Linux platforms, but the question for me is why is this a need? This seems like everyone could and should manage this independently. All you need is DNS name or IP to initiate a remote connection. In my opinion, it's better for IT team to know exactly where they are trying to go instead of clicking the wrong button or sending the wrong command Yeah I agree. I'm assuming it's for syncing credentials across devices. Which means you'd have to trust their cloud service with your system credentials. While yes, it would be nice to sync the entire session - connection and UserID / password. I'm more concerned with the connection itself. Yes, I can keep track of the addresses - but it gets to be a pain.. UserId / Passwords are different. I could care less - I mainly want the address; IP address or dns name.. I mean, honestly what's the difference between a word document/text file and the syncing at that point? Right. An besides, even Windows has native SSH now. So why use anything else anyway? Right, I've not used PuTTY in quite some time. Not that it isn't good, I just don't see the point of installing third party software that doesn't do anything any better than the built in tool that is always there and ready to go. And quite frankly, I find PowerShell's terminal to work far better for me. I can't stand PuTTY. I'm not sure why, I've just always hated it. I hate that it lacks a local shell and you have to launch the damn thing for every connection! Maybe that's what it is. Tunnelling is a pain, I just find it awkward. That, too. Other than doing a good job rendering fonts and being available back in an era when nothing else was, PuTTY really doesn't offer anything positive.

@JaredBusch said in Keep my ssh config file synchronized between two systems: @stacksofplates said in Keep my ssh config file synchronized between two systems: I use git for this type of stuff. I have all of my dotfiles stored in a git repo and synced between systems. I thought about that, but then it gets into git triggers and scheduled jobs. I just do it when I open my terminal. It auto downloads when a new window is opened.

@Pete-S said in sftp without ssh shell access?: Thanks guys. To summarize the link above, it's these lines in sshd_config that does the magic. Match User sftpuser ForceCommand internal-sftp <snip> The first line will tell sshd what user(s) the rest of the settings apply to. The second line tells it to go straight into sftp mode. So this will only apply to the users that match the rule above. Just make sure to test SSH after you do the changes ok a new session otherwise you might just have broken SSH access.

@stacksofplates said in Securing SSH: Another really good option is not letting them log directly into the systems at all and forcing them to use a config management tool. So something like Tower or a Jenkins server that logs all of the commands run and has the permissions set there. Right. Just like the best defense is a good offense (or vice versa?) The most secure port, is a closed port. Locking down SSH, no matter how good, isn't as good as completely closing it. Or using config management to only open it when necessary, is an "in between" step, too.

I've already used this guide again. LOL, boy this is handy.

@dafyre said in How to mount remote filesystem over ssh (both Windows & Linux): @black3dynamite said in How to mount remote filesystem over ssh (both Windows & Linux): @dafyre Installing sshfs and winfsp via choco is older than the ones from GitHub. If you installed them via choco do this to mount at the host root directory or other directories. https://github.com/billziss-gh/sshfs-win/issues/102 Host root directory \\sshfs\[email protected]\..\.. Specific directory like /var/www \\sshfs\[email protected]\..\..\var\www Thanks for the pointer. I did install using choco. I'm able to make it work now. Edit: Just to see if I can, I may go back and do straight installs. As I said above with the latest version I mount the root directory with \\sshfs.r\[email protected] However, if you want to mount another directory like /var/www you have to do: \\sshfs.r\[email protected]\var\www\ The trailing \ is very important! It just doesn't work without it if your path is more than one directory deep. You also need to use backslash and not the forward slash.

@black3dynamite said in Copy SSH public key to ssem behind a jump box: # From your host to your JUMPBOX # Not needed if your public key is already in placed cat ~/.ssh/id_ed25519.pub | ssh jump.domain.com 'umask 0077; mkdir -p .ssh; cat >> .ssh/authorized_keys' ssh-copy-id should do this

@Romo said in Does Windows 2016 Server have SSH?: @Pete-S start and type winver Awesome! Unfortunately it's a version 1607 build 14393.3243. So I can't install with powershell according to the article above.

@JaredBusch said in SSH Access to Windows 10 Pro Workstations: @DustinB3403 said in SSH Access to Windows 10 Pro Workstations: @scottalanmiller said in SSH Access to Windows 10 Pro Workstations: On Server, no issue. SSH the same as with Linux. SSH on Windows 10 is "single user" just like anything else on Windows 10. So then why would they have the statement about "usually to correct problems" as to me this would be a two person use. One who is using the desktop and the other administrator who is working on fixing an issue via ssh (presumably while the other user is using said system). I'm not bothering to reread anything, but MS has long allowed admin connections. Yes this has been a known fact for as long as i can remember... Admins are exempt for administrative purposes.

@scottalanmiller said in Why does some key combinations not work over ssh?: @Pete-S said in Why does some key combinations not work over ssh?: @scottalanmiller said in Why does some key combinations not work over ssh?: So the issue is that SSH uses the ASCII definitions for what can be passed, and things like Control-Shift aren't defined in the ASCII C0 control set. https://en.wikipedia.org/w/index.php?title=C0_and_C1_control_codes&oldid=869654887#C0_controls So they aren't passed because they aren't part of the character set of the protocol. So yes, it's SSH not passing it because it doesn't exist to SSH That's too bad. Do you have any link where it says that ssh uses these definitions? Maybe there is a way around it. Can't find one, not with OpenSSH. Tectia supports it, but is crap in general. If you search on it, everyone talks about the ASCII limits of SSH. You'll find SFTP / SCP have the ASCII / Binary option for connections because of the underlying ASCII protocol in use. Thanks, I'll dig around and see if I can find something. Otherwise I'll just have accept that it is what it is

@scottalanmiller said in Tracking Down Ubuntu BASH Session Closing: @matteo-nunziati said in Tracking Down Ubuntu BASH Session Closing: @scottalanmiller said in Tracking Down Ubuntu BASH Session Closing: If I use zsh, I'm good. If I enter BASH from zsh, I get kicked out after several seconds. Definitely is something to do with BASH. Stupid tryout: use bash and then enter zsh before being kicked out. Still out? To understand if it is the firing of bash itself or the stay in bash... No, the underlying bash remains until the ZSH closes. Same as if you were running top from it, for example. So basically bash is able to run long running jobs with your user... It's the interactivity with the shell to be broken... Meh. Sorry the thread is long, did you mention any test from zsh with: Bash <-- ok this kills the session Bash -i any difference??? Bash -l ??? bash --norc bash --noprofile From bashman page

@JaredBusch said in VPS injected ssh keys: Under no circumstances do I actually want anyone's key tied to the root user. It negates all accountability. It's for pre-production setup. Not for deploying straight to production.

So I set this up again on a new jump box today. SSH attempts did not log until I changed the mode to ddos

@black3dynamite said in Hats off cmder: @Emad-R said in Hats off cmder: notepad= notepad++ I preferred to use Visual Studio Code instead. It's just a steam and video machine. The one-liner quick installs with chocolatey as he likely does is best in that case. No need to get fancy.

Okay so figured it out with this guide. From Windows administrative Powershell ssh-keygen type C:\Users\<username>\.ssh\id_rsa.pub | ssh [email protected] 'cat >> .ssh/authorized_keys' Exit administrative Powershell Open Powershell ssh [email protected] Logged in.

@dafyre said in SSH-Copy-ID Being prompted for password: @DustinB3403 said in SSH-Copy-ID Being prompted for password: @dafyre said in SSH-Copy-ID Being prompted for password: What I've seen is that ssh-copy-id will request your password since the remote machine doesn' thave you ID. After entering your password, it transfers the id, and you should be good to go. Which password, the password for the local server that I'm running the copy from, the user password for that server? The user password for the remote server. That makes literally no sense, as it asks for the remote computer credentials after the 3rd Password prompt. . .

And it should be noted, that unlike SMB or NFS shares that would be generally frowned upon to use over the Internet, SFTP is heavily encrypted and very secure and is often used over public networks.

@IRJ said in Cannot SSH using public key: RSA key working on Nessus, too. Thanks @DustinB3403 for calming me down You're welcome.

@scottalanmiller I realise this is an old topic, but I've been fighting something similar all day. As it turns out, the implementation of PTY (and also TTY) has changed in recent versions of OpenSSH for windows. When the SSH session is built from within a script, the new OpenSSH implementation detects that the session is not setup from an interactive terminal, and therefore does not assign a PTY to the session, which results in the unability of the Get-Command command to send its output to STDOUT, hence the access denied error. Solution is (at least in the situation I am in) to use the -t (or even -tt) flag with the ssh command to set up the session

@IRJ said in How to screen record the session: @black3dynamite said in How to screen record the session: @IRJ said in How to screen record the session: @black3dynamite said in How to screen record the session: Using the script command can make typescript of terminal session. https://www.tecmint.com/record-and-replay-linux-terminal-session-commands-using-script/ https://noise.getoto.net/2016/06/14/how-to-record-ssh-sessions-established-through-a-bastion-host/ https://unix.stackexchange.com/questions/25639/how-to-automatically-record-all-your-terminal-sessions-with-script-utility#25725 User can easily delete though What about using something like chattr or SELinux to prevent deletion? https://serverfault.com/questions/448891/how-to-prevent-file-owner-from-changing-deleting-their-own-file-linux-centos Do you think using auditd would be better? https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/security_guide/sec-configuring_pam_for_auditing Looks a lot less complicating to use.

@FATeknollogee said in KVM host: refusing connection on ports 22 & 9090: Still looking for a fix!! Can you ping out from it? Is the gateway missing or wrong? Subnet missing or wrong?

@scottalanmiller said in Trading a VPN for an SSH Tunnel: @JasGot said in Trading a VPN for an SSH Tunnel: @scottalanmiller said in Trading a VPN for an SSH Tunnel: @JasGot said in Trading a VPN for an SSH Tunnel: Put a RouterBoardOS RB260GS at each house and use a free ddns service. $35each and yo're done. Or a Ubiquiti Edge Router Lite will work too, just more expensive. I use the Ubiquiti ERL for IPSec into my house from the office, my phone, and my laptop. Love it. All more work and more money than easy and free. Easy is relative. $70 for the two is only $10 more than he is currently paying for one year. Starting with month 15, it is free! Comparing to a bad decision is misleading. You have to throw money away today, and ignore better options, to them create the "savings" of spending money. That's a false decision matrix. The real comparison is against something free. That's the baseline to beat. Otherwise, nothing is costly compared to any contrived more expensive decision. Example: I want a laser light show for my house, I don't need it, I just want it. The free option is to not buy one. Buying one is normally $100. But I could find one that is $200 and then say that the $100 is "free" or even "saving me money." But this is false, it's still costing $100 no matter how many more expensive alternatives we find. It's like the 'sale' problem. The shirt was on sale for 50% off, I saved 50%!! No, you still bought a shirt you didn't need, money was lost versus the free baseline. The wife gets mad when I tell her you save 100% if you don't buy anything.

Good stuff.

@bbigford I'll second that

@black3dynamite said in Allowing Root Password Login via SSH to Dragonfly BSD: @scottalanmiller said in Allowing Root Password Login via SSH to Dragonfly BSD: Dragonfly is tough by default because unless you use something like Salt, you can't connect to it to get keys to it in the first place. You can curl keys to it, of course. But you need totally different processes than you would typically use with any other OS to get it set up. That means it's not even Ansible friendly. Pretty much agent-based tools like Puppet, Salt, etc... is the way to go. Yup, unless you have some way to push the Ansible key ahead of time, like in a curl. So back to the beginning there