@stacksofplates said in SSH Hardening: @JaredBusch said in SSH Hardening: @stacksofplates said in SSH Hardening: Here was a topic I had posted a while back Good post, but total overkill to me. What is the point of the connection from an IT point of view if not to manage the system? Yet your hardening restricts any administration except at the local console. I log in to systems via SSH in order to reboot them, or update WTF ever application they are running. Tasks that your security will stop. That was just a jump box. It was a way to get in to other stuff to do the admin. It is overkill for you just had ideas if you wanted them. Definitely a good post with good ideas.

@black3dynamite said in Hats off cmder: @Emad-R said in Hats off cmder: notepad= notepad++ I preferred to use Visual Studio Code instead. It's just a steam and video machine. The one-liner quick installs with chocolatey as he likely does is best in that case. No need to get fancy.

Okay so figured it out with this guide. From Windows administrative Powershell ssh-keygen type C:\Users\<username>\.ssh\id_rsa.pub | ssh [email protected] 'cat >> .ssh/authorized_keys' Exit administrative Powershell Open Powershell ssh [email protected] Logged in.

@dafyre said in SSH-Copy-ID Being prompted for password: @DustinB3403 said in SSH-Copy-ID Being prompted for password: @dafyre said in SSH-Copy-ID Being prompted for password: What I've seen is that ssh-copy-id will request your password since the remote machine doesn' thave you ID. After entering your password, it transfers the id, and you should be good to go. Which password, the password for the local server that I'm running the copy from, the user password for that server? The user password for the remote server. That makes literally no sense, as it asks for the remote computer credentials after the 3rd Password prompt. . .

And it should be noted, that unlike SMB or NFS shares that would be generally frowned upon to use over the Internet, SFTP is heavily encrypted and very secure and is often used over public networks.

@IRJ said in Cannot SSH using public key: RSA key working on Nessus, too. Thanks @DustinB3403 for calming me down You're welcome.

@Obsolesce said in PowerShell: Running the Get-Command command in a remote session reported the following error: @scottalanmiller said in PowerShell: Running the Get-Command command in a remote session reported the following error: @JasGot said in PowerShell: Running the Get-Command command in a remote session reported the following error: and lastly, is WinRM running? or need to be restarted? Was running. But restarted just in case, but no change. Is it just one PC it's not working on? Does it work on others? Only one to run it on. I'll have to find another machine to test against. It exists only for that machine.

@IRJ said in How to screen record the session: @black3dynamite said in How to screen record the session: @IRJ said in How to screen record the session: @black3dynamite said in How to screen record the session: Using the script command can make typescript of terminal session. https://www.tecmint.com/record-and-replay-linux-terminal-session-commands-using-script/ https://noise.getoto.net/2016/06/14/how-to-record-ssh-sessions-established-through-a-bastion-host/ https://unix.stackexchange.com/questions/25639/how-to-automatically-record-all-your-terminal-sessions-with-script-utility#25725 User can easily delete though What about using something like chattr or SELinux to prevent deletion? https://serverfault.com/questions/448891/how-to-prevent-file-owner-from-changing-deleting-their-own-file-linux-centos Do you think using auditd would be better? https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/security_guide/sec-configuring_pam_for_auditing Looks a lot less complicating to use.

@FATeknollogee said in KVM host: refusing connection on ports 22 & 9090: Still looking for a fix!! Can you ping out from it? Is the gateway missing or wrong? Subnet missing or wrong?

@scottalanmiller said in Trading a VPN for an SSH Tunnel: @JasGot said in Trading a VPN for an SSH Tunnel: @scottalanmiller said in Trading a VPN for an SSH Tunnel: @JasGot said in Trading a VPN for an SSH Tunnel: Put a RouterBoardOS RB260GS at each house and use a free ddns service. $35each and yo're done. Or a Ubiquiti Edge Router Lite will work too, just more expensive. I use the Ubiquiti ERL for IPSec into my house from the office, my phone, and my laptop. Love it. All more work and more money than easy and free. Easy is relative. $70 for the two is only $10 more than he is currently paying for one year. Starting with month 15, it is free! Comparing to a bad decision is misleading. You have to throw money away today, and ignore better options, to them create the "savings" of spending money. That's a false decision matrix. The real comparison is against something free. That's the baseline to beat. Otherwise, nothing is costly compared to any contrived more expensive decision. Example: I want a laser light show for my house, I don't need it, I just want it. The free option is to not buy one. Buying one is normally $100. But I could find one that is $200 and then say that the $100 is "free" or even "saving me money." But this is false, it's still costing $100 no matter how many more expensive alternatives we find. It's like the 'sale' problem. The shirt was on sale for 50% off, I saved 50%!! No, you still bought a shirt you didn't need, money was lost versus the free baseline. The wife gets mad when I tell her you save 100% if you don't buy anything.

Good stuff.

@bbigford I'll second that

@black3dynamite said in Allowing Root Password Login via SSH to Dragonfly BSD: @scottalanmiller said in Allowing Root Password Login via SSH to Dragonfly BSD: Dragonfly is tough by default because unless you use something like Salt, you can't connect to it to get keys to it in the first place. You can curl keys to it, of course. But you need totally different processes than you would typically use with any other OS to get it set up. That means it's not even Ansible friendly. Pretty much agent-based tools like Puppet, Salt, etc... is the way to go. Yup, unless you have some way to push the Ansible key ahead of time, like in a curl. So back to the beginning there

@fateknollogee said in KVM host: Failed login attempts: My bad, my bad.... Last week I was doing some testing & I set a port forward on port 22 to this host. Ooops, I forgot to remove the rule. This is why I only allow RSA key based authentication. No root login, no password login. Disable all other methods.

@bigbear said in Windows 10 Now Includes SSH Client and Server Out of the Box: FireSSH Looks like FireSSH is not compatible with Firefox Quantum. https://addons.mozilla.org/en-US/firefox/addon/firessh/

All fixed. Did a full update, then had to modify the /root/.profile file from this line... mesg n || true To this line... tty -s && mesg n || true

And easy enough to resolve once I look. @EddieJennings you should have reminded me to look more earlier.. /etc/sudoers has it commented out. ## Allows people in group wheel to run all commands # %wheel ALL=(ALL) ALL ## Same thing without a password # %wheel ALL=(ALL) NOPASSWD: ALL

@scottalanmiller said in Out of Band Management - does it mean no keyboard at all: @JaredBusch said in Out of Band Management - does it mean no keyboard at all: @scottalanmiller said in Out of Band Management - does it mean no keyboard at all: @Carnival-Boy said in Out of Band Management - does it mean no keyboard at all: Well, I'm glad that's been cleared up. You can probably delete the thread now I don't even know what the original thread was! And that is why you have no concept of what you posted being completely wrong for the context of the thread. Honestly, it is pretty straight forward if you read the first post. https://mangolassi.it/topic/13595/out-of-band-management-does-it-mean-no-keyboard-at-all The first post also contains links back to the thread that @DustinB3403 pulled this from. I was responding the post quoted, though. Which was in the context of the entire thread. If you want to cherry pick something, then clearly, state as much. You did not.

@aidan_walsh said in Android OS: ConnectBot: @gjacobse IIRC thats an optional extra for creating an account to sync your auth details between devices. Yepp. And also, generating SSH keys, I'd imagine, but I may be off base on that. I have the paid version, and it's cheap, so I bought it since I use it so much.

@fuznutz04 said in Call recording backups - CentOS to Windows: @DustinB3403 Perfect. Thank you. Exactly the route I was about to go down. Works really easily.

I see new, greater, horizons of automation happening here.

@emad-r said in What is the Best SFTP Server for Windows: AV = ESET is better I've had the misfortune of dealing with ESET and I can tell you, I don't agree with you in the least. We won't even let ESET in the shop, we literally don't trust the company. And it's reliability was terrible compared to Defender. Worst I've ever dealt with.

Remmina is a great tool. I've had excellent luck with it.