@scottalanmiller said in Why does some key combinations not work over ssh?:

@Pete-S said in Why does some key combinations not work over ssh?:

@scottalanmiller said in Why does some key combinations not work over ssh?:

So the issue is that SSH uses the ASCII definitions for what can be passed, and things like Control-Shift aren't defined in the ASCII C0 control set.

https://en.wikipedia.org/w/index.php?title=C0_and_C1_control_codes&oldid=869654887#C0_controls

So they aren't passed because they aren't part of the character set of the protocol. So yes, it's SSH not passing it because it doesn't exist to SSH 😞

That's too bad.

Do you have any link where it says that ssh uses these definitions? Maybe there is a way around it.

Can't find one, not with OpenSSH. Tectia supports it, but is crap in general. If you search on it, everyone talks about the ASCII limits of SSH. You'll find SFTP / SCP have the ASCII / Binary option for connections because of the underlying ASCII protocol in use.

Thanks, I'll dig around and see if I can find something. Otherwise I'll just have accept that it is what it is 🙂

@scottalanmiller said in Tracking Down Ubuntu BASH Session Closing:

@matteo-nunziati said in Tracking Down Ubuntu BASH Session Closing:

@scottalanmiller said in Tracking Down Ubuntu BASH Session Closing:

If I use zsh, I'm good. If I enter BASH from zsh, I get kicked out after several seconds. Definitely is something to do with BASH.

Stupid tryout: use bash and then enter zsh before being kicked out. Still out?
To understand if it is the firing of bash itself or the stay in bash...

No, the underlying bash remains until the ZSH closes. Same as if you were running top from it, for example.

So basically bash is able to run long running jobs with your user...
It's the interactivity with the shell to be broken... Meh.

Sorry the thread is long, did you mention any test from zsh with:

Bash <-- ok this kills the session
Bash -i any difference???
Bash -l ???
bash --norc
bash --noprofile

From bashman page

@JaredBusch said in VPS injected ssh keys:

Under no circumstances do I actually want anyone's key tied to the root user. It negates all accountability.

It's for pre-production setup. Not for deploying straight to production.

So I set this up again on a new jump box today.

SSH attempts did not log until I changed the mode to ddos

@black3dynamite said in Hats off cmder:

@Emad-R said in Hats off cmder:

notepad= notepad++

I preferred to use Visual Studio Code instead.

It's just a steam and video machine. The one-liner quick installs with chocolatey as he likely does is best in that case. No need to get fancy.

Okay so figured it out with this guide.

From Windows administrative Powershell

ssh-keygen
type C:\Users\<username>\.ssh\id_rsa.pub | ssh user@linuxserver 'cat >> .ssh/authorized_keys'

Exit administrative Powershell

Open Powershell

ssh user@linuxserver

Logged in.

@dafyre said in SSH-Copy-ID Being prompted for password:

@DustinB3403 said in SSH-Copy-ID Being prompted for password:

@dafyre said in SSH-Copy-ID Being prompted for password:

What I've seen is that ssh-copy-id will request your password since the remote machine doesn' thave you ID. After entering your password, it transfers the id, and you should be good to go.

Which password, the password for the local server that I'm running the copy from, the user password for that server?

The user password for the remote server.

That makes literally no sense, as it asks for the remote computer credentials after the 3rd Password prompt. . .

And it should be noted, that unlike SMB or NFS shares that would be generally frowned upon to use over the Internet, SFTP is heavily encrypted and very secure and is often used over public networks.

@IRJ said in Cannot SSH using public key:

RSA key working on Nessus, too. Thanks @DustinB3403 for calming me down

You're welcome.

@scottalanmiller I realise this is an old topic, but I've been fighting something similar all day. As it turns out, the implementation of PTY (and also TTY) has changed in recent versions of OpenSSH for windows. When the SSH session is built from within a script, the new OpenSSH implementation detects that the session is not setup from an interactive terminal, and therefore does not assign a PTY to the session, which results in the unability of the Get-Command command to send its output to STDOUT, hence the access denied error. Solution is (at least in the situation I am in) to use the -t (or even -tt) flag with the ssh command to set up the session

@IRJ said in How to screen record the session:

@black3dynamite said in How to screen record the session:

@IRJ said in How to screen record the session:

@black3dynamite said in How to screen record the session:

Using the script command can make typescript of terminal session.

https://www.tecmint.com/record-and-replay-linux-terminal-session-commands-using-script/

https://noise.getoto.net/2016/06/14/how-to-record-ssh-sessions-established-through-a-bastion-host/

https://unix.stackexchange.com/questions/25639/how-to-automatically-record-all-your-terminal-sessions-with-script-utility#25725

User can easily delete though

What about using something like chattr or SELinux to prevent deletion?
https://serverfault.com/questions/448891/how-to-prevent-file-owner-from-changing-deleting-their-own-file-linux-centos

Do you think using auditd would be better?

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/security_guide/sec-configuring_pam_for_auditing

Looks a lot less complicating to use.

@FATeknollogee said in KVM host: refusing connection on ports 22 & 9090:

Still looking for a fix!!

Can you ping out from it? Is the gateway missing or wrong? Subnet missing or wrong?

@scottalanmiller said in Trading a VPN for an SSH Tunnel:

@JasGot said in Trading a VPN for an SSH Tunnel:

@scottalanmiller said in Trading a VPN for an SSH Tunnel:

@JasGot said in Trading a VPN for an SSH Tunnel:

Put a RouterBoardOS RB260GS at each house and use a free ddns service. $35each and yo're done.
Or a Ubiquiti Edge Router Lite will work too, just more expensive.
I use the Ubiquiti ERL for IPSec into my house from the office, my phone, and my laptop. Love it.

All more work and more money than easy and free.

Easy is relative. $70 for the two is only $10 more than he is currently paying for one year. Starting with month 15, it is free!

Comparing to a bad decision is misleading. You have to throw money away today, and ignore better options, to them create the "savings" of spending money. That's a false decision matrix.

The real comparison is against something free. That's the baseline to beat. Otherwise, nothing is costly compared to any contrived more expensive decision.

Example: I want a laser light show for my house, I don't need it, I just want it. The free option is to not buy one. Buying one is normally $100. But I could find one that is $200 and then say that the $100 is "free" or even "saving me money." But this is false, it's still costing $100 no matter how many more expensive alternatives we find.

It's like the 'sale' problem. The shirt was on sale for 50% off, I saved 50%!! No, you still bought a shirt you didn't need, money was lost versus the free baseline.

The wife gets mad when I tell her you save 100% if you don't buy anything.

Good stuff.

@bbigford I'll second that

@black3dynamite said in Allowing Root Password Login via SSH to Dragonfly BSD:

@scottalanmiller said in Allowing Root Password Login via SSH to Dragonfly BSD:

Dragonfly is tough by default because unless you use something like Salt, you can't connect to it to get keys to it in the first place. You can curl keys to it, of course. But you need totally different processes than you would typically use with any other OS to get it set up.

That means it's not even Ansible friendly. Pretty much agent-based tools like Puppet, Salt, etc... is the way to go.

Yup, unless you have some way to push the Ansible key ahead of time, like in a curl. So back to the beginning there 🙂

@fateknollogee said in KVM host: Failed login attempts:

My bad, my bad....
Last week I was doing some testing & I set a port forward on port 22 to this host.
Ooops, I forgot to remove the rule.

This is why I only allow RSA key based authentication. No root login, no password login. Disable all other methods.