This is to gather the IP addresses and the USERNAME and PASSWORDS that were used in the attempts to login to my machines.


 # Run this every day at least in order to get all the entries.
 # Run this before the logrotate does its work on the log for the day/week/month...

# Since I am only looking at the recent listings, only look at todays based on the date timestamp
todays_date=date +%F
# Only read todays and loop each line in the string
grep -i $todays_date /home/kris/kippo-0.5/log/kippo.log | while read -r line; do

 # Only read the lines that contain login auths and IPs. All in one line in this case.
 if [[ echo $line | grep -i "login attempt" ]]; then
  # Cut out the different parts.
  inIP=echo $line | grep -i "login attempt" | cut -d '[' -f 2 | cut -d ',' -f 3 | cut -d ']' -f 1
  inUSER=echo $line | grep -i "login attempt" | cut -d '[' -f 3 | cut -d '/' -f 1
  inPASS=echo $line | grep -i "login attempt" | cut -d '[' -f 3 | cut -d '/' -f 2 | cut -d ']' -f 1

  # Throw it all in together for outputing to a log of my own.
  echo $output

  # IF we do not already have it in the log, append the info to it.
  if [ ! grep $output /root/kippo_ssh_auths.log ]; then
   echo "$inIP|$inUSER|$inPASS" >> /root/kippo_ssh_auths.log

 808 total views


In quite a few situations its preferred to have ssh keys dedicated for a service or a specific role. Eg. a key to use for home / fun stuff and another one to use for Work things, and another one for Version Control access etc. Creating the keys is simple, just use

ssh-keygen -t rsa -f ~/.ssh/ -C "Key for Word stuff"

Use different file names for each key. Lets assume that there are 2 keys, ~/.ssh/ and ~/.ssh/id_rsa.misc . The simple way of making sure each of the keys works all the time is to now create config file for ssh:

touch ~/.ssh/config
chmod 600 ~/.ssh/config
echo “IdentityFile ~/.ssh/” >> ~/.ssh/config
echo “IdentityFile ~/.ssh/id_rsa.misc” >> ~/.ssh/config

This would make sure that both the keys are always used whenever ssh makes a connection. However, ssh config lets you get down to a much finer level of control on keys and other per-connection setups. And I recommend, if you are able to, to use a key selection based on the Hostname. My ~/.ssh/config looks like this :

Host *.home.lan
  IdentityFile ~/.ssh/id_dsa.home
  User kbsingh

Host *.vpn
  IdentityFile ~/.ssh/
  User karanbir
  Port 44787

Host *
  IdentityFile ~/.ssh/id_rsa.d0
  User admin
  Port 21871

Ofcourse, if I am connecting to a remote host that does not match any of these selections, ssh will default back to checking for and using the ‘usual’ key, ~/.ssh/id_dsa or ~/.ssh/id_rsa

 803 total views


Step1:Installing Package

On Ubuntu/Debain

apt-get install sshfs

On Redhat/CentOS/Fedora

rpm -ivh fuse-sshfs-1.8-1.el5.rf.i386.rpm

Step2:Once the package is installed we have to create a mount point and mount our  server data using sshfs command, for which we require  user-name/password. Here are my details for this task.

My Username: root

My password: redhat

My Server:

My mount point: /mnt/ssh

Now create the mount point and mount SSH account data.

#mkdir /mnt/ssh #sshfs [email protected]:/ /mnt/ssh/ [email protected]'s password:

Step3:Testing our set-up

Check if you are able to see the SSH data

#cd /mnt/ssh


Sample output

bin   cdrom     data  etc   initrd.img      lib         media  opt   root  selinux  sys   tmp  var      vmlinuz.old
boot  cmdb-bkp  dev   home  initrd.img.old  lost+found  mnt    proc  sbin  srv      test  usr  vmlinuz

What about df -hs command output?

Sample output

Filesystem            Size  Used Avail Use% Mounted on
/dev/sda2              12G  8.4G  2.5G  78% /
/dev/sda6              80G   43G   34G  56% /var
/dev/sda5             2.0G   41M  1.8G   3% /home
/dev/sda1              99M   12M   83M  12% /boot
tmpfs                 506M     0  506M   0% /dev/shm
sshfs#[email protected]:/
 1000G     0 1000G   0% /mnt/ssh

Step4:So what about mounting it permanently?. We can do it by editing fstab file in /etc folder

#vi /etc/fstab

go to last line and type below line

sshfs#[email protected]:/ /mnt/ssh fuse defaults 0 0

Save the file and exit. Now run mount -a to update the fstab file state to kernel.

#mount -a

Let me explain what entry in fstab indicates. We are mentioning mount user root data which is located on server on to /mnt/ssh using fuse file system with default settings.

Step5:What about unmounting this drive?

#umount /mnt/ssh

Enjoy new learning of mounting a folder using SSH protocol.

 1,268 total views,  1 views today