SSH through TOR automatically

Standard
connect.c
connect.c
connect.c
89.0 KiB
229 Downloads
Details...

A user may wish to use SSH with Tor for any number of reasons. To do this, download and install connect.c (above) and then add this line to your SSH configuration:

Terminal
localhost:~ $ nano ~/.ssh/config

Compression yes # this compresses the SSH traffic to make it less slow over tor

ProxyCommand connect -5 -R remote -S localhost:9050 %h %p

After this has been added to the SSH configuration, a user can simply ssh myserver to be routed through Tor to the hidden service (or clearnet server). This can also be done with proxychains, but the ProxyCommand directive is a permament solution.

 

640 total views, 2 views today

More Trickiness With SSH

Standard

http://nick.zoic.org/art/etc/ssh_tricks/

 

More Trickiness With SSH

I saw an article on reddit about SSH trickery. SSH is a very subversive protocol, able to work around many kinds of unwise security policies. Here’s a couple more useful things to know.

1. Better Lurking Through .ssh/config-ery.

Where you’ve got machines lurking behind other machines, inaccesible from the Internet, you can add a clause like this to your .ssh/config file:

Host: lurker
ProxyCommand: ssh gateway.work /bin/nc %h %p
This causes ‘ssh lurker’ to open an ssh connection to gateway.work, then use nc (may be called netcat on your system, or you may have to install it yourself) to connect on to lurker (the %h %p interpolates the target hostname and port into the proxy command)

2. Reverse Tunnelling

So you’ve noticed the -L option, right, and you understand that by running:

ssh -L 3128:localhost:3128 gateway.home
you are establishing a tunnel home to your proxy server, and you can now configure your web browser to use localhost:3128 as its proxy server to keep your web traffic private.

But did you know this one? Let’s say you’ve got a machine stuck out in DMZ land and you want to apt-get upgrade the poor thing, pronto. You can’t access the web from this box: security policy. You can’t access your internal proxy: ditto. All you can do is ssh into it. Try this:

ssh -R 3128:proxy.work:3128 dmzbox.work
From your shell on dmzbox, you can now configure the http proxy as localhost:3128 and start sucking down packages via the reverse tunnel.

3. Tunnel Tunnelling

Every now and then, you need to get control of a box which is sadly hidden away behind a broken hotel NAT network or some kind of Get Smart style VPN setup. You can’t even get an ssh in. It’s either read Unix commands over an international phone line at 3am your time, or train a pigeon to tap out the following:

ssh -L 2222:localhost:22 gateway.work
which, when run on the remote box, opens an ssh tunnel back home, through which you can ssh back into the remote box with ssh -p 2222 localhost

4. ssh tunnels with tap and -w

There’s also a (newish) “-w” option, which turns ssh into a full-on VPN solution rather than just a port-at-a-time port forwarder.

The useful piece of information which I haven’t seen elsewhere is this: you don’t need to allow root ssh logins to use it. Instead, you can use ‘tunctl’ to preconfigure tun or tap devices on each end with the -u option to set their permissions to a non-root user. The easiest place to do this, on Debian/Ubuntu systems, is in /etc/network/interfaces, for example, in host1:/etc/network/interfaces:

auto tap9
iface tap9 inet static
pre-up tunctl -u nick -t $IFACE
post-down tunctl -d $IFACE
address 10.1.9.1
netmask 255.255.255.0
and in host2:/etc/network/interfaces:

auto tap9
iface tap9 inet static
pre-up tunctl -u nick -t $IFACE
post-down tunctl -d $IFACE
address 10.1.9.2
netmask 255.255.255.0
Now you can ‘ifup’ those interfaces, and then start the VPN by running:

user@host2$  ssh -o Tunnel=Ethernet -w9:9 host1
And the tunnel will be up and running, without needing to create the tunnel as root. You could easily take this one further for an automatic tunnel, setting

 

© 2009-2011 Nick Moore. Published at: http://nick.zoic.org/art/etc/ssh_tricks/

652 total views, 1 views today

Copying a website from localhost to a remote host – Joomla! Documentation

Standard

http://docs.joomla.org/How_do_you_copy_a_site_from_localhost_to_a_remote_host%3F

Copying a website from localhost to a remote host
(Redirected from How do you copy a site from localhost to a remote host?)
When you are first trying out Joomla!, it is often recommended that you install it on your local system. (e.g., “localhost”), for example with XAMPP, and get your site running locally. Eventually you may want to copy this site to your remote host. Fortunately, this is easy to do.
This article assumes you have installed Joomla! 1.5 on your local computer, you have created a website and you now wish to copy this website to your remote host.
Here are the steps:
Contents  [hide]
1 Create a Place on Your Remote Host to Install Joomla!
2 Copy Files and Directories of Your Local Joomla Directory to the Remote Host
2.1 Upload all Files by FTP
2.2 Upload a Compressed File
3 Copy the Contents of Your Local MySQL Database to the Host MySQL Database
4 Configure the Site. Edit the configuration.php File
5 Using Akeeba backup to move a site
Create a Place on Your Remote Host to Install Joomla!

If this is a new site, it will just be your home directory. If you have an existing site, for example www.domain.com, that you wish to keep while you work with Joomla!, you may be able to create a subdomain, for example, www.domain.com/subdirectory to hold your Joomla! site.
Copy Files and Directories of Your Local Joomla Directory to the Remote Host

You have two methods:
Upload all files by FTP or
Upload only a compressed file by FTP
Upload all Files by FTP
Normally, the easiest way to copy these files is using an FTP client program, such as Filezilla.
Select all files from directory localhost (with XAMPP, the directory will be xampp/www/directory) and upload to the remote host HTML directory for a domain, or to the remote host HTML subdirectory.
Select Dir Host and Upload to remote host or subdirectory remote host
Dir LocalHost Upload to Html Root Or Upload Sub. Html Root

Upload a Compressed File
Copying a large number of individual files using FTP can sometimes be unreliable. If you have command-line access to the both source and destination systems you can create a compressed archive file containing all the files on the source system, then transfer that single file to the destination system where it can be decompressed.
Creating an archive file
On Unix-style systems (eg. Linux) you can use the gzip program to create .zip files, or the tar program to create .tar.gz or .tar.bz2 files. For detailed instructions type man gzip or man tar at the command line. For example,
tar cvfz joomlabackup.tar.gz /path-to-joomla
will create a gzip-compressed archive file, called joomlabackup.tar.gz, containing all the files in your Joomla! installation. Important note! You need to make sure you are NOT in the folder you are trying to backup when you run the tar command or you will create an endless loop.
Extracting an archive file
Having copied the archive file to the destination system, you now need to unpack it. Use the equivalent command that you used to create the archive file. For example, to unpack the archive file created in the example above, enter
cd /path-to-joomla
tar xvfz joomlabackup.tar.gz
If the user or group IDs are not the same between the source and destination systems, then you will need to amend the ownership of the files you just extracted. For example, on an Apache system, you might need to enter the command
cd /path-to-joomla
chown -R www-group.www-user *
Copy the Contents of Your Local MySQL Database to the Host MySQL Database

In Joomla!, all the contents of the site (articles, menus, users, and so on) are stored in the MySql database. You need to copy this information to the host database. This is done by creating an export file on your local system and then importing this file into your host MySQL database, as follows:
Open phpMyAdmin on your local system by navigating to it’s URL with your browser. On your local system, this URL will normally be “//localhost/phpmyadmin”. Note: If you have a password on your database, you will be prompted for it.
The phpMyAdmin screen will display as shown below. Select the Export link.

Select the database you want to export in the upper right-hand list. In the example below, the database “joomla15” is selected. Keep all of the default options, including “SQL” as the export type.

Check the “Save as file” box at the bottom of the screen, and enter the name of the export file, as shown below. .

Press the “Go” button in the lower right corner. An Open / Save / Cancel dialog will display. Press Save and select a folder to save the file in. The export will complete and the file will be saved in the chosen location.
Open up the phpMyAdmin on the host server.
Select the Import tab
Click the Browse button under “File to import”, then select the database file from your computer
Click Go to import the database
At this point you have installed the database.
If you want to create a database copy, you can use also the MYSQL command line method. Usually you run mysqldump to create a database copy:
$ mysqldump -u user -p db-name > db-name.out
Copy db-name.out file using sftp/ssh to remote MySQL server:
$ scp db-name.out user@remote.box.com:/backup
Restore database at remote server (login over ssh):
$ mysql -u user -p db-name < db-name.out Configure the Site. Edit the configuration.php File Manually edit "configuration.php" to tell Joomla! about your site. The file configuration.php contains settings specific to your system. This file was created for you when you installed Joomla! on your localhost. The settings in the configuration.php file that you typically need to change are shown below. This example is from a Windows XP localhost system. var $log_path = 'C:\\xampp\\htdocs\\joomla15\\logs'; var $tmp_path = 'C:\\xampp\\htdocs\\joomla15\\tmp'; var $live_site = ''; var $host = 'localhost'; var $user = 'root'; var $db = 'your_local_db_name'; var $password = 'your_local_db_password'; Now, at you remote host system, the settings in the configuration.php file that you typically need to change are shown below var $log_path = '/var/www/vhost/domain.com/home/html/logs'; var $tmp_path = '/var/www/vhost/domain.com/home/html/tmp'; var $live_site = ''; var $host = 'name your remote host'; var $user = 'your_user_db_name'; var $db = 'your_db_name'; var $password = 'your_db_password'; If you uploaded Joomla! files to a subdirectory, remember that you are working on subdirectory, and the settings that you need, will be, var $log_path = '/var/www/vhost/domain.com/subdirectory/html/logs'; var $tmp_path = '/var/www/vhost/domain.com/subdirectory/html/tmp'; var $live_site = ''; var $host = 'name your remote host'; var $user = 'your_user_db_name'; var $db = 'your_db_name'; var $password = 'your_db_password'; At this point, your Joomla! Website on your host should be operational with the same information as your localhost site. If you installed it on a subdirectory, navigate to that subdirectory to see or administer the site. http://www.domain.com/subdirectory (for navigatation to the site) http://www.domain.com/subdirectory/administrator (login to the Joomla admin area with your user and password that your had at your localhost installed) and if you installed it on root directory to see the site http://www.domain.com/ (for navigatation to the site) http://www.domain.com/administrator (login to admin area) Using Akeeba backup to move a site Akeeba Backup produces a .jpa file The .jpa file contains all the folders/files and database files. The .jpa file also contains an installer Kickstart.php (from Akeeba) unpacks the .jpa file You then run the installer and install your site like a Joomla install. The installer has an option to change the configuration for restoring to a different location After you create the Database for your Joomla download and install Akeeba, it can be download from Joomla extension directory. There is a link to full instructions there as well. Categories: TutorialsInstallation Log in / create accountPageDiscussionReadView sourceView history Main Page Recent changes Current events Random page Browse categories Help Joomla! Sites Main Community Forum Extensions Shop Developers API Toolbox This page was last modified on 1 September 2012, at 14:34. Content is available under Joomla! EDL. Privacy policyAbout Joomla! DocumentationDisclaimers

634 total views, no views today

Poor man’s VPN with SSH | Setting up an SSH tunnel with PuTTY

Standard

Article #1 From: http://fnord.no/sysadmin/security/vpn-with-ssh
Article #2 From: http://realprogrammers.com/how_to/set_up_an_ssh_tunnel_with_putty.html


Poor man’s VPN with SSH

SSH has port forwarding, dynamic forwarding, and now also IP forwarding. This allows you to create connections out through a firewall, and allow other connections in and out through your SSH-connection, originating at your SSH server. Read on for a few examples of use, and make sure you have the blessing of your security team.

Local forwarding

With local forwarding, you open a local port, and forward it to another host and port from the remote server.

Often used with forwarding to single webservers, proxies, Citrix ICA servers, VNC servers, and Windows Remote Desktop (RDP).

Example with local forwarding

Connect to a server at work, forwarding a connection from port 10080 on my laptop to important.server.example.org.

I can then open my browser to http://localhost:10080, and do my stuff. Some web applications, though, can be tricky enough to expect a hostname, and for that you need to edit /etc/hosts or equivalent, or you can read on for dynamic forwarding.

Remote forwarding

With remote forwarding, you open a listening port on the remote side, and forward it to another host and port from the local server.

Example with remote forwarding

One useful scenario is to help family members who have PC trouble. For instance: Mom has a problem, calls me, and wonders if I can help, and then clicks an icon on her desktop that does the following thing:

  • Starts Remote Desktop or VNC
  • Connects to my SSH server, with remote forwarding from <vncport1> on the SSH server, to localhost:<vncport1> on her PC.

What I do, is:

  • Connect to my SSH server, with local forwarding from <vncport1> on my laptop, to <vncport1> on the SSH server, which again connects through the remote forwarding to localhost:<vncport1> on mom’s PC.
  • Start a VNC client, and connect to my localhost:5801 on my laptop. This port is now connected through my ssh session, to mom’s ssh session, to her PC.

Dynamic forwarding with SOCKS

OpenSSH’s client has the ability to do dynamic forwarding to act as a local SOCKS server, both for SOCS4 and SOCS5.

Many programs have built-in SOCKS support, so if you enable this, and configure it to use localhost:<socksport> as a SOCKS proxy.

For programs with no built-in SOCKS support, you can use “tsocks”, to intercept networking calls, and work through the SOCKS server.

Example with dynamic forwarding

Then I configure Firefox, for instance, to use the SOCKS server at localhost port 1080, and all my web connections will go through the SSH connection, and appear to be initiated from myserver.example.com. Much easier than with local forwarding, and works great for remote administration of things from home where you use different hostnames and ports, and perhaps also unroutable IP addresses.

IP forwarding with TUN

Now we’re talking. This is the real thing, we get IP forwarding through a point-to-point interface. This exists only in newer versions of OpenSSH, and is not very well documented yet. Unfortunately, this also includes this document until I have more time to research further.

Example with IP forwarding

Where ‘0’ is the local device tun0, and ‘1’ refers to the remote device tun1. On each side, one needs to set an IP address for host-to-host contact, and add routing and perhaps also NAT for network access.

Beware, as careless use of IP forwarding between sites may have a serious impact on network security, and may make others very angry if used without permission.


realprogrammers.com

Setting up an SSH tunnel with PuTTY

What follow is how to set up as SSH tunnel using PuTTY with the MySQL port (3306) forwarded as an example. After completing this how-to you’ll have port 3306 on your local machine listening and forwarding to your remote server’s localhost on port 3306. Thus effectively you can connect to the remote server’s MySQL database as though it were running on your local box.

Prerequisites

This how-to assumes your MySQL installation has enabled listening to a TCP/IP connection. Only listening on 127.0.0.1 is required (and the default as of MySQL 4.1). Although beyond the scope of this how-to, you can verify the server’s listening by using

on the server. Look for

and

in your

. Also, a trouble-shooting guide.

To achieve the same with PostgreSQL simply use PostgreSQL’s default port, 5432.

to test;

and the manual as pointers for configuration.

Set up the tunnel

Create a session in PuTTY and then select the Tunnels tab in the SSH section. In the Source port text box enter 3306. This is the port PuTTY will listen on on your local machine. It can be any standard Windows-permitted port. In the Destination field immediately below Source port enter 127.0.0.1:3306. This means, from the server, forward the connection to IP 127.0.0.1 port 3306. MySQL by default listens on port 3306 and we’re connecting directly back to the server itself, i.e. 127.0.0.1. Another common scenario is to connect with PuTTY to an outward-facing firewall and then your Destination might be the private IP address of the database server.

Putty Tunnel

Add the tunnel

Click the Add button and the screen should look like this,

Putty Tunnel Added

Save the session

Unfortunately PuTTY does not provide a handy ubiquitous Save button on all tabs so you have to return to the Session tab and click Save,

Putty Session

Open the session

Click Open (or press Enter), login, and enjoy!

Here for reference is an example connection using MySQL Adminstrator going to localhost: note the Server Host address of 127.0.0.1 which will be transparently forwarded.

Mysql Administrator Login

2,052 total views, no views today