Posts tagged ‘SSH’

I bought myself a new WiFi router. When in the shop, I specifically searched for a router that is supported by dd-wrt, and has (at least) 8MB of flash. I settled for the Linksys WRT320N: it has a dual band (switchable between 2.4GHz and 5GHz, not simultaneous) 802.11a/b/g/n radio, a 4 port GbE switch, and a WAN port. It houses a Broadcom BC4717 processor running at 354MHz, 8MB of flash and 32MB of RAM.

The default Linksys firmware is actually not bad, but dd-wrt just offers a ton more features: Multiple SSIDs, IPv6 support (including Sixxs tunneling), WAN volume monitoring, custom firewalling, traffic shaping, … So I decided to void my warranty and put my router on steroids! Mandatory note: this may very well turn your router in to a very expensive brick.

Continue reading ‘Converting a WRT320N to dd-wrt’ »

I usually don’t just repost other people’s posts, but this one really deserves some extra attention. It explains a very elegant way to hop using SSH.

Continue reading ‘Hopping from host to host with SSH, automatically’ »

SSH is a wonderful tool. It allows you to run commands on a remote host, either manually, or from scripts. Obviously, since it’s a remote connection, you must authenticate yourself to the remote host. There are several ways of doing this.

When using SSH in a script, most pages tell you to use public keys. While this is an excellent idea, it’s sometimes just not possible due to policy. This Expect script fakes a regular username-password login

#!/usr/bin/expect -f

set target [lindex $argv 0]
set password [lindex $argv 1]
set command [lindex $argv 2]

spawn ssh $target $command

match_max 100000
# Look for passwod prompt
expect “*?assword:*”
# Send password aka $password
send — “$password\r”
# send blank line (\r) to make sure we get back to gui
send — “\r”
expect eof

This script can be run like this:

./ssh-passwd.ex root@ password “ls /root”

ssh-to-puttyssh-to-puttyIn Windows you can register “url handlers”. These are programs that are run when you try to open a URL (via Start->Run for example). “http://” for example is registered to Internet Explorer by default. “telnet://” also works. This is especially useful in combination with the URL-field of KeePass. Double-clicking on this field tries to “open” the specified URL.

However, “ssh://” is not a standard registered protocol. I’d like Putty to handle this. Also, “telnet://” gets you the standard windows telnet client instead of putty. Putty can be called with command line arguments. Supplying the “telnet://” url as a parameter works, but “ssh://” does not.

Hence, I wrote a very small wrapper program to accept “ssh://” URL’s and convert them to Putty command line arguments:

  • Source code in C: ssh-to-putty.c
  • Compiled Windows executable: ssh-to-putty.exe (some virus-scanners seem to think this is a virus, exe is no longer available, please compile it yourself)
  • Registry commands to set putty as telnet-handler: putty telnet url handler.reg
  • Registry commands to set the wrapper as ssh-handler: putty ssh url handler.reg

Some notes:

  • The registry commands assume Putty and the wrapper are installed in C:\Progs\SSH. If this is not the case, you need to change the .reg-files accordingly
  • The wrapper-program assumes putty.exe to be in the same directory as itself

rsync is a very nice tool to synchronize two directories, especially if they are on different machines. If you require confidentiality of the transferred data, rsync works great over ssh.

Besides the standard password authentication, ssh also supports public key authentication. This key-based authentication has the added bonus of having per-key options:

  • you can restrict the source IP from which this key may be used
  • you can force a command to be executed instead of allowing the connecting side to specify one

Continue reading ‘Restricted rsync over ssh’ »

I’m a bit paranoid when it comes to security. For example, I don’t allow passwords to log into my computers via SSH but use RSA keys instead. Besides added security (there is no password to guess), it has a lot of other advantages as well. I normally run an ssh-agent (both on linux and Windows) which caches my credentials so I can log in without password.

On my desktop system, this was automatically secure against theft. Since the key is stored in RAM (or encrypted swap), it is flushed the moment the computer looses power. Since it was a desktop system, it’s fairly safe to assume that the power will be cut when someone steels my computer.

On my new MacBook Pro, things are a bit different: most of the time, my notebook is in standby and has an integrated UPS (its battery). So I was looking for something to get me the same security.

Continue reading ‘Securing SSH Agent on Mac OS X’ »

When configuring a bunch of devices (switches, routers or even computers), most of the configuration will be identical. The Konsole program of KDE has a nice feature which sends the keyboard input to all open tabs. By simply telnet-ing or ssh-ing into the devices and activating this feature, I can quickly configure them all at once.

At work, using my Windows laptop, I have been looking for a feature like this. After some googling I found PuttyCS. It’s a standalone application which emulates this behaviour: It sends emulated keypresses to all (or a subset of) open putty sessions.

Configuring 8 blade-switches with PuttyCS is a breeze: just open all the putty sessions and start typing in PuttyCS!