ssh

Bookmarks for 8 Mar 2016 through 14 Mar 2016

These are my links for 8 Mar 2016 through 14 Mar 2016:

  • Zsoldier’s Tech Blog: Add Portgroups/VLANs to vmware standard switches via PowerCLI – Wrote a simple little script to insert a portgroup into a targeted vSwitch of all VM hosts in a targeted cluster. This is not an issue if you use distributed vSwitches.
  • siph0n – exploits : leaks : dumps : papers : hashes – Hello and welcome to "siph0n", we are a group of security enthusiasts that want to make people
    more aware of security risks and the risks behind compromised(stolen) data.
    By using this Site, you signify your assent to these Terms of Service if you do not agree to any of these conditions,
    do not use this website.
  • Hardening Framework – […] Server hardening is a well-known topic with many guides out in the wild. Why this project? At Deutsche Telekom we need to manage thousands of servers for customers and ourselves. All servers need to be configured properly and maintained, which is difficult and time-consuming to get right. To answer these needs for security, compliance, and maintainability, we decided to launch this project as a common ground for requirements and their fulfillment.[…]
  • Node-RED – Node-RED is a tool for wiring together hardware devices, APIs and online services in new and interesting ways.
  • zachlatta/sshtron: Play Tron over SSH – SSHTron is a multiplayer lightcycle game that runs through SSH

Bookmarks for 3 mar 2015 from 11:22 to 11:24

These are my links for 3 mar 2015 from 11:22 to 11:24:

  • Hackinsight.org – eyBox is a free, Web-based SSH Console – an open source application that can be used to manage multiple SSH sessions on multiple systems. It allows you to execute commands on multiple shells, manage keys, share terminal commands, and upload files to multiple systems simultaneously. It will generate a private/public key pair on initial startup, also you can define your own custom key if you like. Moreover, you can add additional system admins, and audit terminal history of them. 
  • skavanagh/KeyBox – KeyBox is a web-based SSH console that centrally manages administrative access to systems. KeyBox combines key management and administration through profiles assigned to defined users. Administrators can login using two-factor authentication with FreeOTP or Google Authenticator. From there they can manage their public SSH keys or connect to their systems through a web-shell. Commands can be shared across shells to make patching easier and eliminate redundant command execution. KeyBox layers TLS/SSL on top of SSH and can act as a bastion host for administration. Layering protocols for security is described in detail in "The Security Implications of SSH" whitepaper. SSH key management is enabled by default to prevent unmanaged public keys and enforce best practices.
  • ExQuilla – ExQuilla is an addon for Mozilla's Thunderbird email client that allows access to both messages and contacts stored on Exchange Server 2007, 2010, or 2013. ExQuilla uses EWS (Exchange Web Services) for access to the server. ExQuilla (beginning with release 24) will work with either Thunderbird 17.* or 24.* on Windows, Linux, and OSX platforms. Support for Thunderbird 31.* will be available soon, and at that point support for Thunderbird 17 will be dropped. ExQuilla is not free software, but is licensed on an annual basis. New users are granted a free 60 day trial license automatically. For further information on ExQuilla licensing, see the ExQuilla Licensing Overview page.

Bookmarks for 28 feb 2015 from 19:57 to 20:29

These are my links for 28 feb 2015 from 19:57 to 20:29:

  • MDwiki – Markdown based wiki done 100% on the client via javascript – MDwiki is a CMS/Wiki completely built in HTML5/Javascript and runs 100% on the client. No special software installation or server side processing is required. Just upload the mdwiki.html shipped with MDwiki into the same directory as your markdown files and you are good to go!
  • Step by Step Installation and Configuration of OpenLDAP as Proxy to Active Directory | haroonferoze – This guide describes how to install and configure OpenLDAP as proxy to Active Directory.
  • Integrate Active Directory and OpenLDAP | Networking content from Windows IT Pro – OpenLDAP’s proxy service can allow LDAP operations to cross the boundaries between AD and OpenLDAP deployments. To demonstrate this proxy service, we walk through the steps to make AD’s cn=Users container, which by default contains all user objects, part of an OpenLDAP directory. To produce the examples in this article, I used CentOS 4.3, OpenLDAP 2.2.13, and AD running on Windows Server 2003 R2. Later in the article, I’ll show you a limitation in the commonly deployed OpenLDAP 2.2, which you can solve by installing OpenLDAP 2.3 on CentOS 4.3.
  • Let’s Chat — Self-hosted chat for small teams – WHAT IS THIS THING? Some backstory. Way back in 2012, we didn't like any of the existing chat services out there. So we decided to write our own. Let's Chat is a persistent messaging application that runs on Node.js and MongoDB. It's designed to be easily deployable and fits well with small, intimate teams. It's free (MIT licensed) and ships with killer features such as LDAP/Kerberos authentication, a REST-like API and XMPP support. Let's Chat is a side-project of the development team at Security Compass. (A real life 10% time project!)

Bookmarks for 3 dic 2014 from 13:03 to 13:41

These are my links for 3 dic 2014 from 13:03 to 13:41:

  • git-flow cheatsheet – git-flow are a set of git extensions to provide high-level repository operations for Vincent Driessen's branching model. more This cheatsheet shows the basic usage and effect of git-flow operations
  • Voluntary – […] Our goal is to create open source software that promotes freedom of expression, privacy and the decentralization of power with an eye towards usability […] (Just for OSX at the moment)
  • A Visual Git Reference – This page gives brief, visual reference for the most common commands in git. Once you know a bit about how git works, this site may solidify your understanding.
  • SSH_VPN – Community Help Wiki – This page discusses using SSH to set up SSH-based point to point connections, which can then be used to create routes that create virtual private networks. Note that using SSH in this fashion is not the "best" way to create a permanent, stable VPN. Notably, SSH uses TCP, and TCP over TCP can provide abysmal performance under pathological conditions.
  • VPN over SSH – This how-to is intended to cover the details of how to establish a VPN (Virtual Private Network) over a SSH connection. Starting with open-ssh 4.3, you can now use a ssh connection to set up a VPN. This is technically termed "layer-3 IP-in-SSH tunnelling" and is not using ssh to port forward (ssh -L ) or create a dynamic "application level" forwarding (SOCKS) (ssh -D ). Rather a VPN is established using a SSH connection to create a virtual interface, tun0. Advantages : IMO, this technique is easier to set up then openvpn, especially if you are using a single client. Works with most Linux distributions without the need to install any additional software on the clients. The server only needs openssh-server. This protocol uses udp to transmit tunneled tcp connections resulting in a more stable connection compared with port forwarding (using ssh with the -L or -D options). Disadvantages : As of yet I do not know of a windows client which will use this protocol. If you are needing to set up a VPN with numerous clients I would use openvpn. Although there are several "how-to's" on the web, most of them assume you know something about networking and routing. This page attempts to explain some of the "missing details".

Bookmarks for 2 dic 2014 through 3 dic 2014

These are my links for 2 dic 2014 through 3 dic 2014:

  • VPN over SSH – ArchWiki – There are several ways to set up a Virtual Private Network through SSH. Note that, while this may be useful from time to time, it may not be a full replacement for a regular VPN.
  • Simplify Your Life With an SSH Config File · Nerderati – If you're anything like me, you probably log in and out of a half dozen remote servers (or these days, local virtual machines) on a daily basis. And if you're even more like me, you have trouble remembering all of the various usernames, remote addresses and command line options for things like specifying a non-standard connection port or forwarding local ports to the remote machine[…]
  • SSH Tips and Tricks | LUG@GT – This presentation is updated from “SSH Tips and Tricks given on Wed. Feb 28th, 2007

Bookmarks for 28 nov 2014 through 1 dic 2014

These are my links for 28 nov 2014 through 1 dic 2014:

  • SIAMO GEEK – Sperimentatori, entusiasti della tecnologia | Rigenerare le chiavi ssh – Quanto è vecchia la vostra chiave ssh? Rigenerare le chiavi ssh usate per collegarsi ai server è una rottura di scatole, ma potrebbe essere una rottura di molte unità di grandezza inferiore rispetto allo scoprire che una chiave ssh viene usata da mesi a nostra insaputa. Quanto sono corte/lunghe le chiavi ssh registrate nei file authorized-keys dei vostri server? Per fortuna a questa ultima domanda c’è una risposta veloce sotto forma di un pratico script shell.
  • Downloading Java RPM from wget | Giuseppe Paternò – This is a very basic post, but I consider it for myself rather for public consumption. I needed to download the Java RPM from the Oracle website from command line, as I’m connected to my systems from a low bandwidth site. I needed to find the cookies that Oracle website uses for “accepting” Oracle license to use properly wget from command line.
  • urlwatch – a tool for monitoring webpages for updates (thp.io) – This script is intended to help you watch URLs and get notified (via email or in your terminal) of any changes. The change notification will include the URL that has changed and a unified diff of what has changed. The script supports the use of a filtering hook function to strip trivially-varying elements of a webpage.
  • Gravit – unlock your design potential. – Meet Gravit – the cutting-edge design app that will take your creativity to new heights. Gravit offers the creative possibilities of a full-scale design suite – but in a snug app-sized package. Powerful yet easy-to-handle, Gravit has been custom designed from the ground up with an emphasis on versatility, fluidity and elegance – complex design tasks are made simple through its robust suite of tools and highly responsive smart work environment. Express yourself in a new way with Gravit – the new must-have tool for today’s pioneering design professionals! [ via http://www.lffl.org/2014/11/gravit-il-nuovo-software-di-disegno-vettoriale-open-per-linux-windows-e-mac.html ]

Bookmarks for 3 nov 2014 through 5 nov 2014

These are my links for 3 nov 2014 through 5 nov 2014:

  • Policy Daemon – Policyd is an anti-spam plugin for Postfix (written in C) that does Greylisting, Sender-(envelope, SASL or host / ip)-based throttling (on messages and/or volume per defined time unit), Recipient rate limiting, Spamtrap monitoring / blacklisting, HELO auto blacklisting and HELO randomization preventation.
  • DevStack – an OpenStack Community Production — documentation – A documented shell script to build complete OpenStack development environments. An OpenStack program maintained by the developer community. Setup a fresh supported Linux installation. Clone devstack from git.openstack.org. git clone https://git.openstack.org/openstack-dev/devstack Deploy your OpenStack Cloud cd devstack && ./stack.sh
  • vim modeline – Tips and Tricks – ph3nix.Net – Generally you either love or hate Vim.  It boils down to a matter of personal preference.  However love or hate you have to admit it is extremely powerful for a command line, text only file editor.  For those who love it – or just have to make use of it on a regular basis, the Vim modeline feature is a very useful and powerful way of customizing the visual and editing preferences as well as several other options on a file by file basis.
  • Development Foo – using vim and sshfs to propel development | New Goliath
  • Front-end engineering and so on: OpenSSL: Convert private key to PEM format for AWS ELB – You might get message "Error: Invalid Private Key" while configuring SSL on Elastic Load Balancer on Amazon Web Services (AWS). It means your private key isn't in PEM format. No worries, it easy to fix.

Bookmarks for 31 ott 2014 through 1 nov 2014

These are my links for 31 ott 2014 through 1 nov 2014:

  • check_jvm – Nagios Exchange – JvmInspector is standalone tool + Nagios wrapper plugin (check_jvm) that dumps various properties from locally running JVMs. This information includes: * Heap & non-heap memory * Running threads * Loaded classes * Running java version, paths & arguments * On App servers only: Container server name & total active sessions (tested & supported app servers are tomcat5+ and jboss4+) JvmInspector doesn't need local or remote JMX network socket. It directly attaches to JVM's PerfData, so it MUST be started with the same USERid as the target JVM!
  • Raspberry Pi VPN Gateway – Netflix finally arrived in Germany, but guess what? It's library is heavily limited in comparision to the US one and if you like TV series as much as I do, you don't want to wait until they eventually release it year(s) later for us german users. Maybe you've heard recently of Anonabox — a small device with two ethernet ports that you can plug in front of your router and everything behind the device is routed through Tor (side note: turned out to be a scam and got pulled from Kickstarter in the end). However, it made me come up with an idea: Instead of having a Tor-box, I want a VPN-box that is connected to my PrivateInternetAccess VPN. If I'm in need of a VPN connection I just switch the WiFi network and I'm good to go. This way I can easily watch US content from Netflix as well as unblock location restricted content like YouTube, even with my iPhone or Xbox[…]
  • My Tmux Setup on unwiredcouch.com – I've been using tmux as my main terminal multiplexer for about 3 years now and have refined my configuration over time to fit my daily workflow. Which is usually a mix of writing code, chef recipes, remote login into different servers and various shell tasks. This is a flexible setup that doesn't concentrate too much on doing a specific thing or replacing an IDE inside of tmux.

Bookmarks for 22 ott 2014 from 11:37 to 15:55

These are my links for 22 ott 2014 from 11:37 to 15:55:

  • S3QL – nikratio – S3QL is a file system that stores all its data online using storage services like Google Storage, Amazon S3, or OpenStack. S3QL effectively provides a hard disk of dynamic, infinite capacity that can be accessed from any computer with internet access running Linux, FreeBSD or OS-X. S3QL is a standard conforming, full featured UNIX file system that is conceptually indistinguishable from any local file system. Furthermore, S3QL has additional features like compression, encryption, data de-duplication, immutable trees and snapshotting which make it especially suitable for online backup and archival. S3QL is designed to favor simplicity and elegance over performance and feature-creep. Care has been taken to make the source code as readable and serviceable as possible. Solid error detection and error handling have been included from the very first line, and S3QL comes with extensive automated test cases for all its components.
  • Using Foreman, an Opensource Frontend for Puppet – – The recent vulnerability in bash, got me running to update bash. It’s easy when you have maybe one or two Linux servers, but what do you do if you have 100’s or even thousands or servers? You need to use a server configuration and management tool like puppet. However, instead of using the command line, I wanted a GUI tool where I could select the servers or server group and select an action. That is where I found Foreman, A opensource tool which not only handles configuration of your servers but also does provisioning. Foreman is easy to install, opensource, has community based support and a good deal of documentation.
  • Power Up Your Authentication with Open LDAP and Puppet | DataCentred – When you’re busy automating your infrastructure, a recurring theme that causes questions and problems is this: how do you reliably integrate your data (which changes all the time) into your configuration? As a hosting company, we find ourselves needing to tend to an ever-increasing number of devices: servers, switches, routers, hypervisors, you name it. A staple mechanism for centralised authentication is the use of an LDAP server to manage a directory of users and groups and to perform authentication of credentials and privileges on behalf of other devices on the network.
  • Enterprise/Authentication/KerberosServices – Ubuntu Wiki – This article explains a little bit about the Kerberos protocol and how it can be used in Ubuntu. It's not a thorough manual, use more authoritative sources to get more accurate information and update if you see obvious mistakes.

Bookmarks for 26 ago 2014 from 11:20 to 11:53

These are my links for 26 ago 2014 from 11:20 to 11:53:

  • claudioc/jingo – A git based wiki engine written for node.js, with a decent design, a search capability and a good typography.
  • fastmonkeys/stellar – Stellar allows you to quickly restore database when you are e.g. writing database migrations, switching branches or messing with SQL. PostgreSQL and MySQL are supported.
  • Sandstorm Apps – This page is for people who already have a Sandstorm instance set up. Use the buttons below to install apps.
  • Sandstorm – Sandstorm's server-side sandboxing is based on the same underlying Linux kernel features as LXC and Docker. We use the system calls directly for finer-grained control.
  • apenwarr/sshuttle – Transparent proxy server that works as a poor man's VPN. Forwards over ssh. Doesn't require admin. Works with Linux and MacOS. Supports DNS tunneling.