Linux

Tunneling ports with SSH

Using -L on the command line with SSh will bind a remote port to a local one. For instance, if you wanted to tunnel the port for a remote desktop (usually 5901) to a local machine, you would type the following ssh -L 5901:localhost:5901 remote_ip You could then access your remote desktop by connecting your […]

Read More
Scripting

Transfer directories between computers using SSH and tar

When I need to transfer lots of files or directories between computers, I usually use tar and ssh together. Last time I used it however, I realized that perhaps not everyone knows how to do this. The procedure is very simple, and a full command could look something like this: tar -cf – directory/ | […]

Read More
Linux

SSH Dictionary Attack Prevention with iptables

It is ideal to slow down the SSH dictionary attack when the infested host started to brute force the SSH authentication. There are many scripts/user-land daemons that perform monitoring and blocking. I prefer to use something that has less demand in memory/CPU usage. IPTables module provides a kernel level solution with little overhead.

Read More
Linux

Monitoring /var/log/secure for break-in attempts

date >> ssh-intruders.log ; cat /var/log/secure | grep -i “sshd.*authentication failure” | sort | awk ‘{FS=”rhost=”; print $2}’ | awk ‘{FS=”user=”; print $1}’ | grep “.*\..*\.” | grep -v “knownhost.com” | grep -v “knownhost2.com” | sort | uniq | while read i; do counter=`grep -i “$i” /var/log/secure | wc -l` ; echo “$counter attempts by […]

Read More