Tag: ssh

Use the keyboard on a remote machine over SSH?

22 April 201822 April 2018 Fabien bash, Linux Leave a comment

If you use a Linux box to display some infos in a public space , you might not have the possibility to connect a mouse and keyboard every time you need to click on the page.

For example, at work we use a TV to display some metrics with grafana,
Sometime, when we reboot the machine , the identification cookie will be outdated and the browser will land on the authentication page instead.
Since the machine has no keyboard and mousse attached this cause some issues , .
So I’ve used the tool xdotool that allow a privileged ssh user or a script to interact with the mouse and keyboard

An important step is to select the screen on witch you want to send mouses clicks and keystrokes.

export DISPLAY=:0
xxxxxxxxxx
 
export DISPLAY=:0

After that lets say your screen is displaying a full-screen browser with a login page ,
By default the cursor is already in the login form.

for the example , the login/password are going to be admin/admin

#for typing the login
xdotool key a && xdotool key d && xdotool key m && xdotool key i && xdotool key n

#to advance to the password form
xdotool key Tab

#for typing admin again in the password prompt.
xdotool key a && xdotool key d && xdotool key m && xdotool key i && xdotool key n

#then tab gain to go the login button , and push Enter to send the form

xdotool key Tab && xdotool key KP_Enter
xxxxxxxxxx
 
#for typing the login
xdotool key a && xdotool key d && xdotool key m && xdotool key i && xdotool key n
#to advance to the password form
xdotool key Tab
#for typing admin again in the password prompt.
xdotool key a && xdotool key d && xdotool key m && xdotool key i && xdotool key n
#then tab gain to go the login button , and push Enter to send the form
xdotool key Tab && xdotool key KP_Enter

you are now logged and you dashboard will display

UNPROTECTED PRIVATE KEY FILE fix

20 May 201720 May 2017 Fabien Linux Leave a comment

If you try to connect using a key system on ssh instead of a classic password login, you might encounter this error message.

$ ssh -i ~/.ssh/id_rsa.pub root@host.com
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0664 for 'id_rsa.pub' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key: id_rsa.pub
root@host.com's password:
xxxxxxxxxx
 
$ ssh -i ~/.ssh/id_rsa.pub root@host.com
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0664 for 'id_rsa.pub' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key: id_rsa.pub
root@host.com's password:

this message tells you that because other users can read the content of the key , shh refuse to use it to try authentification on you host ssh.

to fix that problem you should change the permissions on you file so that only you can read it

the 3 numbers in the chmod command are like this
the First is for you
the second is for your group .
and the last is for other users.

If you want to limit the access of others to you ssh key
you could do a

chmod 600  ~/.ss/id_rsa
xxxxxxxxxx
 
chmod 600  ~/.ss/id_rsa

after this command , you can relaunch you ssh command , and you should connect without providing a password.

Change the default SSH port on your linux server

16 February 201715 March 2017 Fabien Linux

If you run a linux server with with a ssh service on the TCP port 22 , you are likely to get bombarded by automated login attempt by hundreds and hundreds of bots
You can look at the file getting created by launching

tail -f /var/log/auth.log | grep Failed

the first thing you can do to stop that is to change the default port user by the SSH service on you linux server

for this you just have to edit the config file : /etc/ssh/sshd_config

Find the following lines

# What ports, IPs and protocols we listen for
Port 22

And put the new port on which you would like to run your OpenSSH server.

After this little change restart the ssh service with the command

service ssh restart

You should see that the numerous and constant attacks sould instantly stop.

Security by obscurity is still security.

Contourner les restrictions d’accès internet imposées par votre patron

26 October 20096 June 2014 Fabien Geek 3 Comments

Dans beaucoup de moyennes et de grandes entreprises les employeurs se préoccupent de plus en plus du temps passé sur internet par leurs employés. afin de minimiser la perte de temps de travail l’administrateur réseau . plusieurs solutions qui peuvent ètre :

Empécher les employés d’installer des programmes sur les ordinateurs avec des comptes d’utilisateurs restreins. Cela n’empèche pas d’accéder au net , mais cela limite l’installation de jeux vidéo et de programmes de messagerie instantanée.
l’utilisation d’un firewall ou d’un serveur proxy qui limite l’accés à internet , toutes les communications internet passent par un ordinateur , c’est donc l’emplacement idéal pour surveiller et restreindre l’accés a internet de tous les employés de la société. votre administrateur réseau peut facilement avoir la liste de tous les sites que vous avez consultés , lire vos mails etc…
installer un programme directement sur le poste de travail qui surveille les agissements de l’employé. (une technique peu fiable car il suffit de fermer le programme via le gestionnaire de tàches de windows)
Read More