Using SSH Client Natively in Windows 10

Have you ever wanted to use SSH to control your Linux server from Windows? You’ve most likely downloaded and launched third-party applications like PuTTY or KiTTY to get this functionality on your Windows computer. Thankfully, with the Windows 10 Fall Creators Update, you can now use a built-in SSH client directly within your Windows OS. Continue reading “Using SSH Client Natively in Windows 10”

Installing and using UFW on Ubuntu 16.04 LTS

On an Ubuntu server the default firewall management command is iptables. While iptables provides powerful functionality it’s syntax is often seen as complex. For most users a friendlier syntax can make managing your firewall much easier.

The uncomplicated firewall (UFW) is an alternative program to iptables for managing firewall rules. Most typical Ubuntu installations will include UFW by default. In cases where UFW isn’t included it’s just a quick command away! Continue reading “Installing and using UFW on Ubuntu 16.04 LTS”

Enable Root Login via SSH

By default SSH comes configured in a way that disables root user logins. This is done as a security precaution and means that you cannot directly login as the root user over SSH. However you can usually get around the need for root ssh login by using the sudo command. In some cases though it’s just more convenient to get directly logged in as root.

Continue reading “Enable Root Login via SSH”

What is SSH?

SSH, or secure shell, is a network protocol used for secure network communications and remote command execution. Common use cases for SSH include: controlling computers remotely and securing network services. A great example of securing other services is the SFTP protocol which uses SSH to securely connect to a server and FTP to transfer the files. Continue reading “What is SSH?”

How to enable EPEL repository?

The EPEL repository is an additional package repository that provides easy access to install packages for commonly used software. This repo was created because Fedora contributors wanted to use Fedora packages they maintain on RHEL and other compatible distributions.

To put it simply the goal of this repo was to provide greater ease of access to software on Enterprise Linux compatible distributions.

What’s an ‘EPEL repository’?

The EPEL repository is managed by the EPEL group, which is a Special Interest Group within the Fedora Project. The ‘EPEL’ part is an abbreviation that stands for Extra Packages for Enterprise Linux. The EPEL group creates, maintains and manages a high quality set of additional packages. These packages may be software not included in the core repository, or sometimes updates which haven’t been provided yet.
Continue reading “How to enable EPEL repository?”

Protecting Against CVE-2016-0777 and CVE-2016-0778

Overview

A flaw in OpenSSH, discovered and reported by Qualys on Jan. 14, 2016, could potentially allow an information leak (CVE-2016-0777) or buffer overflow (CVE-2016-0778) via the OpenSSH client. Specifically, an undocumented feature called roaming, introduced in OpenSSH version 5.4, can be exploited to expose a client’s private SSH key.

Impact

The roaming feature, which allows clients to reconnect to the server automatically should the connection drop (on servers supporting the feature), can be exploited in the default configuration of OpenSSH clients from versions 5.4 through 7.1p1, but is not supported in the default configuration of the OpenSSH server.

All versions of OpenSSH clients from 5.4 through 7.1p1 are affected for anyone who connects via SSH on the following operating systems:

  • Linux
  • FreeBSD
  • Mac OS X
  • Windows when using OpenSSH for Windows

The following are not affected:

  • OpenSSH servers in default configuration
  • Windows users utilizing PuTTY to connect
  • Connections not authenticated via an SSH key

Summary

A connection made from an affected client to a compromised or malicious server which uses an SSH key for authentication potentially could expose all or part of the user’s private SSH key.

If the key utilized to authenticate the connection is encrypted, only the encrypted private key could be exposed. However, a malicious party could attempt to brute-force the password offline after obtaining the encrypted key.

Is Your SSH Client Vulnerable?

You can check the version of your SSH client by running the following command:

ssh -V

That will produce output similar to:

workstation$ $ ssh -V
OpenSSH_7.1p2, OpenSSL 1.0.2e 3 Dec 2015

If the version is below 7.1p2, the SSH client is affected.

Resolution

  1. Update your OpenSSL client: Check for any updates to your SSH client and apply them immediately.
  2. Patch older clients: If an update is not yet available for your operating system, you may disable the roaming feature on affected clients by adding the line “UseRoaming no” to your ssh configuration file. You can do so directly or via one of the methods below:
    • On Linux, you can run the following command to add the necessary line:echo 'UseRoaming no' | sudo tee --append /etc/ssh/ssh_config

      And restart ssh.

    • On a Mac running OS X, you can run the command:echo "UseRoaming no" >> ~/.ssh/config

      You will need to close any active SSH sessions or log out and log back in to ensure the change has taken effect.

  3. Change existing SSH keys: If you’re using keys to authenticate SSH connections, you should generate new keys as soon as possible. You can find instructions for generating a key and uploading it to your server at: Using SSH Keys. Please note: If you currently are using the same key to connect to multiple servers, you may wish to consider using unique keys in the future in light of the potential scope of this vulnerability. You also should ensure you are using a strong passphrase for any key you generate.

 

How to Install Git on Ubuntu 15.04

Introduction

Git is an open source, distributed version control system (VCS). It’s commonly used for source code management (SCM), with sites like GitHub offering a social coding experience, and popular projects such as Perl, Ruby on Rails, and the Linux kernel using it.

Pre-Flight Check

  • These instructions are intended for installing Git on Ubuntu 15.04.
  • I’ll be working from a Liquid Web Core Managed Ubuntu 15.04 server, and I’ll be logged in as root.

Continue reading “How to Install Git on Ubuntu 15.04”

How to Install and Configure Git on Fedora 22

Introduction

Git is a widely adopted, distributed version control system (VCS) and open source. It’s commonly used for source code management (SCM), with sites like GitHub offering a social coding experience, and popular projects such as Perl, Ruby on Rails, and the Linux kernel using it.

Pre-Flight Check

  • These instructions are intended for installing Git on Fedora 22.
  • I’ll be working from a Liquid Web Self Managed Fedora 22 server, and I’ll be logged in as root.

Continue reading “How to Install and Configure Git on Fedora 22”

How to Securely Transfer Files via rsync and SSH on Linux

Pre-Flight Check

  • These instructions are intended specifically for transferring files between servers via rsync and SSH on Linux.
  • I’ll be working from a Liquid Web Core Managed CentOS 7 server, and I’ll be logged in as root.

Continue reading “How to Securely Transfer Files via rsync and SSH on Linux”

How to Configure a VNC Server to Use an SSH Tunnel on Ubuntu 14.04 LTS

VNC is short for ‘Virtual Network Computing’. It’s a simple method for sharing a graphical desktop environment. For example, if you install VNC on your hosted server, you could connect to its graphical desktop environment remotely.

Pre-Flight Check

Continue reading “How to Configure a VNC Server to Use an SSH Tunnel on Ubuntu 14.04 LTS”