[types field=”intro”]

[types field=”notes”]

Hak 1113 – Persistent SSH tunnels for Windows and Linux, Local vs Remote forwards and more

9 Comments

  • Hans-J. Schmid
    Reply

    Snubsie is especially doing great in this episode. I love when she is becoming enthusiastic about little things.

  • Everett Vinzant
    Reply

    I enjoyed the article about SSH persistence in Windows. I liked the app being portable. You mentioned a possible security issue. The password is stored salted in a local file. Is there a way to get a pineapple to rotate keys after x mins of disconnection? Example of why this might solve the problem:

    I’m using programs on a thumb drive plugged in to Windows. I’m careless and turn around long enough for a friend to snag my dongle (is that legal in this country). He plugs it into his computer and copies the files over. He plugs the dongle (there’s that word again) back in to my computer. However, since the program crashed (because I was running it from the drive) it doesn’t rebuild the SSH tunnel. I show up while he starts brute forcing my passwords. I’ve set pineapple to rotate to the next key automatically because of the length of the failure (I have the key elsewhere, and know what one will be next). He spends his time hacking something that won’t work (I’ve rotated my key), and I’m already reconnected to the pineapple.

    What do you think? Effective security? Maybe it would even be a cooler idea to key hop? Set a series of keys that rotate at every X time so that even brute forcing in the middle won’t work? Just some thoughts.

  • Ashara
    Reply

    Hi Darren & Shannon

    I really love your shows in regards to Proxies, SSH tunnels,Remote forwards, file shares oh my!!. Sharron I’ve learned so much and hope to see more solutions on SSHFS without (expandrive) for windows. Me love free ^_^ & portable solutions too ^_^.

    Darren would you mind looking into if there is a way to work in SSH Key Auth along with Google 2step verification and add this in to one of your up and coming segments? It would be so sweet to run this along side the key base authentication.

    Here are a few links I found:
    https://sites.google.com/site/seppsbrainoverload/it-security/2-step-verification-in-ssh

    http://www.mnxsolutions.com/security/two-factor-ssh-with-google-authenticator.html

    Keep up the great work.
    Thank you both so much look forward to seeing your next show ^_^.

  • Hans-J. Schmid
    Reply

    How can we download the song “SSH into your heart”? Would love to listen to it in the morning going to work.

  • Neo42
    Reply

    Finally got the forwarding to work, but now here’s a twist. Can a local port be forwarded to a host on a different network? Say the source box for the remote forward has 2 network interfaces: eth0 is 1.2.3.4 on the internet and eth1 is 10.0.0.2 on a private lan. Can I do something like this…

    From 1.2.3.4:

    ssh -L 4040:localhost:80 user@10.0.0.2 -g

    Connection comes in on 1.2.3.4:4040 and is theoretically relayed to 10.0.0.2:80 allowing anyone on my subnet to access the webserver on the 10.0.0.2 box. Will this work? If not, is there a way to get there?

  • Pingback: Hak 1115 – Encryption 101 | Welcome To My Mind

  • BDIZ
    Reply

    What is the deal with the recent episodes of Hak5? They have become Darren pretty much conducting the episodes like a boring college lecture. It’s just him writing on the table with markers and Shannon saying “Ooooh Oookkk”. You would think the host of a Tech show would be teaching the audience… not one host boring the audience while teaching the other host! Used to be a big fan…..
    AND GET OFF THE SSH ALREADY!

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>