Secure port forwarding with SSH

Posted on Tuesday, 1 Feb 2011 by franciscodavid

Sometimes, it’s desirable to connect to a remote machine running a specific service without enabling it for the whole Internet. This can be done with port forwarding.

Port forwarding allows you to bind a local IP socket to a remote one so that you can access to a service running in the remote machine as you would if it was running on your own computer.

SSH can handle that situation adding a secure layer. It can create an encrypted tunnel to connect the ports and all you need is to have an SSH server running anywhere on the network.

Continue reading

Posted in Code | Tagged , | Comments Off

How to configure pwsafe properly in Ubuntu Maverick Meerkat

Posted on Tuesday, 11 Jan 2011 by franciscodavid

pwsafe is a command line application that stores safely your passwords on an encrypted database located at your $HOMEDIR/.pwsafe.dat file. It also suggests random passwords for you to use, and it’s perfect to store all your passwords at home and retrieve them using an ssh connection to your personal machine if you need it.

When you install pwsafe on Ubuntu Maverick Meerkat, you need to do a couple of tweaks in order to use the application without these annoying warnings:

WARNING: pwsafe unable to seed rng from /home/pressure/.rnd
WARNING: pwsafe unable to use secure ram (need to be setuid root)

Continue reading

Posted in Code | Tagged , , , , , , , | Comments Off

Reaching services over HTTP with HTTPtunnel

Posted on Sunday, 21 Nov 2010 by franciscodavid

Having some ports closed is very common in public wireless networks. For example, when I’m at University I’m able to use only a small set of ports like 80 (HTTP) and 443 (HTTPS). Sometimes you need to connect to web servers listening on rare ports such as 8080. In this cases HTTPtunnel may be a good application to solve this problem.

HTTPtunnel consists of two small programs, a server called hts and its client htc. Imagine you need to reach your SSH home server, but you are not allowed to connect to services on port 22. However you may have access to services running on port 21, such as an FTP server, or port 80 like web servers.

Continue reading

Posted in Code | Tagged , , , , | Comments Off

Using SCP Port Knocking Remote Hosts

Posted on Tuesday, 3 Aug 2010 by franciscodavid

The scripts I posted to open SSH connections through port knocking are very useful to me. But when it comes to transferring files with SCP, port knocking is a nightmare. So I’ve done a similar bash function that automatically deals with the knocks before starting the scp command.

I’ve introduced a delay of 0.5 seconds between the knocks, because I noticed that sometimes the server was not responding to the knocks. The gist code available at GitHub for the pssh() bash function has also been updated with the delay.

Continue reading

Posted in Code | Tagged , | Comments Off

Port Knocking The Easy Way

Posted on Monday, 2 Aug 2010 by franciscodavid

I had implemented port knocking before with linux daemons and knocking clients but this requires installing software that is always running and consuming memory and processor resources. If you are using a Virtual Private Server –as I am–, you can’t afford to waste a single megabyte of memory. Therefore, you begin looking for creative alternatives that minimize the load on the server.

Some time ago, I found a curious implementation of port knocking using iptables. So, if you already have iptables installed on your (virtual) machine, you can get rid of an always-running daemon.

Continue reading

Posted in Code | Tagged , , | 1 Comment