SSH Local Port Forwarding Made Easy

I’ve been using this for a while now, and have found it a great little trick for accessing services that are blocked due to a firewall.

It’s pretty simple, you just have a few parts to the command string.  The first command argument tells ssh to forward a local port (LP) to a remote machine Remote) on a remote port (RP).  The second part is something you’re probably familiar with, the destination that you’re connecting to (Destination).

An example with the abbreviations above would be:

ssh -L LP:Remote:RP Destination

Say for example, you ran the command “ssh -L myExternalServer”.  In order to access port 80 on you’d open up your web browser and point it to http://localhost:1234.  It’s as easy as that!

HowTo Restore Grub Boot Password In Ubuntu Dapper

A cardinal rule with computer security is that if you have physical access to a computer, you can pretty much do whatever your heart desires to it. Luckily, this includes removing the grub password from a linux box so that you can restore the root password…

Your best course of action in doing this is to download a bootable linux cd. The one that I tested this with is a worthwhile download even if you’re just reading this for fun.

Continue reading

Protecting Your Server From SSH Bruteforce Attacks and Portscans

First of all, this entry is not being entered in Drupal 4.7, I haven’t had the time to get that set up yet.

The other day I decided to take a look at my server logs, which is something that I should have been doing all along. I found out that more than one host has been brute force / dictionary scanning my ssh server. I decided that even though my passwords are strong, that I really didn’t want people to have the ability to do that. Fortunately for me there are some tools out there that work great for this very purpose. The one that I chose is called DenyHosts.

Basically how denyhosts works is it scans your security log (there are several options as to what distro type) for different strings, and if more than X number of failed access attempts occur the attacking host is added to your hosts.deny file.

Now, this functionality is found in a number of programs. The great thing about denyhosts is that (optionally) every hour your list is synchronized with a server so that you’re protection is increased greatly.

I used this tutorial to install it on my computer. The only change that I would make to it is to use denyhosts 2.4 instead of 2.0, which can be found at the denyHosts site.

I got started on security and I didn’t want to stop quite yet. I also set up a portscan detector that blocks hosts that portscan you with iptables. It’s called portsentry, and can be installed with apt using:
apt-get install portsentry.

I set up both of these utilities to email me immediately when an event occurs.

One note that I should add is that when I set up denyhosts for the first time it parsed through my existing security log and found that my current address had more than the threshold of incorrect passwords, so it blocked me from making a ssh connection to my server. To fix this just make sure that you check through your security log and make sure that you have less than the maximum amount of denied login attempts before you terminate the ssh connection.

As always, if you have any questions email me at howe -dot- jon -at- gmail -dot- com.

Jon Howe

How to Use the Tor Network for Application Anonymity

The Tor Network uses something called Onion Routing. Tor’s functionality is pretty simple. You run a daemon on a computer on your network (the tor client) and it connects to a server inside the tor network. Once your transmitted packets are inside the tor network they are routed through the different servers in a way so that no server knows the complete path that a packet takes. On top of this, all transmission inside the tor network is encrypted in order to prevent Man in the Middle Attacks.

The network is not easily accessed directly though. The easiest way to utilize tor as a functional service for your network is to use something called Privoxy. Privoxy acts as a middleman between tor and the computers on your network.

We’ll talk more about the configuration of these later, but first we need to install them.

I’m going to assume, as usual, that you’re Debian as your distribution.

Note: I had some problems getting tor to install properly with apt. In order to fix this I needed to add the following lines to my /etc/apt/sources.list file:

deb testing main non-free contrib

deb-src testing main non-free contrib

I also added the following lines to my /etc/apt/prefrences file to make it so that apt doesn’t try to get packages from the testing branch all of the time:

Package: *
Pin: release a=testing
Pin-Priority: 999

Stay tuned for a tutorial on how to use the previous process, which is called apt pinning.

Next we install Privoxy and Tor using the following command:
apt-get -t testing tor privoxy

Now add the following line to your /etc/privoxy/config:
forward-socks4a / localhost:9050 .

If you’re installing this on your own computer then you can leave this as it is. Otherwise change the listen-address from to the ip address that the interface that goes to the network uses. This line reads: listen-address in my config file.

Now just start the daemons:
/etc/init.d/tor start
/etc/init.d/privoxy start

All that’s left is configuring your applications to use the proxy. Every app has different methods of using a proxy, and some don’t even have a way to access a proxy. If you’re trying to run something like firefox anonymously, then just go to connection settings and change the Http Proxy and the Https Proxy to the IP address and the port that privoxy is running on. If you want to use something like Aol Instant Messenger you can use tor directly by going into the settings and changing the Socks 4 proxy to the IP address that tor is running on and the port number 9050.

After doing this all connections will be running through the anonymous tor network. If you have any questions feel free to leave me a comment, and I will answer.

Jon Howe