SSH multiplexing is the ability to carry multiple SSH sessions over a single TCP connection. One of the main advantages of this is that the overhead of creating new TCP connections and negotiating the secure connection is eliminated once your first connection has been established.
Enable SSH multiplexing:
vim ~/.ssh/config
Host * ControlPath /tmp/%r@%h:%p ControlMaster auto ControlPersist 30m
An introduction to Ncat.
0:00 Intro and Installation
0:39 Connecting to a port
1:57 Listening for connections
3:14 Transferring a file
4:39 Piping Ncat into other tools
5:12 Using dd with Ncat
7:05 Using SSL encryption
9:11 Passing a remote shell
10:35 Where to learn more
11:04 Outro
---------------------------------------------
Follow me:
SecureRandom on YouTube -
https://www.youtube.com/channel/UCZuW...
SecureRandom on LBRY / Odysee -
https://odysee.com/@SecureRandom:1
In this video I describe the differences between zram and zswap, their use cases, and how to set them up.
----------------------------------------------------
zram commands:
sudo vim /etc/modules-load.d/zram.conf
zram
sudo vim /etc/modprobe.d/zram.conf
options zram num_devices=1
sudo vim /etc/udev/rules.d/99-zram.rules
KERNEL=="zram0", ATTR{disksize}="512M",TAG+="systemd"
sudo vim /etc/systemd/system/zram.service
[Unit]
Description=Swap with zram
After=multi-user.target
[Service]
Type=oneshot
RemainAfterExit=true
ExecStartPre=/sbin/mkswap /dev/zram0
ExecStart=/sbin/swapon -p 5 /dev/zram0
ExecStop=/sbin/swapoff /dev/zram0
[Install]
WantedBy=multi-user.target
sudo systemctl enable zram
----------------------------------------------------
zswap commands:
Check if zswap is enabled / supported
cat /sys/module/zswap/parameters/enabled
sudo vim /etc/default/grub
Add “zswap.enabled=1” to the line that starts with “GRUB_CMDLINE_LINUX”
In this video we configure a Yubikey 5 NFC to work with sudo authentication.
-----------------------------------------------------------
**Commands used in this video**
Step 1:
$ sudo apt-get install libpam-u2f pamu2fcfg
Step 2:
$ pamu2fcfg -u `whoami` -opam://`hostname` -ipam://`hostname`
Copy output into "/etc/u2f_mappings"
Step 3:
$ sudo nano /etc/pam.d/sudo
Fallback mode for PAM - replace $HOSTNAME with the hostname of your computer
auth sufficient pam_u2f.so origin=pam://$HOSTNAME appid=pam://$HOSTNAME authfile=/etc/u2f_mappings cue
Require both Yubikey and password to authenticate - replace $HOSTNAME with the hostname of your computer
auth required pam_u2f.so origin=pam://$HOSTNAME appid=pam://$HOSTNAME authfile=/etc/u2f_mappings cue
To require authentication everytime sudo is ran:
$ sudo visudo
Defaults env_reset,timestamp_timeout=0
-----------------------------------------------------------
Follow me:
SecureRandom on YouTube -
https://www.youtube.com/channel/UCZuW...
SecureRandom on LBRY / Odysee -
https://odysee.com/@SecureRandom:1
In this video we go over how to create and manage swap files on Linux.
---------------------------------------------------------------------------------------------
Get information on your swap file:
swapon --show
Create the swap file:
sudo dd if=/dev/zero of=/swapfile bs=1M count=1024
sudo chmod 600 /swapfile
sudo mkswap /swapfile
sudo swapon /swapfile
/etc/fstab setup:
/swapfile none swap sw 0 0
Change swap file priority:
/swapfile none swap sw,pri=10 0 0
sudo swapon -p 10 /swapfile
---------------------------------------------------------------------------------------------
Follow me:
SecureRandom on YouTube -
https://www.youtube.com/channel/UCZuW...
SecureRandom on LBRY / Odysee -
https://odysee.com/@SecureRandom:1
The sysctl command is a tool for managing kernel parameters at runtime. Sysctl is implemented in procfs, the virtual file system located at /proc/.
In this video we go over how to manage the proc file system using the sysctl command and its associated configuration files in /etc/sysctl.d/
Follow me:
SecureRandom on YouTube - https://www.youtube.com/channel/UCZuWRiLNv1HJHcOWLyJRbWQ
SecureRandom on LBRY / Odysee - https://odysee.com/@SecureRandom:1
SSH is the main protocol used by administrators to manger Linux servers. In this video we go over simple steps you can take to lock it down and secure SSHD.
SecureRandom on YouTube - https://www.youtube.com/channel/UCZuWRiLNv1HJHcOWLyJRbWQ
SecureRandom on LBRY / Odysee - https://odysee.com/@SecureRandom:1
In this video we set up SSH to use a FIDO / FIDO2 USB authenticator – namely a Yubikey 4.
--------------------------------------------------------------------------------
NSA Backdoor:
https://www.wired.com/2013/09/nsa-backdoor/
--------------------------------------------------------------------------------
Commands used in this video:
Create a key pair
$ ssh-keygen t ecdask -f /path/to/keypair
Copy the ssh key to the server
$ ssh-copy-id -i /path/to/public-key @
Check firmware version of Yubikey
$ lsusb -v 2>/dev/null | grep -A2 Yubico | grep "bcdDevice" | awk '{print $2}'
--------------------------------------------------------------------------------
Follow me:
SecureRandom on YouTube -
https://www.youtube.com/channel/UCZuW...
SecureRandom on LBRY / Odysee -
https://odysee.com/@SecureRandom:1
SSH public key authentication is a robust and more secure alternative to
logging in with an account password or passphrase. It also allows you to easily
automate tasks that require an SHH connection to the server.
In this video we go over how to a SSH key pair, copy it to the server, then
disable password authentication - followed up by a quick tip to on how to
simplify future connections to your server.
In this video we go over how to use SSH dynamic port forwarding in Linux.
--------------------------------------------------------------------------------
Local port forwarding example:
$ ssh -L 9001:localhost:443 jumpbox
Dynamic port forwarding example:
$ ssh -D 9002 jumpbox
--------------------------------------------------------------------------------
Follow me:
SecureRandom on YouTube -
https://www.youtube.com/channel/UCZuW...
SecureRandom on LBRY / Odysee -
https://odysee.com/@SecureRandom:1