Archive
Using SSH keys for Password-less Logins and Transparent Multi-hop SSH
http://sshmenu.sourceforge.net/articles/key-setup.html
http://sshmenu.sourceforge.net/articles/transparent-mulithop.html
SSH SOCKS Tunnel Web Browsing
http://www.damtp.cam.ac.uk/user/jp107/xp-remote/web-tunnel/
http://askubuntu.com/questions/112177/how-do-i-tunnel-and-browse-the-server-webpage-on-my-laptop
https://www.bitvise.com/ssh-web-browsing
A new VPS host to look at
https://www.linode.com/pricing
Important way to confirure Firefox to tunnel all DNS queries
https://www.bitvise.com/ssh-web-browsing
ssh -D 8080 -C -N username@example.com
-N Do not execute a remote command. This is useful for just for- warding ports (protocol version 2 only).
-C Requests compression of all data (including stdin, stdout, stderr, and data for forwarded X11 and TCP connections). The compression algorithm is the same used by gzip(1), and the "level" can be controlled by the CompressionLevel option for pro- tocol version 1. Compression is desirable on modem lines and other slow connections, but will only slow down things on fast networks. The default value can be set on a host-by-host basis in the configuration files; see the Compression option.
Create Debian 7 OpenVPN Client NAT Gateway Router to Local Network
SSH to OpenVPN Access Server
Create PAM user
Log in to OpenVPN Access Server web Admin interface.
Add user
Log out of Access Sever Admin interface.
Log in directly to main Access Server web interface (not Admin) as new user – select Login (not Connect)
Download and install Windows Client.
Download Autologin profile. * Make note as this file will be used below.
Verify connectivity from Windows Client.
PuTTY SSH to Debian Client. – Note using PuTTY as clipboard paste will be used below.
Enable IPv4 forwarding
sudo nano /etc/sysctl.conf
Uncomment the line
# net.ipv4.ip_forward=1
Run the following command to make the change effective without a reboot.
sudo sysctl -w net.ipv4.ip_forward=1
Add iptables rules for NAT to work
sudo nano /etc/rc.local
Make sure the following two lines appear before the exit 0 line in the file.
/sbin/iptables -P FORWARD ACCEPT
/sbin/iptables –table nat -A POSTROUTING -o eth0 -j MASQUERADE
To make these iptables rules active without rebooting, run the following commands:
sudo iptables -P FORWARD ACCEPT
sudo iptables –table nat -A POSTROUTING -o eth0 -j MASQUERADE
Install OpenVPN
sudo apt-get install openvpn
Edit Autologin user profile in Wordpad. Note is is important to use Wordpad as it correctly handles the Unix/Windows character translations. Select all text and copy to clipboard.
sudo nano /etc/openvpn/client.conf
Paste from clipboard via PuTTY. Save.
Configure OpenVPN to start on boot
sudo nano /etc/default/openvpn
Add line
AUTOSTART=”client”
Note you do not add .conf extension, but the file itself must have .conf
Start OpenVPN client
cd /etc/openvpn/
sudo openvpn client.conf
Log into Access Server and verify connection
Reboot
Verify auto start
Ping the VPN server
To access VPN server from local subnet, configure a static route on local lan to client vpn gateway
To access other VPN client gateways, configure a static route on the local LAN to the client VPN gateway. Note, the VPN server will automatically push the required routes to the client for routing to other client gateways.
Create Ubuntu 14.04 LTS (PV) OpenVPN Access Server on AWS
Create AWS Instance
Inbound Security Group Rules
|
Custom UDP Rule
|
UDP
|
943
|
0.0.0.0/0
|
|
SSH
|
TCP
|
22
|
0.0.0.0/0
|
|
Custom UDP Rule
|
UDP
|
1194
|
0.0.0.0/0
|
|
HTTPS
|
TCP
|
443
|
0.0.0.0/0
|
|
Custom UDP Rule
|
UDP
|
443
|
0.0.0.0/0
|
|
Custom TCP Rule
|
TCP
|
943
|
0.0.0.0/0
|
Use PuTTYGen to convert pem to ppk. Add passphrase to the key.
Assign IP
Update DNS
SSH to host DNS name to verify proper name resolution. Login as ubuntu.
sudo apt-get update && sudo apt-get upgrade
The download page for OpenVPN Access Server.
https://openvpn.net/index.php/access-server/download-openvpn-as-sw/113.html?osfamily=Ubuntu
Right click the link and select ‘Copy link address’
From PuTTY download the deb
wget [right click]
Install the deb
sudo dpkg -i openvpn[tab]
Give user openvpn a password
sudo passed openvpn
It appears Ubuntu will open the ports, but I should figure out what is going on.
Open browser to admin page and log in as openvpn
Configure server. Be sure to properly add the server DNS name in Server Network Settings
Open browser to login page
Select “Login”
log in as openvpn
Download and install OpenVPN Connect for Window
Connect to VPN and verify server IP via ‘whats my ip’
Install VMware Tools on Debian 7
Before the tools are installed, you must install make and gcc
sudo apt-get install gcc make
VMware tools requires the Linux Kernel headers
sudo apt-get update
sudo apt-get install linux-headers-$(uname -r)
Insert the CD. Player -> Manage -> Install VMware tools…
Mount the CD
mount /media/cdrom
Extract tool to home
cd ~
tar -zxvf /media/cdrom/VMware[tab]
Execute the installer
cd vmware-tools-distrib
sudo ./vmware-install.pl
Reboot
Authors
-
Mike Michaelis
- Step 1 Homework
- ssh tunnel with stunnel4 hop
- stunnel4 ssh over https
- Hacking Game
- Big Open Source Blog Idea
- X11 from Ubuntu Server
- Purchase Bitcoin Anonymously
- Using SSH keys for Password-less Logins and Transparent Multi-hop SSH
- SSH SOCKS Tunnel Web Browsing
- Create Debian 7 OpenVPN Client NAT Gateway Router to Local Network
