Category Archives: Uncategorized

Getting authy-ssh to work (or at least what worked for me)

This will be a relatively short post. It is my objective for this post to be useful for other individuals who are having issues setting up authy-ssh on their Secure Shell servers. First, if you’re not familiar with two-step verification, have a look at this:

https://en.wikipedia.org/wiki/Two-step_verification

I was inspired to install this on one of my SSH servers due to enabling this feature on my Gmail account:

http://googleblog.blogspot.com/2011/02/advanced-sign-in-security-for-your.html

I had heard about authy-ssh a while back through news.ycombinator but had never put the time into setting it up. To set it up you can follow these directions:

https://www.authy.com/products/ssh#installation

I ran into issues though. My SSH server did not possess ‘seq’ and I received error messages from the authy-ssh script that were not very clear. I then dug into the authy-ssh shell script and discovered that it heavily depended on ‘curl’ connecting to Authy’s web servers over https. ‘curl’ would give me SSL certificate errors and I’m highly confident this is an issue with ‘curl’ on my server and not Authy’s SSL certificates. To bypass this issue in the authy-ssh script at lines 398, 482, 497, 533, and 605 you will need to add on the ‘-k’ flag to ‘curl’ to ignore the SSL certificate errors. I will warn you that this is NOT very secure but if you need authy to work, this should work.

In addition to this, you may want to run this shell script as well:

http://zitstif.no-ip.org/authyfix.txt

The authy-ssh bash shell script does a check to see if bash exists or if seq exists. If you’re on an OSX system, the OSX equivalent of ‘seq’ is ‘jot’. The equivalent of ‘seq 10’ with ‘jot’ is ‘jot – 1 10’.

An update: Just a bunch of random thoughts

Things I’ve taken note of over the past months:

1.) Finding ‘too much information’ (even when it’s public information) on a company can scare HR people, go figure.

2.) Linksys routers that are compatible with DD-WRT or the like, are great for being used as pivot points in networks. For example, if you’re able to to gain access to a router that is DD-WRT compatible and you can get SSH up and running on it, you’ve opened up a lot of opportunities.

One opportunity would include scanning the internet network using proxychains and nmap over an SSH tunnel. You could also use proxychains and nikto to scan web servers that are in the associated network with the DD-WRT compatible router.

You can also setup a private second WLAN network on the DD-WRT compatible router to have a sense of secure access to the network you’re penetrating. Using DD-WRT as a penetration tester, really opens up your possibilities.

3.) http://ipq.co rocks, ‘nough said. 🙂

4.) Being able to boot up a live Linux distro on a victim machine, use bhive, samdump2 (like this tutorial http://www.irongeek.com/i.php?page=security/localsamcrack2), to extract password hashes and then do ‘Pass the hash attacks’ via metasploit (like shown here: http://securitytube.net/Metasploit-Megaprimer-Part-16-(Pass-the-Hash-Attack)-video.aspx) is incredibly cool.

5.) The Nmap scripting engine rocks: http://securitytube.net/Mastering-the-Nmap-Scripting-Engine-(Blackhat-2010)-video.aspx

6.) Did you know you could install Nmap silently on a Windows machine? (Yes, it will also install winpcap.)
nmap-5.35DC1-setup.exe /S

7.) Other cool apps to install ‘silently’ using msiexec on Windows machines:  (msiexec /i appname.msi /q)
http://www.python.org/download/releases/2.5/
http://www.activestate.com/activeperl/downloads

8.) The concepts of SSH reverse connections and port forwarding make me elated: http://www.securitytube.net/Hacking-through-the-Windows-Firewall-using-Metasploit-video.aspx

More to come as usual…