Tag Archives: openssh

Time to rejoice! OpenSSH official support coming to Windows!

http://undeadly.org/cgi?action=article&sid=20150603090420&mode=expanded

Granted you can already install cygwin and setup an openssh server (which is a pain), according to multiple sources OpenSSH will be supported by the Microsoft Powershell team. It is honestly about time, because if you’ve ever had to work with Windows Server Core edition, you may have felt like me and thought it was stupid that you would have to RDP into a system for command line access.

I have a strong gut feeling that the Metasploit community (who already seem to love Powershell for AV evasion) are going to have a lot of fun with a Microsoft OS builtin OpenSSH package that may even be able to be installed via the new package manager(?).

What do you guys, gals and bots think?

Openssh on Windows + free domain name setup + ssh tunneling

I’m actually posting this for a friend per request:

==OpenSSH + Cygwin Installation==

Over the past year or so, when using Windows on a certain computer in my network, I decided that I wanted secure command line oriented access to my Windows computer. With this being said, telnet would have not been a viable solution to the problem, along with remote desktop. Knowing about cygwin, I was soon to perform some searches on google pertaining to the installation of OpenSSH via cygwin.

The web site presented below, is a wonderful resource for this situation:

http://pigtail.net/LRP/printsrv/cygwin-sshd.html

Follow this tutorial closely and you should have little to no problems getting openssh set up on a Windows computer.

Also if you’re planning on doing ssh tunneling from a remote location or logging into your computer remotely via ssh, make sure to forward port 22 (or whatever port you set ssh to listen on) to the Windows computer that is hosting SSH. You may also want to set the Windows computer as a static client on your network, so you don’t have to worry about the LAN IP address changing which could cause problems, but depending on your router, this isn’t always necessary. It seems that a lot of routers do ‘static DHCP leasing’. To make sure that the service is remotely accessible, go to www.nmap-online.com .

Click on ‘Custom scan’.

Then under the ‘Nmap options..’, clear the options they have set there for you by default, leave your IP address alone and put:

-P0 -sV -vv -n -T3 -p 22 (YOURIP)

Lastly, click on ‘I agree with the Terms of Service’ and click ‘Scan Now!’. If nmap-online’s results yield the port is open, then you’re in business! Otherwise, you most likely
have your software firewall blocking openssh or you didn’t set up port forwarding on your router correctly. Other causes could include your ISP blocking that port as well.

=========================

==Dynamic DNS the free way==

One solution for a free DNS name is to use www.no-ip.com. Sign up using your e-mail address and here’s a video with a kid who has an annoying voice that may help you:

If you have set this up correctly, you should be able to resolve your new DNS name from the command line using a tool like ‘nslookup’. The IP address that shows up for your new DNS name, should be your WAN IP.

=========================

==SSH tunneling via Putty==

Now, say if you want to have a sense of security in a remote location that may be a malicious network. One (not perfect) good solution for if you’re a Windows user is to do SSH tunnelling.

http://oldsite.precedence.co.uk/nc/putty.html

Once you have logged into your server and set up a dynamic port on your loop back interface (127.0.0.1), it is now time to configure your browser to use a SOCKS 5 proxy connection on your loop back interface. Under Firefox this looks like this:

To verify that you’re actually tunneling home, go to www.ipchicken.com and here you should see your Dynamic DNS’s IP address. Now, you don’t have to worry nearly as much about MITM attacks and sniffing. Web  pages won’t appear nearly as quickly, but as the old saying goes, ‘Better safe than sorry’.  I hope this helps you dear friend of mine! 🙂

Last but not least, if you want to see a video on SSH dynamic port forwarding / tunneling, Irongeek has a wonderful video (bare in mind you don’t necessarily need ‘keys’, that he speaks of, you can use password authentication instead):

http://www.irongeek.com/videos/sshdynamicportforwarding.swf