Tag Archives: ssh

Using expect

Let’s give a brief intro to expect. Basically is a tool for automating interactive applications such as FTP, telnet, ssh and similar. Expect has regular expression pattern matching and general program capabilities.

Let’s start installing Expect. Type in your Debian based box:

sudo aptitude install expect

That’s it. You are done.

Now lets write a simple ssh expect script. Substitute user, password and hostname for the user, password and hostname to the machine you want to log into.

#!/usr/bin/expect
spawn ssh user@hostname
expect “user@hostname’s password:”
send “password\r”
expect “$\r”
send “who; pwd; last | head\r”
expect “$\r”
send “date; exit\r”
expect eof

The script is pretty simple. It basically logs into a box and executes date, pwd, who and last commands. But it clearly shows the power of expect for automating tasks.

More info at Wikipedia and Expect homepage.

Blocking SSH attacks with IPtables

If you have a website running you might get brute force attacks on the ssh port. Below is an excerpt from the logs in /var/log/auth.log

Jan 28 21:32:16 server sshd[10855]: Failed password for illegal user root from 213.191.74.219 port 51033 ssh2
Jan 28 21:32:16 server sshd[10857]: Illegal user root from 213.191.74.219
Jan 28 21:32:16 server sshd[10857]: Failed password for illegal user root from 213.191.74.219 port 53722 ssh2
Jan 28 21:32:16 server sshd[10859]: Illegal user root from 213.191.74.219
Jan 28 21:32:16 server sshd[10859]: Failed password for illegal user root from 213.191.74.219 port 54393 ssh2
Jan 28 21:32:16 server sshd[10861]: Illegal user root from 213.191.74.219
Jan 28 21:32:16 server sshd[10861]: Failed password for illegal user root from 213.191.74.219 port 55099 ssh2

Blocking this attacks is really easy with IPtables. Just type the following from the CLI.


sudo iptables -A INPUT -i eth0 -p tcp –dport 22 -m state –state NEW -m recent –set –name SSH
sudo iptables -A INPUT -i eth0 -p tcp –dport 22 -m state –state NEW -m recent –update –seconds 60 –hitcount 3 –rttl –name SSH -j DROP

The above command will block ssh attacks on the SSH port on your server. Enjoy.

Setting passwordless ssh trust

I’m going to explain how to set ssh trust between two hosts. This would allow us to connect to the server without having to type the password.

1) First generate the public and private keys on the machine from where you want to log in to other machines. This can be accomplished in two ways depending on the ssh version running on the server you want to log in. I recommend using ssh version 2. Ssh version 1 has security flaws.

Type from the command line:

# ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/user/.ssh/id_dsa.
Your public key has been saved in /home/user/.ssh/id_dsa.pub.
The key fingerprint is:
86:40:27:c5:29:ce:64:35:1f:a9:b9:9c:f0:97:a5:4d user@server
The key’s randomart image is:
+–[ DSA 1024]—-+
|    o+=…       |
|   .+ooo..       |
|   =.. o.        |
|    +.o.  E      |
|     +.oS*       |
|      =.+ .      |
|       .         |
|                 |
|                 |
+—————–+
#

This will generate a public and a private key in the ~/.ssh directory. Don’t type anything when asked for the passphrase. Now we need to copy the public key to the server we want to log in passwordless.

2) Type the following.

# scp ~/.ssh/id_dsa.pub user@remote_server:/tmp

3) Log into the remote server and copy the public key to the authorized_keys file in the ~/.ssh directory.

remote_server# cat /tmp/id_dsa.pub >> ~/.ssh/authorized_keys

That’s it. You are done. Enjoy.