Jul 08

sslsnoop – hacking OpenSSH

Reading time: < 1 minute Using sslsnoop you can dump SSH keys used in a session and decode ciphered traffic. Supported algorithms are: aes128-ctr, aes192-ctr, aes256-ctr, blowfish-cbc, cast128-cbc. Basic sslsnoop information:

 $ sudo sslsnoop # try ssh, sshd and ssh-agent… for various things
 $ sudo sslsnoop-openssh live `pgrep ssh` # dumps SSH decrypted traffic in outputs/
 $ sudo sslsnoop-openssh offline –help # dumps SSH decrypted traffic in outputs/ from a pcap file
 $ sudo sslsnoop-openssl `pgrep ssh-agent` # dumps RSA and DSA keys

Take a look into the project in sslsnoop github page.

Jun 30

Enabling linux kernel to open LOTS of concurrent connections

Reading time: < 1 minute Just a small recipe about how to enable linux kernel to open tons of concurrent connections. Really simple and useful post entry.

echo “10152 65535″ > /proc/sys/net/ipv4/ip_local_port_range
sysctl -w fs.file-max=128000
sysctl -w net.ipv4.tcp_keepalive_time=300
sysctl -w net.core.somaxconn=250000
sysctl -w net.ipv4.tcp_max_syn_backlog=2500
sysctl -w net.core.netdev_max_backlog=2500
ulimit -n 10240
Aug 28

Technitium MAC Address Changer

Reading time: 1 – 2 minutes

I just want to share with you a small and powerful Windows tool I found in my last trip to US. The best feature IMHO is that permits to change the MAC address of your NIC interface without rebooting, safely and fast. It could be useful when you have a limit time to connect to internet in a free Wi-Fi network; after changing your MAC address you should be like a new device. If you have to do something like this, remember to remove the browser cookies.

Other interesting features of this tool is network presets. You can change your NIC settings very fast just changing a preset profile. As you can see in next screenshot it has a simple chart of your real time network traffic. And finally I want to stand out you can see all your network devices configuration very fast.

technitium MAC address changer screenshot

Technitium MAC Address Changer home page.

May 02

Send email notifications from supervisord

Reading time: 1 – 2 minutes

There is a package called superlance which listens supervisord events. If you install it with:

pip install superlance

Then it’s very easy to setup supervisord to send emails when a daemon changes the state because of a crash or something else.

Lines to add to supervisord configuration file:

[eventlistener:crashmail]
command=/usr/local/bin/crashmail -a -m email1@example.com
events=PROCESS_STATE

if you want to send notifications only for some applications:

[eventlistener:crashmail]
command=/usr/local/bin/crashmail -p program1 -p group1:program2 -m email1@example.com
events=PROCESS_STATE

Of course, superlance can listen many different event signals from supervisor and can take different actions like call to HTTP URL or send SMS. I want to recommend you to take look to the package documentation it could be useful to understand all the superlance power.

May 01

Relay mail from your server without MTA

Reading time: < 1 minute Sometime you need to send notifications or simply you need to use sendmail command from your server, but you don't want to use a local mail server. Maybe use simple SMTP (ssmtp) could be a good idea to solve this kind of situations. I use to configure SSMTP with a GMail account to send notifications from server different daemons, for example, crontab, supervisord, etc. This is a cookbook configuration for SSMTP and GMail: /etc/ssmtp/ssmtp.conf
root=user@gmail.com
mailhub=smtp.gmail.com:587
rewriteDomain=
hostname=user@gmail.com
UseSTARTTLS=YES
AuthUser=user@gmail.com
AuthPass=password
FromLineOverride=YES

/etc/ssmtp/revaliases

root:username@gmail.com:smtp.gmail.com:587
localusername:username@gmail.com:smtp.gmail.com:587

Installation in ubuntu server is as easy as: apt-get install ssmtp

Feb 25

Setup a VPN with PPP and SSH

Reading time: < 1 minute Fast trick for linux users, do you know how to setup a VPN using PPP and SSH? of course you can setup a secure tunnel using '-w- or '-W' ssh parameters in last versions of SSH. But in this case I want to share with you this idea:

pppd updetach pty “ssh root@REMOTE_PUB_IP pppd notty 192.168.254.1:192.168.254.2”

I hope it’s useful for you.

Dec 21

timegrep: Very useful grep tool

Reading time: < 1 minute Specially when you have to look up inside Postfix logs or Syslog in general it could be the swiss knife tool you need: timegrep.

You have to know that the tool is developed using Python. And is very easy to upgrade or fork the code.

Mar 11

ssh-copy-id

Reading time: < 1 minute Really useful command of ssh package to add public key of your user account to a remote SSH server and then access there with passwordless authentication method. ssh-copy-id [-i [identity_file]] [user@]machine

In the past I wrote a simple cookbook to explain this process but now this is as simple as possible. Don’t forget ssh-copy-id is the most easy way to add your ssh public key in remote servers.