Cloudatcost, the canadian cheap & flat cloud VPS provider (partner of @Fibernetics) seems to have really serious problems on the devops side. I already talked here about their infamous backdoor user (“wikus”) on their Debian 8 x64 VPS images (this seems to be solved by now).

Cloudatcost, the canadian cheap & flat cloud VPS provider (partner of @Fibernetics ships a backdoor user (“wikus”) with shell and password set on their Debian 8 x86_64 images.

As per CVE-2014-6271, a flaw in bash that permits malicious shell code injection was found.

We are going to locally build on a linux machine the Heartbleed checker wrote by https://github.com/FiloSottile (thank you!) in order to check for OpenSSL Heartbleed Bug CVE-2014-0160. Fire up your shell terminal and install golang package via aptitude or yum.

… or “confine untrusted users to their home directory (and give them no shell access as well)”

I stumbled upon the problem of fail2ban not banning after I had moved my ssh server to non standard port (let’s say 22022).

..And that’s why I use to hide the most server signatures I can on production servers.

You already know that it is not so smart to leave SSH running on your servers on default port and accessible from every internet address (ie. no firewall restrictions, no host allow/deny).. but in real world it happens to do so since, let’s say, you have no static IP, you have no access to firewall rules and so on.

Today we’ll take a look on how to setup SSH to take advantage of the one-time passcode support provided by Google Authenticator package.

On Windows XP if you are not joined to a domain there will be no Security tab option available.

If you have to assign strong passwords and you are in a lack of creativity, you may try to accomplish the task in many ways (for example by doing some rude redirect of /dev/urandom)

Mar 2 14:42:47 polpot sshd[1794]: Authentication refused: bad ownership or modes for file /home/muhammar/.ssh/authorized_keys

One day or the other it will happen again, and again you will forget how to fix it. Fact.

On last post I showed how to setup a long list timestamped bash history. In the last two months I had the opportunity to work on a set of FreeBSD (version 8) servers that come with CSH as default shell.

One of the first thing I do after installing Linux on a server is setting up the bash history to show the timestamp along with the command issued.