At first i wanted a space that allows me to save my findings and technical configurations i didn't want to forget. Then i tell myself why not put it on Internet to share with other ppl that are looking for information on something i already did.
for the moment i didn't activate any commentaries or anything else on the website. Indeed as i said i'm not a blogger, i just want to save my finding and share it with other people that might help. But if you have some questions, do not hesitate to ask me nicely by email and i will try to answer you.
i have a small lab at home to play with stuff i found, and experiments. my lab is made of a NAS, several raspberry, and recently a VM server ESXi because i'm tired of having too many Rpi & Co!
The blog itself isn't very powerful because i didn't want to spend to much time on it, but if one day it require more work, i will see. for the moment it met my need and that's all i want!
2. I, Me and Myself
It's very hard to present yourself, so i will be very brief!
I'm a french computer science ingeneer specialize in security. i always liked to try to understand everything i touch especially in computer science. I like to say i'm no expert in any technology but i'm trying to!
The security field is very interesting because you have the opportunity to think as a good guy trying to protect yourself, but also like bad guys trying to break or steal everything! Of course i'm kidding, but you have to understand (and try) how hackers do to bypass security equipment etc. To do so, you have to undertand a very large field of security starting from the computer : OS, hardware etc to the network : TCP, VLAN, Firewall, IDS etc.
As an example of how i like to undertand thing and try to be the bad guy you can find my final internship presentation at the defcon 18 in 2010 thanks to the security lab of stanford : https://www.youtube.com/watch?v=rpMpmm0nlEM
But that's not everything, security field means also trying to protect your company from a governance point of view: how do you protect a company with thousand employees without knowledge in security ? you have to think policies, procedure, control etc! and from a bigger scale, it become harder and harder... it's easy to protect your frontdoor with titan but if you don't know that you have several backdoor in wood, what the point ?! ;)
I'm currently living in Montpellier after spending my studies in Paris Epita and working in Paris in several companies for over 6 Years!
This tutorial is made for you to be able to test how to do SSH over a standard https SSL/TLS connection (at least for the CONNECT). the objective is to understand how it's working and to be able for you to make a POC if you want to. I'm not responsible for what purpose you are using it to. most of this tutorial was possible thanks to the hard work of blog.chmd.fr
this tutorial is definitely doable on a Raspbeery Pi
do not hesitate to let me a comment to ask questions.
1.Architecture physique simplifiée
The idea of this tutorial is to understand and configure your client to build a ssh connection through ssl. Of course your server must have a specific configuration as well. see the server side configuration tutorial: ssh over ssl part 1 : server side
nowadays firewall block port, but can also do a DPI to see which protocol you are using. It means that if you try to ssh on port 443 it won't work even if port 443 is open. To avoid it, we have to trick the firewall to think we are doing a legitimate https connexion but instead once we are in SSL (firewall can't read anymore), we switch to ssh!
This tutorial is made as a Proof Of Concept and should be used only for better understanding and POC purposes ! i'm not responsible of any use of this trick.
if you are using windows, i would recommand to use a linux virtual machine. it's way easier.
windows software (didn't try them):
- Optional depending if proxy authentication to bypass too: proxifier (not tested yet)
- Optional depending if proxy authentication to bypass too: cntlm
- openssh client
3. Proxy authentication
The first step is to be able to connect to the proxy, since most of the time it's the only way to access internet. If you don't have a proxy you can bypass this part, same thing if you don't need to be authenticate to use your proxy.
We need to have a way to authenticate to the proxy. to do so, if it's using basic auth, you can set your env variable http(s)_proxy. Look for it on Internet. But if it's using NTLM you will need another way.
A way is to use a local proxy authenticating itself to the remote proxy and giving you a local port already connected to the remote proxy.
cntlm do this job very well. download and install it (direcly for official website or apt-get).
then look into my config file. to generate the PassLM, PassNT, PassNTLMv2 you must first create the config file with all info, then in the console type in : "cntlm -H", it will ask you your password then generate you the 3 lines !
you can find lot of other option into this:
once your config file is ready, you can test it in your terminal using this :
if everything goes well, cntlm should tell you it's ready.
you can test it by connecting through it with firefox (set your proxy settings to use localhost and your define port in your confiuration)
4. Tunnel to your remote server on 443 port
this part is made to build a connection to your remote server on the port 443. if the firewall you are trying to bypass isnt looking into protocole it wont be necessary to go farer. indeed once you are connected you could directly do ssh into it. But if your firewall is watching, it will instantly close your connection since it's not https!
if you want to know build your proxytunnel connexion, then try to type in anything into it. your connection should close !
So, download proxytunnel and using the previous cntlm tunnel launch it like it :
if your proxy wasnt using auth, you could directly type in your proxy address:port instead of 127.0.0.1:3128. we chose the local port 7000 for our tunnel
5. SSL tunnel
once you have a connection to your server, it's time to trick the firewall thinking we will do HTTPS.
To do so, we will use openSSSL like this :
if everything is working well, you should see your server certificate.
So for your ssh to use this tunnel SSL, it's simple: create or edit the file ~/.ssh/config
and add :
it's telling your ssh for this host, to use this has a proxy! so instead of trying directly to ssh, it will first execute this ssl tunnel, then use it!
everything is done for your client side!
for windows, you should look into stunnel but i didnt try
5. Sum up
Prise de note & workflow :
- Shinken: http://shinken-monitoring.org/
- capacity planning (graphite), compatible nagios.
- Documentation peu clair
- PandoraFMS: http://pandorafms.com/
- easy to install
- client pandora