CrunchBang ~ ssh

Ubuntu Security Notice: openssl

Philip Newborough — Tue, 13 May 2008 15:33:29 GMT

This is one of those security notices which on first glance appears to be serious enough to take a second glance. I have therefore republished the entire notice:

=========================================================== 
Ubuntu Security Notice USN-612-1               May 13, 2008
openssl vulnerability
CVE-2008-0166
===========================================================

A weakness has been discovered in the random number generator used
by OpenSSL on Debian and Ubuntu systems.  As a result of this
weakness, certain encryption keys are much more common than they
should be, such that an attacker could guess the key through a
brute-force attack given minimal knowledge of the system.  This
particularly affects the use of encryption keys in OpenSSH, OpenVPN
and SSL certificates.

This vulnerability only affects operating systems which (like
Ubuntu) are based on Debian.  However, other systems can be
indirectly affected if weak keys are imported into them.

We consider this an extremely serious vulnerability, and urge all
users to act immediately to secure their systems. (CVE-2008-0166)

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

== Who is affected ==

Systems which are running any of the following releases:

 * Ubuntu 7.04 (Feisty)
 * Ubuntu 7.10 (Gutsy)
 * Ubuntu 8.04 LTS (Hardy)
 * Ubuntu "Intrepid Ibex" (development): libssl <= 0.9.8g-8
 * Debian 4.0 (etch) (see corresponding Debian security advisory)

and have openssh-server installed or have been used to create an
OpenSSH key or X.509 (SSL) certificate.

All OpenSSH and X.509 keys generated on such systems must be
considered untrustworthy, regardless of the system on which they
are used, even after the update has been applied.

This includes the automatically generated host keys used by OpenSSH,
which are the basis for its server spoofing and man-in-the-middle
protection.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 7.04:
  libssl0.9.8                     0.9.8c-4ubuntu0.3

Ubuntu 7.10:
  libssl0.9.8                     0.9.8e-5ubuntu3.2

Ubuntu 8.04 LTS:
  libssl0.9.8                     0.9.8g-4ubuntu3.1

Seriously, it is time to update your SSH keys.

Tags: ssh, ubuntu

PuTTY SSH Client for Nokia N95

Philip Newborough — Sun, 16 Dec 2007 00:24:48 GMT

Tonight I have mainly been playing with PuTTY for Symbian OS, an SSH client for my new Nokia N95. After figuring out the correct version to download, there are several versions available for the different editions of Symbian, the installation was super easy and simply consisted of clicking a few confirmation buttons. By the way, the correct version for the Nokia N95 is the S60 third edition.

Regarding usage, I found using PuTTY on my mobile phone to be a somewhat fiddly experience, mainly due to the fact that I have pig tits for fingers. Having said that, I can't really fault the software. Anyone with any experience of using an SSH client shouldn't experience any difficulties and should be able to get a connection up within a minute or two; I connected to one of my Ubuntu systems at home, impressive stuff, even if I do say so myself! For me, the ability to run an SSH client gives a whole new meaning to the term "smartphone". Is there anything this phone can't do?

Tags: n95, nokia, ssh, terminal, ubuntu

Remote Torrent Downloads Via SSH

Philip Newborough — Wed, 24 Oct 2007 13:18:35 GMT

I don't like using bittorrent to download large files when I'm using my network at home; the process consumes my net connection and simple tasks like browsing the web become painfully slow. Instead, I start my torrent sessions remotely via an SSH connection while I'm at work. By doing this I maximise the potential of my 512k ADSL line by using it for downloading torrents when I'm connected to a different network.

SSH Server

On my home network I have an old Toshiba laptop running Ubuntu Server Edition. This system has OpenSSH Server installed and allows me to connect to my home network from my place of work. Unfortunately, installing, configuring and using OpenSSH Server is beyond the scope of this post. However, it's not too difficult and there are plenty of good articles out there about the subject. See: https://help.ubuntu.com/7.04/server/C/openssh-server.html

Screen and BitTornado

Once I'm connected to my home network I then use a combination of Screen and BitTornado to download any torrent files.

Screen enables me to start a download and exit my SSH connection without stopping the download. I can then reconnect via SSH and use the command "screen -r" to return to the download screen and check on the progress of the download.

BitTornado is not required but I like it as it adds additional features to Ubuntu's default bittorrent client.

You can install Screen and BitTornado with the following terminal command:

sudo apt-get install screen bittornado

Usage

1. To start a new download enter the following command [remember to replace the example URL with the location of the real torrent]:

screen btdownloadcurses http://example.com/example.torrent

You should now be able to see something similar to the screengrab below:

2. To detached the screen and leave the download running use the following key combination:

++

3. To reattach the screen enter the following command:

screen -r

4. Once the download has finished you can kill the screen with the following key combination:

Notes: If you have multiple screens running, entering the command "screen -r" will return a list of available screens to reattach.

More information about Screen and its usage is available with the following terminal command:

man screen

Tags: bittorrent, linux, ssh, ubuntu

Creating Private/Public SSH Keys

Philip Newborough — Fri, 19 Oct 2007 08:49:20 GMT

13th May 2008 Update: I have removed the original contents of this post. Normally I would not remove the contents of any blog post; however, due to security reasons I did not want anyone to follow the instructions that were contained within the post. I have updated the information about creating passwordless SSH keys and moved it to my wiki, it is probably better off there anyway ;) See:

Sorry for any inconvenience this may have caused.

Tags: bash, linux, ssh, ubuntu