Tuesday, March 08, 2016

Bad usernames

There are a lot (a LOT!) of articles about bad and weak passwords. What about weak usernames?

I have a server with public facing sshd (stuck on standard port 22). Running this gives a rough idea of what default usernames are to avoid:

lastb -w | awk -F " " '{print $1}' | sort -n | uniq -c  | sort -n -r | more
     39 admin     29 oracle     21 test      9 user      9 postgres      8 guest      8 git      8 a      7 nagios      4 ubuntu      4 ftpuser      3 redmine      3 office      3 developer      3 b      3 alias      3 ADMIN      2 zhangyan      2 www      2 vyatta      2 ucpss      2 ubnt      2 tomcat      2 teamspeak3      2 teamspeak      2 steam

What else can be done besides passwordless ssh key only encryption for access? Well limiting exposure with fail2ban slows down any possibility of brute forcing and whitelisting by geo-locating IP addresses may help too: http://www.axllent.org/docs/view/ssh-geoip/
And of course only open the ports needed via firewall etc.

Wednesday, February 24, 2016

Mosh and SSH

I recently gave mosh a try. I'd read a bit about how useful it can be with unreliable connections and queuing commands and maintaining a local echo to screen as you type avoiding lag - all good stuff.

However using GNU screen (or tmux) solves a lot of the problems with reconnecting so I just never bothered. I was also under the impression that mosh and ssh were mutually exclusive when in fact they both work together. I was  concerned that installing mosh might break or hamper an exiting reliable ssh service. Well so far I've installed it on several systems and it's has no negative effects on sshd. And that's the point of this post. I could not find that information written anywhere on the web.

That's not to say it's been perfect. It is possible to orphan a mosh session to which you cannot reattach. That is a bit annoying if rare. It doesn't aid scp and  sftp transfers in terms of resumes. But that limitation doesn't bother me. Also there is no mosh support in putty (nor is there likely to be!) or its forks such as kitty which is disappointing if you use any windows systems. There are some mosh clients for windows but they're crippled versions of free or commercial packages or buggy cygwin hacks. Not against payware - there just isn't one around I like the look of.

On mobile platforms however, JuiceSSH implements mosh admirably. Highly recommended on the Android platform.

Mosh monitors active ssh connections on a high port so port 22 or equivalent isn't enough. It requires upd on an additional high port (~60001) to be opened on firewall etc. 

Tuesday, January 12, 2016

Filtering out old results from google search

For searching technical information, often it's the case that results older than a year may as well be in a glass case in a museum. If like me you're sick of scrolling through old results and various mouse clicks to set a suitable filter - append this to your search result:


Ideally the "m" for month can be replaced with a year "y" or even "h" for hour.
It would be better if there was a quickly typed search operator for this. But there isn't. There is a date range filter but it requires dates in Julian Calendar format - yuck.