OpenSSH/Third Party Utilities

scanssh – a scanner for SSH hosts and some kinds of proxies
sshfs – a user-space file system client based on SFTP
sshfp – generate SSHFP DNS records from knownhosts files or ssh-keyscan
keychain – re-use ssh-agent and/or gpg-agent between logins
rsync - synchronize files and directories using delta encoding
gstm - graphical front-end for managing SSH-tunneled port redirects
sslh - a protocol demultiplexer

scansshEdit

scanssh scans hosts and networks for running services. ScanSSH - Scanning the Internet for SSH Servers [1] It checks the version number of the server and displays the results in a list. It detects ssh, sftp and several kinds of SOCKS, HTTP, and telnet proxies.

Scan a small subnet for ssh servers:

$ sudo scanssh -n 22 -s ssh 192.168.100.32/26

Scan the same small network for socks proxies:

$ sudo scanssh -s socks5,socks4 192.168.100.32/26

Variable scanning speeds can be set as well as random sampling. Open proxy detection scans to detect open proxies on common ports.

Scan 1000 hosts randomly selected from 172.16.1.1 through 172.31.254.254, at a rate of 200 per second :

$ sudo scanssh -r 200 -p random(1000)/172.16.0.0/12

The hosts and networks to be scanned can be either specified as an IPv4 address or an CIDR like IP prefix with ip address and network mask. Ports can be appended by adding a colon at the end of address specification. The sequence of hosts scanned is random, but that can be modified by the following two parameters, random and split:

random(n[,seed])/ selects a sample of n random addresses from the range specified as targets for scanning. n is the number of address to randomly create in the given network and seed is an optional seed for the pseudo random number generator. For example, it is possible to sample 10000 random hosts from the Internet by specifying 'random(10000)/0.0.0.0/0' as the address.

split(s,e)/ selects a specific segment of the address range for use. e specifies the number of segments in parallel and s is the segment number used by this particular scan. This can be used to scan from several hosts in parallel by scanning a different segment from each host.

-n Specifies the port numbers to scan. Ports are separated by commas. Each specified scanner is run for each port in this list. The default port is 22.

Scan for ssh servers on both port 22 and 2022:

$ scanssh -s ssh -n 22,2022 192.168.0.0/24

sshfsEdit

sshfs builds on Filesystem in Userspace (FUSE) to use allow non-privileged users to create a secure, reliable file system framework. As the name implies, this is done in user space and not the kernel as is usually required for file systems. FUSE has a stable API library and bindings to C, C++ and Java. In this case it is specifically the SFTP client that is mounted as a file system.

sshfs allows a remote file system to be mounted as a local folder taking advantage of the SFTP subsystem. It uses SFTP to mount a directory from a remote server as a local directory. In that way, all use applications can interact with that directory and its contents as if it were local.

See the Cookbook section on SFTP

sshfpEdit

sshfp generates SSHFP NS records using the public keys stored in a known_hosts file or provided by ssh-keyscan, as a means to use DNS to publish SSH key fingerprints. That in turn allows DNSSEC lookups to verify SSH keys before use. SSHFP resource records in DNS are used to store fingerprint of SSH public host keys that are associated with host names. A record itself consists of an algorithm number, fingerprint type and the fingerprint of the public host key. See RFC 4255 for details on SSHFP.

keychainEdit

keychain is a manager for ssh-agent to allow multiple shells and processes, including cron jobs, to use the keys held by the agent. It is often integrated into desktop-specific tools like Apple Keychain on OS X or kdewallet for KDE. http://www.funtoo.org/en/security/keychain/intro/

rsyncEdit

rsync is a file transfer utility to transfer files between computers very efficiently. It can run on top of SSH or use its own protocol. SSH is the default. http://rsync.samba.org/

Gnome SSH Tunnel Manager (gstm)Edit

gstm is a graphical front-end for managing SSH connections and especially port forwarding. http://sourceforge.net/projects/gstm/

sslhEdit

sslh is a protocol demultiplexer. It accepts connections on specified ports and forwards them based on the first packet sent by the client. It can be used to share a single port between SSH, SSL, HTTP, OpenVPN, tinc and XMPP. http://www.rutschle.net/tech/sslh.shtml

Additional Third Party UtilitiesEdit

The following are useful in working with OpenSSH, but outside the scope of this book to go into detail. However, they are enough worth mentioning to warrant a list:

netstat – Show network connections, routing tables, interface statistics, masquerade connections, and multicast memberships
nc or netcat – Netcat, the TCP/IP swiss army knife.
socat – SOcket CAT, a multipurpose relay similar to netcat.
nmap – Network exploration tool and security scanner.
tcpdump – Display network traffic realtime.
telnet – Unencrypted interaction with another host.
pagsh – Creates a new credential cache sandbox and process authentication group (PAG).
nohup – Invoke a process that ignores HANGUP signals
sudo – Execute programs as another user
lftp – A handy interactive multi-protocol file transfer text-based client supporting SFTP.
curl – A multi-protocol file transfer text-based client supporting SCP and SFTP.


Last modified on 4 November 2013, at 17:01