OpenSSH/Third Party Utilities
- scanssh – a scanner for SSH hosts and some kinds of proxies
- sshfs – a user-space file system client based on SFTP
- sshfp – generate SSHFP DNS records from knownhosts files or ssh-keyscan
- keychain – re-use ssh-agent and/or gpg-agent between logins
- rsync - synchronize files and directories using delta encoding
- gstm - graphical front-end for managing SSH-tunneled port redirects
- sslh - a protocol demultiplexer
scanssh scans hosts and networks for running services. ScanSSH - Scanning the Internet for SSH Servers  It checks the version number of the server and displays the results in a list. It detects ssh, sftp and several kinds of SOCKS, HTTP, and telnet proxies.
# scan a small subnet for ssh servers sudo scanssh -n 22 -s ssh 192.168.100.32/26
# scan the same small network for socks proxies sudo scanssh -s socks5,socks4 192.168.100.32/26
Variable scanning speeds can be set as well as random sampling. Open proxy detection scans to detect open proxies on common ports.
# scan 1000 hosts randomly selected from 172.16.1.1 through 172.31.254.254 # at a rate of 200 per second sudo scanssh -r 200 -p random(1000)/172.16.0.0/12
The hosts and networks to be scanned can be either specified as an IPv4 address or an CIDR like IP prefix with ip address and network mask. Ports can be appended by adding a colon at the end of address specification. The sequence of hosts scanned is random, but that can be modified by the following two parameters, random and split:
random(n[,seed])/ selects a sample of n random addresses from the range specified as targets for scanning. n is the number of address to randomly create in the given network and seed is an optional seed for the pseudo random number generator. For example, it is possible to sample 10000 random hosts from the Internet by specifying 'random(10000)/0.0.0.0/0' as the address.
split(s,e)/ selects a specific segment of the address range for use. e specifies the number of segments in parallel and s is the segment number used by this particular scan. This can be used to scan from several hosts in parallel by scanning a different segment from each host.
-n Specifies the port numbers to scan. Ports are separated by commas. Each specified scanner is run for each port in this list. The default port is 22.
# scan for ssh servers on both port 22 and 2022 scanssh -s ssh -n 22,2022 192.168.0.0/24
sshfs builds on Filesystem in Userspace (FUSE) to use allow non-privileged users to create a secure, reliable file system framework. As the name implies, this is done in user space and not the kernel as is usually required for file systems. FUSE has a stable API library and bindings to C, C++ and Java. In this case it is specifically the SFTP client that is mounted as a file system.
sshfs allows a remote file system to be mounted as a local folder taking advantage of the SFTP subsystem. It uses SFTP to mount a directory from a remote server as a local directory. In that way, all use applications can interact with that directory and its contents as if it were local.
See the Cookbook section on SFTP
sshfp generates SSHFP NS records using the public keys stored in a known_hosts file or provided by ssh-keyscan, as a means to use DNS to publish SSH key fingerprints. That in turn allows DNSSEC lookups to verify SSH keys before use. SSHFP resource records in DNS are used to store fingerprint of SSH public host keys that are associated with host names. A record itself consists of an algorithm number, fingerprint type and the fingerprint of the public host key. See RFC 4255 for details on SSHFP.
keychain is a manager for ssh-agent to allow multiple shells and processes, including cron jobs, to use the keys held by the agent. It is often integrated into desktop-specific tools like Apple Keychain on OS X or kdewallet for KDE. http://www.funtoo.org/en/security/keychain/intro/
rsync is a file transfer utility to transfer files between computers very efficiently. It can run on top of SSH or use its own protocol. SSH is the default. http://rsync.samba.org/
Gnome SSH Tunnel Manager (gstm)
gstm is a graphical front-end for managing SSH connections and especially port forwarding. http://sourceforge.net/projects/gstm/
sslh is a protocol demultiplexer. It accepts connections on specified ports and forwards them based on the first packet sent by the client. It can be used to share a single port between SSH, SSL, HTTP, OpenVPN, tinc and XMPP. http://www.rutschle.net/tech/sslh.shtml
Additional Third Party Utilities
The following are useful in working with OpenSSH, but outside the scope of this book to go into detail. However, they are enough worth mentioning to warrant a list:
- netstat – Show network connections, routing tables, interface statistics, masquerade connections, and multicast memberships
- nc or netcat – Netcat, the TCP/IP swiss army knife.
- socat – SOcket CAT, a multipurpose relay similar to netcat.
- nmap – Network exploration tool and security scanner.
- tcpdump – Display network traffic realtime.
- telnet – Unencrypted interaction with another host.
- pagsh – Creates a new credential cache sandbox and process authentication group (PAG).
- nohup – Invoke a process that ignores HANGUP signals
- sudo – Execute programs as another user
- lftp – A handy interactive multi-protocol file transfer text-based client supporting SFTP.
- curl – A multi-protocol file transfer text-based client supporting SCP and SFTP.