Jump to content

[VIDEO] 104 - Persistent Shell Access with AutoSSH


Darren Kitchen

Recommended Posts

Can't wait :)

Can I ask why Wifi was not added to the device tho, I am curious as this would not make it a swiss army knife of awesomeness in such a small package?

You're right - it would be a nice feature. Given the LAN Turtle is actually built on the same SoC as the WiFi Pineapple, it's absolutely possible. Right now it isn't an enabled feature due to costs and certification but if it's a requested enough feature I'm game to see what's possible. Perhaps it could lead to an out of band or side channel data exfiltration attack :)

  • Upvote 2
Link to comment
Share on other sites

Thanks for your reply, I totally hear you with cost and regulations etc, I was just dreaming of the possibility's the LanTurtle will open, adding wifi would be sweet. I was more thinking this tho because I am unsure how I will be able to maintain access to the Turtle if certain ports are blocked etc I may end up loosing it. I am fairly new to this as well as SSH :)

Link to comment
Share on other sites

Hey Darren, quick question:

I wanted to setup my turtle with AutoSSH, but my server's ssh port is not 22 (i changed it to a different port). I was able to create an ssh tunnel using the command line from the turtle, but I can't seem to get it to work from the module itself. I tried to add my port number to the end of the host info (i.e user@serverport -p XXXX), but everytime I try to save it, it drops the port number. Any help? Thanks!

-- Jon

Link to comment
Share on other sites

Hey Darren, quick question:

I wanted to setup my turtle with AutoSSH, but my server's ssh port is not 22 (i changed it to a different port). I was able to create an ssh tunnel using the command line from the turtle, but I can't seem to get it to work from the module itself. I tried to add my port number to the end of the host info (i.e user@serverport -p XXXX), but everytime I try to save it, it drops the port number. Any help? Thanks!

-- Jon

That's what remote port is for isn't' it?

Link to comment
Share on other sites

Unfortunately thats not how the remote port works in the lan turtle. I too use a non-standard SSH port, as its part of my handy-dandy TELOTS BEST SSH PRACTICES rulebook (keeps the script kiddies from pounding at your door - security through obscurity ftw). I tried setting it up every which way within the turtle gui manager, but was unable to get it to work. When I switched my servers ssh port back to 22, it works like a champ. Whats really odd is that when I try to autossh from the cli, this seems to be a different version of autossh that I'm not familiar with. Heres how I'd like the autossh to work: autossh -R 2222:localhost:22 telotsvps.com -p 2023 but I just get the help spammed back at me. To explain: I'd connect to my telotsvps.com on port 2023, then ssh -p 2222 localhost to get back to the lanturtle.

Darren, any insight on how we can have our non-standard ports implemented via the gui? And if not, can we edit some file within the turtle to trick it into working?

Also, great to be back guys - HEY BARRY! Long time no see!

Also also, this lan turtle is F'ING AWESOME - great job dk!

telot

Edited by telot
Link to comment
Share on other sites

Unfortunately thats not how the remote port works in the lan turtle. I too use a non-standard SSH port, as its part of my handy-dandy TELOTS BEST SSH PRACTICES rulebook (keeps the script kiddies from pounding at your door - security through obscurity ftw). I tried setting it up every which way within the turtle gui manager, but was unable to get it to work. When I switched my servers ssh port back to 22, it works like a champ. Whats really odd is that when I try to autossh from the cli, this seems to be a different version of autossh that I'm not familiar with. Heres how I'd like the autossh to work: autossh -R 2222:localhost:22 telotsvps.com -p 2023 but I just get the help spammed back at me. To explain: I'd connect to my telotsvps.com on port 2023, then ssh -p 2222 localhost to get back to the lanturtle.

Darren, any insight on how we can have our non-standard ports implemented via the gui? And if not, can we edit some file within the turtle to trick it into working?

Also, great to be back guys - HEY BARRY! Long time no see!

Also also, this lan turtle is F'ING AWESOME - great job dk!

telot

Might be hardcoded in the script. I'll look into it when mine comes in. Bit the bullet and ordered one, might be here tomorrow or friday.

Link to comment
Share on other sites

I was able to get it going by modifying /etc/config/autossh in the lanturtle. I added a -p XXXX at the end with my non-standard port number and its working like a charm :D Woo!

option ssh '-i /root/.ssh/id_rsa -N -T -R 2222:localhost:22 telot@telotsmagicalvps.com -p 2023'

telot

  • Upvote 2
Link to comment
Share on other sites

Forgot to say... it should be possible to use ssh tunneling on that provider, too.

Are there any free ones or only payed services - and if so, which to choose ?

Thanx ;-)

I'm using linode.com because I'm able to build a minimal kali vm in VirtualBox the use rsync to copy it directly to the disk on my vps in the cloud. The kali minimal image starts off at about 1.7Gb once I've configured and hardened it (including scrubbing banners and changing services I use to non-standard ports etc.)

Then once working in the cloud I can very easily add any kali tools I want.

Cheers.

Link to comment
Share on other sites

Would you (Darren or anyone) recommend/suggest the LAN Turtle as the always connected man-on-the-inside to facilitate a SSH tunnel for a DVR application?

A few days before the LAN Turtle was announced I began researching the best way to punch through some ISP level NAT to open up access to a Security DVR at a remote site. Immediately I thought of using a linux device on site, autoSSHing into a VPS (probably a $15/year BuyVM OpenVZ VM) with a port forward through the tunnel. I have already tested the theory with my laptop on my last visit - "ssh -R [DVR-PORT]:[DVR-LOCAL-IP]:[DVR-PORT] [uSER]@[VPS-IP]' worked perfectly, I was able to get the DVR through [VPS-IP]:[DVR-PORT]. So the hunt was on for the best linux device to use here, was originally thinking a Raspberry Pi but then the LAN Turtle was announced and looks a perfect match. It's just such a new item that I'm sure no one has really tested it at any major length in this type of capacity.

I was also wondering if the AutoSSH module could be easily modified to incorporate a local device forward like I am looking to achieve, if so I could easily see this device being used much more often in my installs.

To reiterate, I'm looking to maintain a persistent tunnel from a VPS through the LAN Turtle to a device on that LAN. [DVR]:1234 <-- [LAN Turtle] -- [Local Router NAT] -- [iSP NAT] -- [interwebs] --> [VPS]:1234

Link to comment
Share on other sites

@ recond

i already do this for my ip camera !!! also another handy thing to know on the turtle or the other device in your LAN running Linux (ie Kali) is (curl -s icanhazip.com) only if you havent got a static ip address of course !!!

P.S also take a look @ https://aws.amazon.com/ec2/ and foget paying for the year just use another account :wink: !!

Regards

Raz0r

Edited by raz0r
Link to comment
Share on other sites

Thanks Raz0r,

Are you doing this with a LAN Turtle or an existing linux device?

Thanks for the suggestion, $15/year USD that saves me from having to re-roll the VM every year is worth it for me. 1 Core @ 2.0GHz, 128MB of RAM, 15GB of storage and 500GBs of monthly download bandwidth - should be sufficient for SSH Tunneling.

Link to comment
Share on other sites

No currently I have my cubox-I which is running Kali Linux my personal set up with up to date kernel http://solid-run.com/wp-content/uploads/2015/07/cubox-i-02.png


Plugged in along with my LanTurtle, then from there my LanTurtle set with autossh to my VPS along with my remote ip camera which monitors my flat, therefore access to my home network from anywhere.


Happy days


Raz0r

Edited by raz0r
Link to comment
Share on other sites

I was able to get it going by modifying /etc/config/autossh in the lanturtle. I added a -p XXXX at the end with my non-standard port number and its working like a charm :D Woo!

option ssh '-i /root/.ssh/id_rsa -N -T -R 2222:localhost:22 telot@telotsmagicalvps.com -p 2023'

telot

Thank a lot telot :smile: I was having the same problem.

The settings does not save after rebooting the Turtle

Edited by Jmanuel
Link to comment
Share on other sites

Thanks Raz0r,

Are you doing this with a LAN Turtle or an existing linux device?

Thanks for the suggestion, $15/year USD that saves me from having to re-roll the VM every year is worth it for me. 1 Core @ 2.0GHz, 128MB of RAM, 15GB of storage and 500GBs of monthly download bandwidth - should be sufficient for SSH Tunneling.

Can you post the link to the service?

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...